Jump to content

Trojan Horse Dropper in Adobe Reader


Sha
 Share

Recommended Posts

Hi all, Yesterday I went out for a few hours and left a few browsers open. When I came home, all my browsers were gone. I tried to open Firefox but it didn't work. I then tried to open IE, AVG and every other icon on my desktop but none opened. I then restarted in safe mode and was able to perform scans with AVG, Malwarebytes and Spybot S&D. Malwarebytes didn't find anything. Spybot found TrojansC-05 and C-02 under 'Search - Explorer'. AVG found 'registry key with reference to infected file C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe. I was able to either heal or move these to the virus vault. I then updated, restarted in normal mode and all applications ran as per usual. I ran scans again this morning and 5 infected files were found during the scan. These have once again been moved to the vault. However, I don't feel like it is 100% clean as my computer is a bit slower than usual and music skips or jumps when I play it. I have attached the DDS and Attach files. DDS.txtAttach.txt Any help on this would be greatly appreciated. Cheers :)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Sasha Gilby at 18:32:10.45 on Mon 18/06/2012

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.1535.557 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\dgdersvc.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Weatherzone Tracker\weather_tracker.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Documents and Settings\Sasha Gilby\My Documents\Sasha\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>;*.local

mURLSearchHooks: H - No File

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Weather Tracker3] c:\program files\weatherzone tracker\weather_tracker.exe

uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\windows\installer\{70014586-7bba-4a92-a610-cdc896c48f8f}\NewShortcut1_1.exe

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194700741281

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: {3E763E93-5FB7-4F64-B8D8-637FF83B2C71} = 195.242.208.40

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sashag~1\applic~1\mozilla\firefox\profiles\ew3p7oej.default\

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6b5c1&v=7.005.030.004&i=23&tp=ab&iy=&ychte=au&lng=en-US&q=

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll

FF - plugin: c:\documents and settings\sasha gilby\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-8 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-11-5 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-8 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-8 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-8 297752]

R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-9-6 95568]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-1-14 217088]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-9-6 18120]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-1-14 36640]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 257224]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 167264]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-5 129976]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-1-14 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-1-14 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-1-14 121576]

=============== Created Last 30 ================

2012-06-14 10:08:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

==================== Find3M ====================

2012-06-12 08:55:06 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2005-10-06 23:17:34 280576 -c--a-w- c:\windows\inf\wg311v3\WG311v3XP.sys

2005-10-06 23:17:34 280576 -c--a-w- c:\windows\inf\wg311v3\WG311v3.sys

2005-03-01 19:16:42 212992 -c--a-w- c:\windows\inf\wg311v3\CopyWHQLDriver.exe

2007-06-11 11:22:16 8 -csh--r- c:\windows\system32\B0D02B64D7.sys

2007-07-10 12:23:13 1890 -csha-w- c:\windows\system32\KGyGaAvL.sys

2009-05-17 00:56:04 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051720090518\index.dat

============= FINISH: 18:34:06.45 ===============

Link to post
Share on other sites

Hello sha,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 6
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

Hi Maurice,

Thank you for your reply and your assistance, it is much appreciated.

I have done all you have asked and logs are as below:

Log.txt:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Sasha Gilby at 2012-06-21 18:41:34

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 13 GB (17%) free of 76 GB

Total RAM: 1535 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:42:10 PM, on 21/06/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe

C:\WINDOWS\system32\dgdersvc.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Weatherzone Tracker\weather_tracker.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Sasha Gilby\Desktop\Dropper\RSIT.exe

C:\Program Files\trend micro\Sasha Gilby.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Weather Tracker3] C:\Program Files\Weatherzone Tracker\weather_tracker.exe

O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194700741281

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71}: NameServer = 195.242.208.40

O17 - HKLM\System\CS1\Services\Tcpip\..\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71}: NameServer = 195.242.208.40

O17 - HKLM\System\CS2\Services\Tcpip\..\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71}: NameServer = 195.242.208.40

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

--

End of file - 11950 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Sasha Gilby\Application Data\Mozilla\Firefox\Profiles\ew3p7oej.default

prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, avg@igeared:7.005.030.004, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"

prefs.js - "keyword.URL" - "http://search.avg.com/route/?d=4cc6b5c1&v=7.005.030.004&i=23&tp=ab&iy=&ychte=au&lng=en-US&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"avg@igeared"=C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

"avg@toolbar"=C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.7\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.3.300.257 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]

"Description"=

"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]

"Description"=RealPlayer LiveConnect-Enabled Plug-In

"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]

"Description"=6.0.12.69

"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]

"Description"=

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

npdeployJava1.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

npqtplugin8.dll

QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

avg-secure-search.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Documents and Settings\Sasha Gilby\Application Data\Mozilla\Firefox\Profiles\ew3p7oej.default\extensions\

{20a82645-c095-46ed-80e3-08825760534b}

{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]

Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2012-04-20 241448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

AVG Security Toolbar - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll [2012-06-12 2068536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-22 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-13 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2012-04-20 696000]

{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll [2012-06-12 2068536]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-22 192112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-28 61952]

"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-08 716800]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-23 7700480]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-23 86016]

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2011-10-18 2042208]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-01 59240]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-01-16 421736]

"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-06-12 1104440]

"ROC_roc_dec12"=C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe [2012-02-16 928096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-13 68856]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2011-02-18 3877888]

"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2009-08-22 5148672]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

"Weather Tracker3"=C:\Program Files\Weatherzone Tracker\weather_tracker.exe [2009-07-17 2888403]

"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2010-10-27 3365176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

NETGEAR WG311v3 Smart Wizard.lnk - C:\WINDOWS\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe

C:\Documents and Settings\Sasha Gilby\Start Menu\Programs\Startup

ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-08-18 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=0x95000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe"="C:\Program Files\Ubisoft\THE SETTLERS - Rise of an Empire\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"

"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Java\jre6\bin\javaws.exe"="C:\Program Files\Java\jre6\bin\javaws.exe:*:Disabled:Java Web Start Launcher"

"C:\Documents and Settings\Sasha Gilby\Local Settings\Application Data\qnxwqtu\lnlyvx.exe"="C:\Documents and Settings\Sasha Gilby\Local Settings\Application Data\qnxwqtu\lnlyvx.exe:*:Disabled:lnlyvx"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"

"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"

"C:\Documents and Settings\Sasha Gilby\Desktop\WORMS2\START.EXE"="C:\Documents and Settings\Sasha Gilby\Desktop\WORMS2\START.EXE:*:Disabled:Worms 2 Frontend"

"C:\Team17\Worms2\frontend.exe"="C:\Team17\Worms2\frontend.exe:*:Disabled:Worms 2 Frontend"

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll

"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

"VIDC.DIVX"=divx.dll

"VIDC.XVID"=xvidvfw.dll

"VIDC.YV12"=yv12vfw.dll

"msacm.ac3acm"=ac3acm.acm

"msacm.lameacm"=lameACM.acm

"VIDC.FFDS"=ff_vfw.dll

"msacm.siren"=sirenacm.dll

"VIDC.MKVC"=KMVIDC32.DLL

======List of files/folders created in the last 1 month======

2012-06-21 18:41:35 ----D---- C:\Program Files\trend micro

2012-06-21 18:41:34 ----D---- C:\rsit

2012-06-17 21:03:43 ----A---- C:\WINDOWS\ntbtlog.txt

2012-06-14 22:56:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$

2012-06-14 22:49:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$

2012-06-14 22:46:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2709162$

2012-06-05 22:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$

======List of files/folders modified in the last 1 month======

2012-06-21 18:41:35 ----RD---- C:\Program Files

2012-06-21 18:41:25 ----D---- C:\WINDOWS\Prefetch

2012-06-21 18:38:53 ----D---- C:\WINDOWS\ERDNT

2012-06-21 18:38:38 ----D---- C:\Program Files\ERUNT

2012-06-21 17:54:08 ----D---- C:\Program Files\Mozilla Firefox

2012-06-21 17:52:23 ----D---- C:\WINDOWS\system32\drivers\Avg

2012-06-21 17:48:25 ----D---- C:\WINDOWS\Temp

2012-06-20 23:13:27 ----A---- C:\WINDOWS\SchedLgU.Txt

2012-06-18 17:24:07 ----D---- C:\WINDOWS\system32\drivers

2012-06-18 17:21:50 ----HD---- C:\$AVG8.VAULT$

2012-06-17 23:01:36 ----D---- C:\WINDOWS\system32\drivers\etc

2012-06-17 21:32:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2012-06-17 21:03:43 ----D---- C:\WINDOWS

2012-06-17 20:58:54 ----D---- C:\WINDOWS\system32\CatRoot2

2012-06-17 14:51:44 ----SHD---- C:\WINDOWS\Installer

2012-06-17 14:51:43 ----SHD---- C:\Config.Msi

2012-06-17 14:51:14 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2012-06-17 14:50:15 ----D---- C:\WINDOWS\system32

2012-06-15 19:49:04 ----D---- C:\WINDOWS\Microsoft.NET

2012-06-15 19:49:02 ----RSD---- C:\WINDOWS\assembly

2012-06-14 22:57:09 ----HD---- C:\WINDOWS\inf

2012-06-14 22:57:04 ----RSHDC---- C:\WINDOWS\system32\dllcache

2012-06-14 22:56:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2012-06-14 22:56:04 ----D---- C:\WINDOWS\WinSxS

2012-06-14 22:51:30 ----A---- C:\WINDOWS\system32\MRT.exe

2012-06-14 22:51:19 ----A---- C:\WINDOWS\imsins.BAK

2012-06-14 22:51:03 ----D---- C:\Program Files\Internet Explorer

2012-06-14 22:49:55 ----HD---- C:\WINDOWS\$hf_mig$

2012-06-12 17:53:12 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Secure Search

2012-06-12 17:53:10 ----D---- C:\Program Files\AVG Secure Search

2012-06-12 17:53:08 ----D---- C:\WINDOWS\system32\cache

2012-06-12 17:53:04 ----D---- C:\Program Files\Common Files\AVG Secure Search

2012-06-12 16:55:06 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2012-05-31 21:22:09 ----A---- C:\WINDOWS\system32\crypt32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-10 36352]

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-18 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-18 27784]

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-15 108552]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-09-17 278984]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-15 25416]

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-10-05 141312]

R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]

R3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2010-09-06 18120]

R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-23 3994624]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-06-29 57856]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-06-29 20480]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-18 5888]

R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-10-10 393088]

R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-05-10 42496]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 W8335XP;NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys [2005-10-07 280576]

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]

S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-28 145920]

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys []

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys []

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\ssadbus.sys [2010-07-20 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys [2010-07-20 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\WINDOWS\system32\DRIVERS\ssadmdm.sys [2010-07-20 121576]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-18 908056]

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-18 297752]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 dgdersvc;Device Error Recovery Service; C:\WINDOWS\system32\dgdersvc.exe [2010-09-06 95568]

R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2010-09-06 217088]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-23 159810]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 257224]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe [2011-11-10 167264]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-11-04 654848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-18 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 129976]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Link to post
Share on other sites

info.txt:

info.txt logfile of random's system information tool 1.09 2012-06-21 18:42:17

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}

Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}

Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}

Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}

Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}

Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}

Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}

Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe

Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}

Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}

Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}

Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}

Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}

Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}

Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}

Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -maintain plugin

Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}

Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}

Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}

Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}

Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe

Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}

Adobe Reader 9.5.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}

Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}

Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}

Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}

Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}

Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}

Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}

Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}

Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}

Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66}

Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9

AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

Caesar IV-->C:\Program Files\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\Setup.exe -runfromtemp -l0x0009 -removeonly

Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033

Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001AB29C-5468-4972-8D24-2EBDB2B12133}

Canon Camera Window DS for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6B8BDABA-6737-4998-AEE4-E218EDE5FC7A}

Canon Camera Window MC 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{89EB3ED7-225A-412E-B048-623D502C000F}

Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{68D27126-BF6A-457D-8DD0-5F35E8D41310}

Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{001EB665-D9EC-415E-9E13-AD2125B2B992}

Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Doremi FLV to MP3 Converter 1.6-->C:\Program Files\Doremisoft\DoremiSoft Flv to MP3 Converter\uninst.exe

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Heroes of Might and Magic II-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Heroes2\DeIsL1.isu"

High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033

iTunes-->MsiExec.exe /I{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}

Java 2 Runtime Environment, SE v1.4.2_15-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142150}

Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Kies-->"C:\Program Files\InstallShield Installation Information\{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}\Setup.exe" -runfromtemp -l0x0409 -removeonly

Kies-->MsiExec.exe /X{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}

K-Lite Mega Codec Pack 4.7.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWudf01009$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Mozilla Firefox 12.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 4.0-->MsiExec.exe /I{428102E6-8A39-48B9-8389-847F5A44A600}

MSXML 4.0-->MsiExec.exe /I{54BB0384-1C33-488F-A95B-877E480D3EDC}

MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}

NETGEAR WG311v3 PCI Adapter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{70014586-7BBA-4A92-A610-CDC896C48F8F}

NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI

OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}

Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"

OutlookAddInNet3Setup-->MsiExec.exe /I{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}

PC Connectivity Solution-->MsiExec.exe /I{089DD780-DB3F-4CDB-A0C2-111360247298}

PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}

QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}

Rainlendar2 (remove only)-->"C:\Program Files\Rainlendar2\uninst.exe"

SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2675157)-->"C:\WINDOWS\ie8updates\KB2675157-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2699988)-->"C:\WINDOWS\ie8updates\KB2699988-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2685939)-->"C:\WINDOWS\$NtUninstallKB2685939$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2695962)-->"C:\WINDOWS\$NtUninstallKB2695962$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2707511)-->"C:\WINDOWS\$NtUninstallKB2707511$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2709162)-->"C:\WINDOWS\$NtUninstallKB2709162$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Sims2Pack Clean Installer -->C:\Program Files\Sims2Pack Clean Installer\uninstall.exe

SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

THE SETTLERS - Rise of an Empire-->"C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x0009 -removeonly

The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe

The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe

The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe

The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe

The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe

The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe

The Sims™ 2 Celebration! Stuff-->C:\Program Files\EA GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe

The Sims™ 2 Kitchen & Bath Interior Design Stuff-->C:\Program Files\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\EAUninstall.exe

The Sims™ 2 Mansion and Garden Stuff-->C:\Program Files\EA GAMES\The Sims 2 Mansion and Garden Stuff\EAUninstall.exe

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"

Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"

Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"

Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"

Update for Windows XP (KB2616676-v2)-->"C:\WINDOWS\$NtUninstallKB2616676-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"

Update for Windows XP (KB2718704)-->"C:\WINDOWS\$NtUninstallKB2718704$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Weatherzone Tracker v2.04-->"C:\Program Files\Weatherzone Tracker\unins000.exe"

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Worms2-->C:\WINDOWS\IsUninst.exe -fC:\Team17\Worms2\Uninst.isu

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: SHA

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 00146CC32B1A. The following

error occurred:

The operation was canceled by the user.

.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.

Record Number: 73969

Source Name: Dhcp

Time Written: 20120512201053.000000+480

Event Type: warning

User:

Computer Name: SHA

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 00146CC32B1A. The following

error occurred:

The operation was canceled by the user.

.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.

Record Number: 73856

Source Name: Dhcp

Time Written: 20120511171239.000000+480

Event Type: warning

User:

Computer Name: SHA

Event Code: 20

Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Record Number: 73811

Source Name: Print

Time Written: 20120510211744.000000+480

Event Type: warning

User: NT AUTHORITY\SYSTEM

Computer Name: SHA

Event Code: 3

Message: Printer Microsoft Office Document Image Writer was deleted.

Record Number: 73810

Source Name: Print

Time Written: 20120510211742.000000+480

Event Type: warning

User: NT AUTHORITY\SYSTEM

Computer Name: SHA

Event Code: 4

Message: Printer Microsoft Office Document Image Writer is pending deletion.

Record Number: 73809

Source Name: Print

Time Written: 20120510211742.000000+480

Event Type: warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: SHA

Event Code: 1002

Message: Hanging application Photoshop.exe, version 10.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 2187

Source Name: Application Hang

Time Written: 20120123171636.000000+480

Event Type: error

User:

Computer Name: SHA

Event Code: 1002

Message: Hanging application Photoshop.exe, version 10.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 2186

Source Name: Application Hang

Time Written: 20120123171636.000000+480

Event Type: error

User:

Computer Name: SHA

Event Code: 1020

Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 2038

Source Name: ASP.NET 2.0.50727.0

Time Written: 20120111220758.000000+480

Event Type: warning

User:

Computer Name: SHA

Event Code: 1020

Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 1137

Source Name: ASP.NET 2.0.50727.0

Time Written: 20111013225001.000000+480

Event Type: warning

User:

Computer Name: SHA

Event Code: 1002

Message: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1080

Source Name: Application Hang

Time Written: 20111009131443.000000+480

Event Type: error

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=5f02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"asl.log"=Destination=file;OnFirstLog=command,environment

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Link to post
Share on other sites

Checkup.txt:

Results of screen317's Security Check version 0.99.42

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Free 8.5

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.61.0.1400

CCleaner

Java 6 Update 29

Java 2 Runtime Environment, SE v1.4.2_15

Java version out of Date!

Adobe Flash Player 11.3.300.257

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox 12.0 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 32% Defragment your hard drive soon!

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Bitdefender report:

QuickScan 32-bit v0.9.9.114

---------------------------

Scan date: Thu Jun 21 18:55:19 2012

Machine ID: A8DA4102

No infection found.

-------------------

Processes

---------

Rainlendar2 432 C:\Program Files\Rainlendar2\Rainlendar2.exe

Audio Control Panel 2204 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

AVG Internet Security 684 C:\Program Files\AVG\AVG8\avgcsrvx.exe

AVG Internet Security 220 C:\Program Files\AVG\AVG8\avgrsx.exe

AVG Internet Security 1264 C:\PROGRA~1\AVG\AVG8\avgemc.exe

AVG Internet Security 3796 C:\PROGRA~1\AVG\AVG8\avgnsx.exe

AVG Internet Security 3236 C:\PROGRA~1\AVG\AVG8\avgtray.exe

AVG Internet Security 1736 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

Bonjour 1760 C:\Program Files\Bonjour\mDNSResponder.exe

CwService 1868 C:\WINDOWS\system32\FsUsbExService.Exe

Device Error Recovery SDK 1808 C:\WINDOWS\system32\dgdersvc.exe

distnoted 2728 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

Firefox 3144 C:\Program Files\Mozilla Firefox\firefox.exe

Firefox 3748 C:\Program Files\Mozilla Firefox\plugin-container.exe

iTunes 228 C:\Program Files\iPod\bin\iPodService.exe

iTunes 2808 C:\Program Files\iTunes\iTunes.exe

iTunes 2516 C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE 6 U29 288 C:\Program Files\Java\jre6\bin\jqs.exe

Java Platform SE Auto Updater 2 0 3676 C:\Program Files\Common Files\Java\Java Update\jusched.exe

Kies TrayAgent 3232 C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

Microsoft® Windows® Operating System 1600 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 2704 C:\WINDOWS\system32\wscntfy.exe

MobileDeviceHelper 3280 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

MobileDeviceService 1712 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

NetgearCUv2 Application 1784 C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe

NetgearCUv2 Application 904 C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe

NetgearCUv2 Application 3860 C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

NVIDIA Driver Helper Service, Version 9 420 C:\WINDOWS\system32\nvsvc32.exe

QuickTime 2388 C:\Program Files\QuickTime\QTTask.exe

SMax4PNP Application 1252 C:\Program Files\Analog Devices\Core\smax4pnp.exe

TeaTimer.exe 2676 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

ToolbarU Application 248 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

VProtect Application 3000 C:\Program Files\AVG Secure Search\vprot.exe

weather_tracker.exe 2796 C:\Program Files\Weatherzone Tracker\weather_tracker.exe

Windows Live Messenger 3376 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

(verified) GoogleToolbarNotifier 3320 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Microsoft® Windows® Operating System 520 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 2276 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 736 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 3220 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 816 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 804 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 664 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 572 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1680 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1360 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1284 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1124 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1052 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 988 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 760 C:\WINDOWS\system32\winlogon.exe

(verified) Windows® Internet Explorer 2776 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 876 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process avgnsx.exe (3796) connected on port 80 (HTTP) --> 74.125.237.101

Process avgnsx.exe (3796) connected on port 80 (HTTP) --> 118.215.223.139

Process avgnsx.exe (3796) connected on port 80 (HTTP) --> 74.125.237.101

Process avgnsx.exe (3796) connected on port 80 (HTTP) --> 119.252.92.8

Process avgnsx.exe (3796) connected on port 80 (HTTP) --> 119.252.92.8

Process iexplore.exe (876) listens on ports: 2921

Process svchost.exe (1052) listens on ports: 135 (RPC)

Process iTunes.exe (2808) listens on ports: 3689 (iTunes)

Autoruns and critical files

---------------------------

Rainlendar2 C:\Program Files\Rainlendar2\Rainlendar2.exe

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Audio Control Panel C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

AUTOBACK.EXE C:\Program Files\ERUNT\AUTOBACK.EXE

AVG Internet Security C:\Program Files\AVG\AVG8\avgtray.exe

AVG Internet Security C:\WINDOWS\system32\avgrsstx.dll

iTunes C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe

Kies TrayAgent C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\HDAShCut.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\ssstars.scr

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll

NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll

nwiz.exe C:\WINDOWS\system32\nwiz.exe

QuickTime C:\Program Files\QuickTime\QTTask.exe

ROC_roc_dec12.exe C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe

SMax4PNP Application C:\Program Files\Analog Devices\Core\smax4pnp.exe

TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

VProtect Application C:\Program Files\AVG Secure Search\vprot.exe

weather_tracker.exe C:\Program Files\Weatherzone Tracker\weather_tracker.exe

Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

AVG Internet Security c:\program files\avg\avg8\avgssie.dll

AVG Secure Search c:\program files\avg secure search\11.1.0.7\avg secure search_toolbar.dll

AVG SiteSafety plugin C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll

Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx

Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx

Facebook Plugin C:\Documents and Settings\Sasha Gilby\Application Data\Facebook\npfbplugin_1_0_3.dll

Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll

Google Update C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

Grab Pro C:\Program Files\Orbitdownloader\GrabPro.dll

Java Deployment Toolkit 6.0.290.11 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

Java Platform SE 6 U29 c:\program files\java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

Java Platform SE 6 U29 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

NPSWF32_11_3_300_257.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll

Orbitcth c:\program files\orbitdownloader\orbitcth.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Internet Explorer\plugins\npqtplugin8.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

QuickTime Plug-in 7.7.1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll

sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

(verified) RealPlayer Version Plugin C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

(verified) RealPlayer G2 LiveConnect-Enabled P C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

Missing files

-------------

File not found: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Adobe Reader Speed Launcher"

Scan

----

MD5: 11783673be7b701e673366cc03a38d91 C:\Documents and Settings\Sasha Gilby\Application Data\Facebook\npfbplugin_1_0_3.dll

MD5: 956a64612d84f0ce40788c783b0f5be3 C:\Documents and Settings\Sasha Gilby\Local Settings\Temp\mProjector3565698728\File.3.1.1e.mfx

MD5: 0a8c31d62ca42f44a43f04992c94b5d0 C:\Documents and Settings\Sasha Gilby\Local Settings\Temp\mProjector3565698728\Flash6MovieV2.3.1.1e.mvx

MD5: 99f80ca1ebe95677668f54cac6f4ad6d C:\Documents and Settings\Sasha Gilby\Local Settings\Temp\mProjector3565698728\FlashPlayer.3.1.1e.ocx

MD5: a156ba848ca29e2787c491ece147d630 C:\Documents and Settings\Sasha Gilby\Local Settings\Temp\mProjector3565698728\mPlayer.3.1.1e.dll

MD5: 1c04c1968aaa760458f4ee9042f57b40 C:\Documents and Settings\Sasha Gilby\Local Settings\Temp\mProjector3565698728\Registry.3.1.1e.mfx

MD5: a6ea12de7903f46b0d3142b1186bf142 C:\Documents and Settings\Sasha Gilby\Local Settings\Temp\mProjector3565698728\System.3.1.1e.mfx

MD5: e0ad06be7dbec6ef843711e97080549a C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

MD5: 115332a83ac2726fa974d30db4bfd8de C:\Program Files\Analog Devices\Core\smax4pnp.exe

MD5: 0af32313f692e894f8e1b5b98956ba24 C:\Program Files\Analog Devices\Core\SMWDMIF.dll

MD5: f2c53b16fefd00dc79a15871a5738573 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe

MD5: a3be8dddf02718a88b9e2aa7883c0386 c:\program files\avg secure search\11.1.0.7\avg secure search_toolbar.dll

MD5: c1c525f57ea2c077efbd13a3ad06bcfd C:\Program Files\AVG Secure Search\iGearedHelper.dll

MD5: d29046dc1d22561f3ce08dac22bbb17b C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe

MD5: e3a45b096b68a255c814a94e6208b5c5 C:\Program Files\AVG Secure Search\vprot.exe

MD5: df53d3b6c154c94d89102e81e600f906 C:\Program Files\AVG\AVG8\avgtray.exe

MD5: 88dc708cfc7173465ae7ff26b3d0affb C:\Program Files\AVG\AVG8\avgwd.dll

MD5: 25ba2b1efef67f89a1d35b38a56e05e1 C:\Program Files\AVG\AVG8\avgxpl.dll

MD5: d45b7995761253a92ab071d576114f28 C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe

MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll

MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe

MD5: c47f17aa10348d7f8cf2f8b8f04ff0b8 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 885ba7ae8f650e7d7bcb5b966e00ddce C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: 83151cce7c35471d192d8327e3ce6d9c C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: 2f9bc257e314003ff0c332583c4f36c8 C:\Program Files\Common Files\Apple\Apple Application Support\ApplePushService.dll

MD5: 1f3ff6c062b311fe410ec89f6bfac213 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

MD5: 49c9bcd63390b14c7b14f56dad8daa7d C:\Program Files\Common Files\Apple\Apple Application Support\AVFoundationCF.dll

MD5: 5d76c8cc87d0efbe0b4a3bef6b67ebf0 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll

MD5: 6183b5113169081b986f5841ef73d489 C:\Program Files\Common Files\Apple\Apple Application Support\CoreAudioToolbox.dll

MD5: 6fe3e3a215e55c76a811b9b56a5aeb09 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: e055b583c291fa8153087295144fc89f C:\Program Files\Common Files\Apple\Apple Application Support\CoreGraphics.dll

MD5: 7ae27dc9c6a4c7caacd18a5721e98618 C:\Program Files\Common Files\Apple\Apple Application Support\CoreMedia.dll

MD5: 9211b90cd39502caba4f9b32d9084785 C:\Program Files\Common Files\Apple\Apple Application Support\CoreVideo.dll

MD5: 7539d96a5ae8a59dab8c024a7f820514 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

MD5: 126f34ac5d9e681d06499eec0dd6679e C:\Program Files\Common Files\Apple\Apple Application Support\Foundation.dll

MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll

MD5: ff3fdae555c8b67857c677fd2e1b542c C:\Program Files\Common Files\Apple\Apple Application Support\JavaScriptCore.dll

MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll

MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll

MD5: 9b290e80e819ba56a8ec7b07249b7865 C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll

MD5: 5e33c164dc7fa74728d8a83036c438bb C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MD5: 74573bd40fde60be4010941a735383c2 C:\Program Files\Common Files\Apple\Apple Application Support\MediaToolbox.dll

MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll

MD5: e164b0ed457403a44365adb5573970dd C:\Program Files\Common Files\Apple\Apple Application Support\QuartzCore.dll

MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll

MD5: f32811d226c2eab53e4337d2d26b4d69 C:\Program Files\Common Files\Apple\Apple Application Support\VideoToolbox.dll

MD5: 6a3099d942d393820a36449a054f9862 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll

MD5: edd5e0b248f0ab292a06ee6f1213a2e4 C:\Program Files\Common Files\Apple\Apple Application Support\WebKitQuartzCoreAdditions.dll

MD5: 2503287bd19ae52e36e9de42834a2ac0 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll

MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MD5: ca84c2931bd2da278be015fbce5661c3 C:\Program Files\Common Files\Apple\CoreFP\CoreFP.dll

MD5: 031d7d9d76180bb7e8f80b2ee74289ef C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

MD5: 292d767a51333eb202d3e2f04f9d21e5 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper_main.dll

MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: 6cceffca0f4a24f7edeeb3f012146d86 C:\Program Files\Common Files\Apple\Mobile Device Support\DeviceLink.dll

MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll

MD5: f12dae7dae01687e329129e71c12b936 C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices.dll

MD5: 41ad454888c7bb4afb3e2f919d21b236 C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll

MD5: 39019b19c95e78dd2d01fa0e98721122 C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll

MD5: 5fa45791413acce628d5361458f32dde C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

MD5: 6e3245df783e58375b3465f03274743e C:\Program Files\Common Files\Java\Java Update\jusched.exe

MD5: 81f63a7037e2815b771646ce44884800 C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll

MD5: 219064ee1addebe69d969e54e6a54578 C:\Program Files\Common Files\SpeechEngines\Microsoft\spcommon.dll

MD5: d5c97349855db59fb88c236278391d3a C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033\spttseng.dll

MD5: e00de20f0f6bed5cd2160247ddc9443b C:\Program Files\ERUNT\AUTOBACK.EXE

MD5: 5b97ab550022b2783894c558fa2e1310 c:\program files\google\google toolbar\googletoolbar_32.dll

MD5: e460233208906ecc0e8f057b25562f13 C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\gtn.dll

MD5: ab3668c159e1cfea184f72650bd66807 C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

MD5: a350f4ae2450eb11d621ba0f54966e30 C:\Program Files\Internet Explorer\ieproxy.dll

MD5: 3ca2dfd1ee857cde7dccf4235f52d142 C:\Program Files\Internet Explorer\pdm.dll

MD5: e0ad06be7dbec6ef843711e97080549a C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Internet Explorer\plugins\npqtplugin8.dll

MD5: 5a7e7d3eea5c5c497f4b008a9f869026 C:\Program Files\Internet Explorer\xpshims.dll

MD5: 49918803b661367023bf325cf602afdc C:\Program Files\iPod\bin\iPodService.exe

MD5: a0b7fc085b98dbbc995f6b35cb50280f C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL

MD5: 9b7c7a89c8bec0a8df3dbef3291b2cf7 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL

MD5: de95378a999e333c7b0f00e9f0967da2 C:\Program Files\iTunes\GNSDK_DSP.DLL

MD5: 0657da79adcac2e30c4a8f4ba454b200 C:\Program Files\iTunes\GNSDK_MUSICID.DLL

MD5: fd494fdadf170175d6ad33671c42846e C:\Program Files\iTunes\GNSDK_SDKMANAGER.DLL

MD5: b9539f97648861223d20f929808e5fa4 C:\Program Files\iTunes\GNSDK_SUBMIT.DLL

MD5: 9a4ef0946cd8c48b50c7efe98a27f8e9 C:\Program Files\iTunes\iTunes.dll

MD5: 5e817f27870c2b41c5b1c53172ba6180 C:\Program Files\iTunes\iTunes.exe

MD5: 823aac80822289f567b2817d63645e99 C:\Program Files\iTunes\iTunes.Resources\en.lproj\iTunesLocalized.DLL

MD5: 47a17a9ecd71385ef8b2d660194abc51 C:\Program Files\iTunes\iTunes.Resources\iTunes.DLL

MD5: 08d1c8cd02c5702e6a24b1b5685abd4d C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.DLL

MD5: e4ce6c4ae730e0ec87fc5da4cd1946ad C:\Program Files\iTunes\iTunesHelper.dll

MD5: 0dcac41eb58a45049bd7ff665c32d5f4 C:\Program Files\iTunes\iTunesHelper.exe

MD5: e7be61eb1bde3921ff0cdd24f1535332 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 93a67ad03fd9c2286a4a5ad9a67f381a C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

MD5: dc365b6e595683f67bc21a203432e336 c:\program files\java\jre6\bin\jp2ssv.dll

MD5: 381b25dc8e958d905b33130d500bbf29 C:\Program Files\Java\jre6\bin\jqs.exe

MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

MD5: e3a7850421a4ab8b15fc174eb587bc6b c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: 711a2e6a55ec7bfd59b5f649d58b704b c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

MD5: 76e47408f544b70a0de4590f7bf8ac77 C:\Program Files\Mozilla Firefox\components\browsercomps.dll

MD5: d3c0837346c49095b8af9ef54ad7e90a C:\Program Files\Mozilla Firefox\firefox.exe

MD5: ae383d208b896d17c5201d1f156353cb C:\Program Files\Mozilla Firefox\freebl3.dll

MD5: 3551fb8621274bc451356eff70ecc2dc C:\Program Files\Mozilla Firefox\gkmedias.dll

MD5: 16c1297d836ad87a53dd6ab69bc7b570 C:\Program Files\Mozilla Firefox\mozalloc.dll

MD5: 3de755a30d131be8671a638d5c0e898d C:\Program Files\Mozilla Firefox\mozglue.dll

MD5: a013b3ad1626c27fdccbe27f9eac3d7a C:\Program Files\Mozilla Firefox\mozjs.dll

MD5: c09ac580bf42e84b0cb3f2fa73382fef C:\Program Files\Mozilla Firefox\mozsqlite3.dll

MD5: 03e9314004f504a14a61c3d364b62f66 C:\Program Files\Mozilla Firefox\MSVCP100.dll

MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Mozilla Firefox\MSVCR100.dll

MD5: a0f448a3aedad420b13866355f538b61 C:\Program Files\Mozilla Firefox\nspr4.dll

MD5: 9f58b16676ff68ab0ffc618078f83725 C:\Program Files\Mozilla Firefox\nss3.dll

MD5: 2cc8aa20e1132b362daac938098a7d2e C:\Program Files\Mozilla Firefox\nssckbi.dll

MD5: 3e4fc76314f0dd59946552d0b19bcc2b C:\Program Files\Mozilla Firefox\nssdbm3.dll

MD5: 06d12d2cc88f7c6228f28bac0aa9b716 C:\Program Files\Mozilla Firefox\nssutil3.dll

MD5: a4c78c8ba7afc2b5c7b4581e8796c63d C:\Program Files\Mozilla Firefox\plc4.dll

MD5: 346644d82e19dada9934504025bfa5cb C:\Program Files\Mozilla Firefox\plds4.dll

MD5: 41623176fef9df3c113eaadadbb5fb42 C:\Program Files\Mozilla Firefox\plugin-container.exe

MD5: 47aff25b68ce4885fec6cfdef8febb5c C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

MD5: e0ad06be7dbec6ef843711e97080549a C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll

MD5: 62593d2afec7c88a61c0858c9c4e6c6e C:\Program Files\Mozilla Firefox\smime3.dll

MD5: 8ea5e15de69c2acb292b1d48f00de031 C:\Program Files\Mozilla Firefox\softokn3.dll

MD5: 11e885d7336bd50f3abbf0e3a5fde894 C:\Program Files\Mozilla Firefox\ssl3.dll

MD5: 6d1a6c5a5d05d230c9d90c77f1a48ac2 C:\Program Files\Mozilla Firefox\xpcom.dll

MD5: 86f963944a1badd1cfbc66f54e7583f1 C:\Program Files\Mozilla Firefox\xul.dll

MD5: 15d5398eed42c2504bb3d4fc875c15d1 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

MD5: 3a42d0b282e2e77bb0ae744f38d1e19d C:\Program Files\NETGEAR\WG311v3\AutoLinkLib.dll

MD5: adb6233be83e049d3831de09f1aa7dde C:\Program Files\NETGEAR\WG311v3\DNSAPI.dll

MD5: 2241b7da7259258cdcfc6d7e10c873f6 C:\Program Files\NETGEAR\WG311v3\Mrv8000x.dll

MD5: cb21d826d9c39aed19dd431c1880f5de C:\Program Files\NETGEAR\WG311v3\MSVCP60.dll

MD5: 39611ab3dbb77e642c34f7d059a268e1 C:\Program Files\NETGEAR\WG311v3\odSupp_M.dll

MD5: b0136786e9007fdf765126329787b454 C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe

MD5: b0136786e9007fdf765126329787b454 C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

MD5: 275b68a6752431ce56ec832f3e79caa9 C:\Program Files\NETGEAR\WG311v3\WlanDll.dll

MD5: 0581b85449ec91d1a62d5ad6679d4b69 C:\Program Files\Orbitdownloader\GrabKernel.dll

MD5: a1dc47dc80208724eebe1d0a59a9c59b C:\Program Files\Orbitdownloader\GrabPro.dll

MD5: 3f58187898dba479fd32d29ff7fc2e75 c:\program files\orbitdownloader\orbitcth.dll

MD5: 697d59591bfc78a0d054f0753231151b C:\Program Files\Orbitdownloader\winfile.dll

MD5: 2d841b7b7f6dec32162edfcc69d61f42 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

MD5: 8b4202ecc10d4868476fc0d62c3c0dcd C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx

MD5: b4128e08c7fcb87f18c110728f326b88 C:\Program Files\QuickTime\QTSystem\QTCF.dll

MD5: e58ce86d472613a7b8b76a5b9efe51e5 C:\Program Files\QuickTime\QTSystem\QuickTime.qts

MD5: 29a6de9708f86cf5213890b0999b8f6f C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx

MD5: f25e5e8e54b8b66f1adf931e7540c6f1 C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx

MD5: f7b437e5c2325ffd0277775415db74c6 C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx

MD5: d35d47479d7697a4ecd62d586e45da7d C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx

MD5: 5eb3889c5456fe592caea9ca90e43c45 C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx

MD5: e54453e9db76979c3008a59316fe53cf C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx

MD5: 0e23252e5ae79967ce04eccdda405d81 C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx

MD5: ac8f76f0598cbc24158537342be7b067 C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx

MD5: 3c82c80920050798882882cbf3efd890 C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx

MD5: df5a141d3db468207b6b70b2ad122df1 C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx

MD5: 385ec86178a37edec44717a86a89783e C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx

MD5: 46c62c86c5b96a8fc0eea6c7c027e55d C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx

MD5: 4b7bdf1690a7468aded10836ee6b5825 C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx

MD5: 418edb0df655f2152ca9d9855e8500bc C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx

MD5: 5891edf65ef6396306958e80cc2e9f26 C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx

MD5: a6660592449f734ee731aca01bf06150 C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx

MD5: 7a29400b93a74bf55ea14e8164abc788 C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx

MD5: b68b7f53f6c7d4705e7f0b8fd4a57e9a C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx

MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files\QuickTime\QTTask.exe

MD5: 6b573665742f856b0b9f6c1491dc548d C:\Program Files\Rainlendar2\lfs.dll

MD5: fc3235064d4b19910930512d47d6e947 C:\Program Files\Rainlendar2\libcurl.dll

MD5: aaf99ba73e239c9119dc3c3da1a8eeed C:\Program Files\Rainlendar2\LIBEAY32.dll

MD5: 010ca1ba52b7608e4fec2fe02a7e11a8 C:\Program Files\Rainlendar2\lua51.dll

MD5: 966fe4f82237e86cf541ba4db389b367 C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll

MD5: 98635ded2d7d265110fc861abd75c344 C:\Program Files\Rainlendar2\Rainlendar2.exe

MD5: e7a8309150177c01738407fc2a1915c3 C:\Program Files\Rainlendar2\SSLEAY32.dll

MD5: 952a224b34bab4517d18087589ff2aba C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

MD5: 4048115ca3cdd87b59bf2eabc2b52204 C:\Program Files\Weatherzone Tracker\weather_tracker.exe

MD5: 488052996d1278dab0f2c7dcbe51ef46 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

MD5: f11fe030158f8ef14a56a3ea9e9bd47d C:\Program Files\WinRAR\rarext.dll

MD5: df53d3b6c154c94d89102e81e600f906 C:\PROGRA~1\AVG\AVG8\avgtray.exe

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 2a8c7ca8b40ca320bf88d0ff92da7cf8 C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: 64416c6e07606720c1ece6dd374bdffd C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll

MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll

MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll

MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL

MD5: 367465dd8e2bffe4c5477c86c8217e8c C:\WINDOWS\system32\dgderapi.dll

MD5: 10b8f89d146d0e20b1284d47bb4ec6c9 C:\WINDOWS\system32\dgdersvc.exe

MD5: 1bd976dd77b31fe0f25708ad5c1351ae C:\WINDOWS\system32\DIFXAPI.dll

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 062373995eae5f0eac9eaa9192136bfb C:\WINDOWS\system32\dnssd.dll

MD5: d392183cc5379e302e50ceba635248eb C:\WINDOWS\system32\drivers\ADIHdAud.sys

MD5: 9f59ae2de835641fbb0c6afd80d8fa9b C:\WINDOWS\system32\drivers\AEAudio.sys

MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys

MD5: 59301936898ae62245a6f09c0aba9475 C:\WINDOWS\system32\DRIVERS\AmdK8.sys

MD5: 3c4b9850a2631c2263507400d029057b C:\WINDOWS\system32\DRIVERS\atksgt.sys

MD5: 92d8e1e8502e649b60e70074eb29c380 C:\WINDOWS\System32\Drivers\avgtdix.sys

MD5: 3be1651c63954067940e7f473498ad70 C:\WINDOWS\System32\drivers\dgderdrv.sys

MD5: f58d2900c66a1e773e3375098e0e9337 C:\WINDOWS\system32\drivers\HdAudio.sys

MD5: 4127e8b6ddb4090e815c1f8852c277d3 C:\WINDOWS\system32\DRIVERS\lirsgt.sys

MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys

MD5: ba1b732c1a70cfea0c1b64f2850bf44f C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

MD5: 75da3510f311db3ba72378352ef848be C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

MD5: 84c71701fcea84d7f03e61039fe41b4a C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

MD5: fd2041e9ba03db7764b2248f02475079 C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

MD5: f22e6dd1d2cf71b77119eead1b3fc79d C:\WINDOWS\system32\drivers\Senfilt.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: 6d83ff6722baf7e82a4521dbec363e5a C:\WINDOWS\system32\DRIVERS\ssadbus.sys

MD5: 5ae42e90f99749e0e35b9989a2d0275c C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

MD5: 9285d8aba50a4d6482b1574448f9eb76 C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

MD5: 83cafcb53201bbac04d822f32438e244 C:\WINDOWS\System32\Drivers\usbaapl.sys

MD5: 7455b3c11a1d6a844b53febdb58646e9 C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys

MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll

MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS\system32\feclient.dll

MD5: b07663a810e861eebfd0eac7e82ca62d C:\WINDOWS\system32\FsUsbExDisk.SYS

MD5: f96c429788350db4ba6771c3034dfd88 C:\WINDOWS\system32\FsUsbExService.Exe

MD5: 21c8a24455fdafc9d6d8bcd38d62b10b C:\WINDOWS\system32\HDAShCut.exe

MD5: 3618313f7dfb605571a48fcf55d7868f C:\WINDOWS\system32\ieframe.dll

MD5: d9ee4442a74dd7d65d1bcfff4e37be96 C:\WINDOWS\system32\iepeers.dll

MD5: ad850c33a8ac45cf66574e62d1645272 C:\WINDOWS\system32\iertutil.dll

MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll

MD5: 57aa18b2896055e8cb269b19dd85e7f3 C:\WINDOWS\system32\inetcomm.dll

MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll

MD5: c0ba72929738685dbd714907733f2335 C:\WINDOWS\system32\jsproxy.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: f3cd7b20b27d1772c946df993ff3635c C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

MD5: c25b91466d8c383299e9e2023f8f7a5a C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll

MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL

MD5: f6f2bfc17069eb335acceef7595f9302 C:\WINDOWS\system32\MFC42u.DLL

MD5: 415cea6eafa521f0a3b3d9ebf5fe546b C:\WINDOWS\system32\MrvGINA.dll

MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime

MD5: 3d811bf538d6f359735d757c94f484b6 C:\WINDOWS\system32\msdbg2.dll

MD5: fdf8cf2cb78754d634d6228e12d65aa2 C:\WINDOWS\system32\msfeeds.dll

MD5: 886b62a906b3967cbbf0fd2c833a30bf C:\WINDOWS\system32\mshtml.dll

MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: a007278ec9d59216274dd0154ff0bbaa C:\WINDOWS\system32\nvapi.dll

MD5: c1ea489dd8b5e57b03e2fd5a1500621b C:\WINDOWS\system32\NvCpl.dll

MD5: 1ff171fbaf6e5a29c07b1f8d318b607a C:\WINDOWS\system32\NvMcTray.dll

MD5: 0febe37db6650faa5965c00545009d1d C:\WINDOWS\system32\nvsvc32.exe

MD5: 0294e2a5e89bf786f24a9cc2fd753191 C:\WINDOWS\system32\nwiz.exe

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll

MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\oleacc.dll

MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll

MD5: 34ffb6aba2da398bb33422e1e9275ba9 C:\WINDOWS\system32\quartz.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: ff257ccca321cd2a697bb5ca38c9ec87 C:\WINDOWS\system32\SCARDDLG.dll

MD5: a645a78fcdabad67067324d7e6cd9f79 C:\WINDOWS\system32\schannel.dll

MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll

MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll

MD5: 0e3605a5e7c23f1139c5c448e1eaf494 C:\WINDOWS\system32\shimgvw.dll

MD5: 29b6a85a733abe65b371023f790b2599 C:\WINDOWS\system32\shmedia.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: 200c3f8e80b72b63558b3bc47a6807a0 C:\WINDOWS\system32\slbcsp.dll

MD5: 421b2f81cbb65f94a70a3316c7be0e7c C:\WINDOWS\system32\SlbIop.dll

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: 86984e591641191236033d2a4d80ed56 C:\WINDOWS\system32\ssstars.scr

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll

MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\t2embed.dll

MD5: fdf44991cb9a33c901ffcbdf19ce95be C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll

MD5: 6b1774334e2975aa60596e54f5ea1430 C:\WINDOWS\system32\WININET.dll

MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll

MD5: 95f5c420e9bdd4c3569602911420a774 C:\WINDOWS\system32\WINTRUST.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80.DLL

MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80U.DLL

MD5: 28a09777d2d952122567a8a82f1a2c7b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll

No file uploaded.

Scan finished - communication took 6 sec

Total traffic - 0.01 MB sent, 1.22 KB recvd

Scanned 780 files and modules - 70 seconds

==============================================================================

Link to post
Share on other sites

Rogue Killer log:

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Sasha Gilby [Admin rights]

Mode: Scan -- Date: 06/21/2012 18:58:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71} : NameServer (195.242.208.40) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71} : NameServer (195.242.208.40) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800JD-22MSA1 +++++

--- User ---

[MBR] 5f426c0572073d7237873973cb24ba4d

[bSP] b01414c07720749cd4e923148626ee4f : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Disable Spybot's Tea Timer, otherwise it will interfere with any fixes.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

Step 2

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Double-Click RogueKiller to start it.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab if shown.
  • Then press the Delete button.
  • Next, click the DNS tab, and then click on the DNS Fix button
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 3

Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder

http://support.kaspe.../tdsskiller.exe

and be sure to SAVE it in this folder --> C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4

Please read carefully and follow these steps.

  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.

Link to post
Share on other sites

RogueKiller log:

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Sasha Gilby [Admin rights]

Mode: DNSFix -- Date: 06/22/2012 17:21:25

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71} : NameServer (195.242.208.40) -> REPLACED ()

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{3E763E93-5FB7-4F64-B8D8-637FF83B2C71} : NameServer (195.242.208.40) -> REPLACED ()

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

TDSSKiller log:

17:27:24.0500 2788 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

17:27:25.0531 2788 ============================================================

17:27:25.0531 2788 Current date / time: 2012/06/22 17:27:25.0531

17:27:25.0531 2788 SystemInfo:

17:27:25.0531 2788

17:27:25.0531 2788 OS Version: 5.1.2600 ServicePack: 3.0

17:27:25.0531 2788 Product type: Workstation

17:27:25.0531 2788 ComputerName: SHA

17:27:25.0531 2788 Windows directory: C:\WINDOWS

17:27:25.0531 2788 System windows directory: C:\WINDOWS

17:27:25.0531 2788 Processor architecture: Intel x86

17:27:25.0531 2788 Number of processors: 1

17:27:25.0531 2788 Page size: 0x1000

17:27:25.0531 2788 Boot type: Normal boot

17:27:25.0531 2788 ============================================================

17:27:27.0265 2788 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

17:27:27.0265 2788 ============================================================

17:27:27.0265 2788 \Device\Harddisk0\DR0:

17:27:27.0265 2788 MBR partitions:

17:27:27.0265 2788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482

17:27:27.0265 2788 ============================================================

17:27:27.0562 2788 C: <-> \Device\Harddisk0\DR0\Partition0

17:27:27.0562 2788 ============================================================

17:27:27.0562 2788 Initialize success

17:27:27.0562 2788 ============================================================

17:27:45.0703 2080 ============================================================

17:27:45.0703 2080 Scan started

17:27:45.0703 2080 Mode: Manual;

17:27:45.0703 2080 ============================================================

17:27:45.0937 2080 Abiosdsk - ok

17:27:45.0937 2080 abp480n5 - ok

17:27:46.0000 2080 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:27:46.0000 2080 ACPI - ok

17:27:46.0046 2080 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:27:46.0062 2080 ACPIEC - ok

17:27:46.0109 2080 ADIHdAudAddService (d392183cc5379e302e50ceba635248eb) C:\WINDOWS\system32\drivers\ADIHdAud.sys

17:27:46.0109 2080 ADIHdAudAddService - ok

17:27:46.0187 2080 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

17:27:46.0234 2080 AdobeFlashPlayerUpdateSvc - ok

17:27:46.0250 2080 adpu160m - ok

17:27:46.0265 2080 AEAudioService (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\AEAudio.sys

17:27:46.0265 2080 AEAudioService - ok

17:27:46.0312 2080 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:27:46.0328 2080 aec - ok

17:27:46.0375 2080 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:27:46.0375 2080 AFD - ok

17:27:46.0375 2080 Aha154x - ok

17:27:46.0390 2080 aic78u2 - ok

17:27:46.0406 2080 aic78xx - ok

17:27:46.0437 2080 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

17:27:46.0437 2080 Alerter - ok

17:27:46.0468 2080 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

17:27:46.0468 2080 ALG - ok

17:27:46.0484 2080 AliIde - ok

17:27:46.0500 2080 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

17:27:46.0500 2080 AmdK8 - ok

17:27:46.0500 2080 amsint - ok

17:27:46.0625 2080 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

17:27:46.0640 2080 Apple Mobile Device - ok

17:27:46.0640 2080 AppMgmt - ok

17:27:46.0656 2080 asc - ok

17:27:46.0656 2080 asc3350p - ok

17:27:46.0671 2080 asc3550 - ok

17:27:46.0765 2080 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

17:27:46.0796 2080 aspnet_state - ok

17:27:46.0843 2080 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:27:46.0843 2080 AsyncMac - ok

17:27:46.0875 2080 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:27:46.0875 2080 atapi - ok

17:27:46.0890 2080 Atdisk - ok

17:27:46.0953 2080 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys

17:27:46.0968 2080 atksgt - ok

17:27:47.0000 2080 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:27:47.0000 2080 Atmarpc - ok

17:27:47.0062 2080 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

17:27:47.0062 2080 AudioSrv - ok

17:27:47.0109 2080 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:27:47.0109 2080 audstub - ok

17:27:47.0234 2080 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe

17:27:47.0250 2080 AVG Security Toolbar Service - ok

17:27:47.0312 2080 avg8emc (b9ae3c63a53396cd669ef8ae9c9cbd85) C:\PROGRA~1\AVG\AVG8\avgemc.exe

17:27:47.0343 2080 avg8emc - ok

17:27:47.0406 2080 avg8wd (db338a6bd3976904eb0f8343f51e64eb) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

17:27:47.0421 2080 avg8wd - ok

17:27:47.0484 2080 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

17:27:47.0484 2080 AvgLdx86 - ok

17:27:47.0531 2080 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

17:27:47.0531 2080 AvgMfx86 - ok

17:27:47.0578 2080 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys

17:27:47.0578 2080 AvgTdiX - ok

17:27:47.0625 2080 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:27:47.0625 2080 Beep - ok

17:27:47.0687 2080 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

17:27:47.0765 2080 BITS - ok

17:27:47.0859 2080 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

17:27:47.0875 2080 Bonjour Service - ok

17:27:47.0921 2080 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

17:27:47.0921 2080 Browser - ok

17:27:47.0968 2080 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:27:47.0968 2080 cbidf2k - ok

17:27:47.0984 2080 cd20xrnt - ok

17:27:48.0031 2080 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:27:48.0031 2080 Cdaudio - ok

17:27:48.0078 2080 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:27:48.0078 2080 Cdfs - ok

17:27:48.0093 2080 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:27:48.0109 2080 Cdrom - ok

17:27:48.0109 2080 Changer - ok

17:27:48.0156 2080 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

17:27:48.0156 2080 CiSvc - ok

17:27:48.0187 2080 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

17:27:48.0187 2080 ClipSrv - ok

17:27:48.0281 2080 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:27:48.0343 2080 clr_optimization_v2.0.50727_32 - ok

17:27:48.0359 2080 CmdIde - ok

17:27:48.0359 2080 COMSysApp - ok

17:27:48.0375 2080 Cpqarray - ok

17:27:48.0421 2080 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

17:27:48.0421 2080 CryptSvc - ok

17:27:48.0421 2080 dac2w2k - ok

17:27:48.0437 2080 dac960nt - ok

17:27:48.0500 2080 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

17:27:48.0500 2080 DcomLaunch - ok

17:27:48.0546 2080 dgderdrv (3be1651c63954067940e7f473498ad70) C:\WINDOWS\system32\drivers\dgderdrv.sys

17:27:48.0546 2080 dgderdrv - ok

17:27:48.0609 2080 dgdersvc (10b8f89d146d0e20b1284d47bb4ec6c9) C:\WINDOWS\system32\dgdersvc.exe

17:27:48.0609 2080 dgdersvc - ok

17:27:48.0656 2080 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

17:27:48.0656 2080 Dhcp - ok

17:27:48.0687 2080 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:27:48.0703 2080 Disk - ok

17:27:48.0703 2080 dmadmin - ok

17:27:48.0765 2080 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

17:27:48.0796 2080 dmboot - ok

17:27:48.0828 2080 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

17:27:48.0843 2080 dmio - ok

17:27:48.0859 2080 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:27:48.0875 2080 dmload - ok

17:27:48.0906 2080 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

17:27:48.0906 2080 dmserver - ok

17:27:48.0937 2080 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:27:48.0937 2080 DMusic - ok

17:27:48.0968 2080 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

17:27:48.0968 2080 Dnscache - ok

17:27:49.0031 2080 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

17:27:49.0031 2080 Dot3svc - ok

17:27:49.0046 2080 dpti2o - ok

17:27:49.0062 2080 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:27:49.0062 2080 drmkaud - ok

17:27:49.0109 2080 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

17:27:49.0109 2080 EapHost - ok

17:27:49.0156 2080 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

17:27:49.0156 2080 ERSvc - ok

17:27:49.0203 2080 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

17:27:49.0203 2080 Eventlog - ok

17:27:49.0281 2080 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

17:27:49.0281 2080 EventSystem - ok

17:27:49.0328 2080 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:27:49.0328 2080 Fastfat - ok

17:27:49.0390 2080 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:27:49.0390 2080 FastUserSwitchingCompatibility - ok

17:27:49.0406 2080 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

17:27:49.0406 2080 Fdc - ok

17:27:49.0421 2080 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

17:27:49.0421 2080 Fips - ok

17:27:49.0546 2080 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

17:27:49.0609 2080 FLEXnet Licensing Service - ok

17:27:49.0656 2080 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

17:27:49.0656 2080 Flpydisk - ok

17:27:49.0703 2080 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:27:49.0703 2080 FltMgr - ok

17:27:49.0859 2080 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

17:27:49.0859 2080 FontCache3.0.0.0 - ok

17:27:49.0921 2080 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS

17:27:49.0921 2080 FsUsbExDisk - ok

17:27:49.0984 2080 FsUsbExService (f96c429788350db4ba6771c3034dfd88) C:\WINDOWS\system32\FsUsbExService.Exe

17:27:49.0984 2080 FsUsbExService - ok

17:27:50.0046 2080 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:27:50.0046 2080 Fs_Rec - ok

17:27:50.0078 2080 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:27:50.0093 2080 Ftdisk - ok

17:27:50.0125 2080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

17:27:50.0125 2080 GEARAspiWDM - ok

17:27:50.0156 2080 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:27:50.0156 2080 Gpc - ok

17:27:50.0218 2080 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

17:27:50.0218 2080 gupdate - ok

17:27:50.0218 2080 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

17:27:50.0234 2080 gupdatem - ok

17:27:50.0281 2080 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

17:27:50.0281 2080 gusvc - ok

17:27:50.0328 2080 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys

17:27:50.0343 2080 HdAudAddService - ok

17:27:50.0359 2080 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:27:50.0375 2080 HDAudBus - ok

17:27:50.0421 2080 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:27:50.0421 2080 helpsvc - ok

17:27:50.0468 2080 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

17:27:50.0468 2080 HidServ - ok

17:27:50.0500 2080 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

17:27:50.0500 2080 HidUsb - ok

17:27:50.0546 2080 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

17:27:50.0546 2080 hkmsvc - ok

17:27:50.0562 2080 hpn - ok

17:27:50.0609 2080 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:27:50.0656 2080 HTTP - ok

17:27:50.0718 2080 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

17:27:50.0718 2080 HTTPFilter - ok

17:27:50.0718 2080 i2omgmt - ok

17:27:50.0734 2080 i2omp - ok

17:27:50.0750 2080 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:27:50.0750 2080 i8042prt - ok

17:27:50.0812 2080 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

17:27:50.0828 2080 IDriverT - ok

17:27:50.0906 2080 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:27:50.0937 2080 idsvc - ok

17:27:50.0984 2080 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:27:50.0984 2080 Imapi - ok

17:27:51.0046 2080 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

17:27:51.0046 2080 ImapiService - ok

17:27:51.0062 2080 ini910u - ok

17:27:51.0078 2080 IntelIde - ok

17:27:51.0109 2080 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:27:51.0109 2080 Ip6Fw - ok

17:27:51.0156 2080 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:27:51.0156 2080 IpFilterDriver - ok

17:27:51.0171 2080 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:27:51.0171 2080 IpInIp - ok

17:27:51.0203 2080 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:27:51.0203 2080 IpNat - ok

17:27:51.0328 2080 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe

17:27:51.0359 2080 iPod Service - ok

17:27:51.0406 2080 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:27:51.0421 2080 IPSec - ok

17:27:51.0437 2080 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:27:51.0437 2080 IRENUM - ok

17:27:51.0468 2080 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:27:51.0468 2080 isapnp - ok

17:27:51.0593 2080 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe

17:27:51.0593 2080 JavaQuickStarterService - ok

17:27:51.0640 2080 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:27:51.0640 2080 Kbdclass - ok

17:27:51.0687 2080 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

17:27:51.0703 2080 kbdhid - ok

17:27:51.0718 2080 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:27:51.0718 2080 kmixer - ok

17:27:51.0781 2080 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:27:51.0781 2080 KSecDD - ok

17:27:51.0843 2080 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

17:27:51.0843 2080 lanmanserver - ok

17:27:51.0875 2080 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

17:27:51.0890 2080 lanmanworkstation - ok

17:27:51.0890 2080 lbrtfdc - ok

17:27:51.0953 2080 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

17:27:51.0953 2080 lirsgt - ok

17:27:51.0968 2080 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

17:27:51.0984 2080 LmHosts - ok

17:27:52.0015 2080 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys

17:27:52.0015 2080 mbamchameleon - ok

17:27:52.0046 2080 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

17:27:52.0046 2080 Messenger - ok

17:27:52.0093 2080 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:27:52.0093 2080 mnmdd - ok

17:27:52.0125 2080 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

17:27:52.0125 2080 mnmsrvc - ok

17:27:52.0171 2080 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

17:27:52.0171 2080 Modem - ok

17:27:52.0187 2080 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:27:52.0187 2080 Mouclass - ok

17:27:52.0234 2080 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

17:27:52.0234 2080 mouhid - ok

17:27:52.0265 2080 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:27:52.0265 2080 MountMgr - ok

17:27:52.0328 2080 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

17:27:52.0328 2080 MozillaMaintenance - ok

17:27:52.0328 2080 mraid35x - ok

17:27:52.0375 2080 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:27:52.0390 2080 MRxDAV - ok

17:27:52.0437 2080 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:27:52.0453 2080 MRxSmb - ok

17:27:52.0515 2080 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

17:27:52.0515 2080 MSDTC - ok

17:27:52.0531 2080 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:27:52.0531 2080 Msfs - ok

17:27:52.0546 2080 MSIServer - ok

17:27:52.0578 2080 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:27:52.0578 2080 MSKSSRV - ok

17:27:52.0609 2080 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:27:52.0609 2080 MSPCLOCK - ok

17:27:52.0640 2080 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:27:52.0640 2080 MSPQM - ok

17:27:52.0703 2080 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:27:52.0703 2080 mssmbios - ok

17:27:52.0750 2080 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

17:27:52.0750 2080 MTsensor - ok

17:27:52.0812 2080 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:27:52.0812 2080 Mup - ok

17:27:52.0906 2080 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

17:27:52.0921 2080 napagent - ok

17:27:52.0968 2080 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:27:52.0968 2080 NDIS - ok

17:27:53.0031 2080 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:27:53.0031 2080 NdisTapi - ok

17:27:53.0078 2080 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:27:53.0078 2080 Ndisuio - ok

17:27:53.0125 2080 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:27:53.0125 2080 NdisWan - ok

17:27:53.0187 2080 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:27:53.0187 2080 NDProxy - ok

17:27:53.0234 2080 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:27:53.0234 2080 NetBIOS - ok

17:27:53.0296 2080 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:27:53.0296 2080 NetBT - ok

17:27:53.0343 2080 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

17:27:53.0343 2080 NetDDE - ok

17:27:53.0359 2080 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

17:27:53.0359 2080 NetDDEdsdm - ok

17:27:53.0390 2080 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:27:53.0406 2080 Netlogon - ok

17:27:53.0453 2080 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

17:27:53.0453 2080 Netman - ok

17:27:53.0625 2080 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:27:53.0625 2080 NetTcpPortSharing - ok

17:27:53.0656 2080 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

17:27:53.0656 2080 Nla - ok

17:27:53.0671 2080 nmwcd - ok

17:27:53.0687 2080 nmwcdc - ok

17:27:53.0703 2080 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:27:53.0703 2080 Npfs - ok

17:27:53.0750 2080 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:27:53.0796 2080 Ntfs - ok

17:27:53.0812 2080 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:27:53.0812 2080 NtLmSsp - ok

17:27:53.0875 2080 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

17:27:53.0921 2080 NtmsSvc - ok

17:27:53.0953 2080 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:27:53.0953 2080 Null - ok

17:27:54.0125 2080 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:27:54.0296 2080 nv - ok

17:27:54.0390 2080 NVENETFD (75da3510f311db3ba72378352ef848be) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

17:27:54.0390 2080 NVENETFD - ok

17:27:54.0437 2080 nvnetbus (84c71701fcea84d7f03e61039fe41b4a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

17:27:54.0437 2080 nvnetbus - ok

17:27:54.0453 2080 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe

17:27:54.0453 2080 NVSvc - ok

17:27:54.0500 2080 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:27:54.0500 2080 NwlnkFlt - ok

17:27:54.0515 2080 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:27:54.0515 2080 NwlnkFwd - ok

17:27:54.0609 2080 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:27:54.0609 2080 ose - ok

17:27:54.0656 2080 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

17:27:54.0656 2080 Parport - ok

17:27:54.0703 2080 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:27:54.0703 2080 PartMgr - ok

17:27:54.0765 2080 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:27:54.0765 2080 ParVdm - ok

17:27:54.0796 2080 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

17:27:54.0812 2080 pccsmcfd - ok

17:27:54.0828 2080 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

17:27:54.0828 2080 PCI - ok

17:27:54.0843 2080 PCIDump - ok

17:27:54.0890 2080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:27:54.0890 2080 PCIIde - ok

17:27:54.0937 2080 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:27:54.0937 2080 Pcmcia - ok

17:27:54.0953 2080 PDCOMP - ok

17:27:54.0953 2080 PDFRAME - ok

17:27:54.0968 2080 PDRELI - ok

17:27:54.0968 2080 PDRFRAME - ok

17:27:54.0984 2080 perc2 - ok

17:27:54.0984 2080 perc2hib - ok

17:27:55.0046 2080 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

17:27:55.0046 2080 PlugPlay - ok

17:27:55.0093 2080 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:27:55.0093 2080 PolicyAgent - ok

17:27:55.0140 2080 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:27:55.0140 2080 PptpMiniport - ok

17:27:55.0156 2080 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

17:27:55.0171 2080 Processor - ok

17:27:55.0171 2080 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:27:55.0171 2080 ProtectedStorage - ok

17:27:55.0187 2080 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:27:55.0187 2080 PSched - ok

17:27:55.0218 2080 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:27:55.0218 2080 Ptilink - ok

17:27:55.0234 2080 ql1080 - ok

17:27:55.0250 2080 Ql10wnt - ok

17:27:55.0250 2080 ql12160 - ok

17:27:55.0265 2080 ql1240 - ok

17:27:55.0265 2080 ql1280 - ok

17:27:55.0296 2080 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:27:55.0296 2080 RasAcd - ok

17:27:55.0343 2080 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

17:27:55.0343 2080 RasAuto - ok

17:27:55.0375 2080 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:27:55.0375 2080 Rasl2tp - ok

17:27:55.0421 2080 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

17:27:55.0421 2080 RasMan - ok

17:27:55.0453 2080 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:27:55.0453 2080 RasPppoe - ok

17:27:55.0453 2080 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:27:55.0468 2080 Raspti - ok

17:27:55.0515 2080 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:27:55.0515 2080 Rdbss - ok

17:27:55.0531 2080 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:27:55.0531 2080 RDPCDD - ok

17:27:55.0578 2080 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

17:27:55.0593 2080 RDPWD - ok

17:27:55.0640 2080 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

17:27:55.0640 2080 RDSessMgr - ok

17:27:55.0656 2080 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:27:55.0671 2080 redbook - ok

17:27:55.0703 2080 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

17:27:55.0703 2080 RemoteAccess - ok

17:27:55.0750 2080 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

17:27:55.0750 2080 ROOTMODEM - ok

17:27:55.0781 2080 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

17:27:55.0781 2080 RpcLocator - ok

17:27:55.0812 2080 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

17:27:55.0812 2080 RpcSs - ok

17:27:55.0859 2080 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

17:27:55.0859 2080 RSVP - ok

17:27:55.0875 2080 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

17:27:55.0875 2080 SamSs - ok

17:27:55.0921 2080 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

17:27:55.0921 2080 SCardSvr - ok

17:27:55.0968 2080 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

17:27:55.0968 2080 Schedule - ok

17:27:56.0015 2080 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:27:56.0015 2080 Secdrv - ok

17:27:56.0062 2080 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

17:27:56.0062 2080 seclogon - ok

17:27:56.0125 2080 SenFiltService (f22e6dd1d2cf71b77119eead1b3fc79d) C:\WINDOWS\system32\drivers\Senfilt.sys

17:27:56.0140 2080 SenFiltService - ok

17:27:56.0187 2080 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

17:27:56.0187 2080 SENS - ok

17:27:56.0218 2080 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:27:56.0218 2080 serenum - ok

17:27:56.0250 2080 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

17:27:56.0250 2080 Serial - ok

17:27:56.0390 2080 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

17:27:56.0437 2080 ServiceLayer - ok

17:27:56.0453 2080 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:27:56.0468 2080 Sfloppy - ok

17:27:56.0515 2080 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

17:27:56.0531 2080 SharedAccess - ok

17:27:56.0578 2080 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:27:56.0593 2080 ShellHWDetection - ok

17:27:56.0593 2080 Simbad - ok

17:27:56.0640 2080 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

17:27:56.0656 2080 SONYPVU1 - ok

17:27:56.0656 2080 Sparrow - ok

17:27:56.0671 2080 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:27:56.0671 2080 splitter - ok

17:27:56.0718 2080 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

17:27:56.0718 2080 Spooler - ok

17:27:56.0734 2080 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

17:27:56.0734 2080 sr - ok

17:27:56.0781 2080 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

17:27:56.0781 2080 srservice - ok

17:27:56.0828 2080 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:27:56.0875 2080 Srv - ok

17:27:56.0937 2080 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

17:27:56.0937 2080 ssadbus - ok

17:27:56.0968 2080 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

17:27:56.0968 2080 ssadmdfl - ok

17:27:56.0984 2080 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

17:27:56.0984 2080 ssadmdm - ok

17:27:57.0031 2080 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

17:27:57.0031 2080 SSDPSRV - ok

17:27:57.0093 2080 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

17:27:57.0093 2080 stisvc - ok

17:27:57.0156 2080 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:27:57.0156 2080 swenum - ok

17:27:57.0171 2080 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:27:57.0171 2080 swmidi - ok

17:27:57.0187 2080 SwPrv - ok

17:27:57.0187 2080 symc810 - ok

17:27:57.0203 2080 symc8xx - ok

17:27:57.0218 2080 sym_hi - ok

17:27:57.0218 2080 sym_u3 - ok

17:27:57.0234 2080 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:27:57.0234 2080 sysaudio - ok

17:27:57.0250 2080 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

17:27:57.0250 2080 SysmonLog - ok

17:27:57.0281 2080 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

17:27:57.0281 2080 TapiSrv - ok

17:27:57.0343 2080 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:27:57.0390 2080 Tcpip - ok

17:27:57.0437 2080 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:27:57.0437 2080 TDPIPE - ok

17:27:57.0484 2080 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:27:57.0484 2080 TDTCP - ok

17:27:57.0531 2080 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:27:57.0531 2080 TermDD - ok

17:27:57.0562 2080 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

17:27:57.0562 2080 TermService - ok

17:27:57.0593 2080 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

17:27:57.0609 2080 Themes - ok

17:27:57.0609 2080 TosIde - ok

17:27:57.0640 2080 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

17:27:57.0640 2080 TrkWks - ok

17:27:57.0671 2080 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:27:57.0687 2080 Udfs - ok

17:27:57.0687 2080 ultra - ok

17:27:57.0750 2080 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:27:57.0765 2080 Update - ok

17:27:57.0781 2080 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

17:27:57.0781 2080 upnphost - ok

17:27:57.0812 2080 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

17:27:57.0812 2080 UPS - ok

17:27:57.0859 2080 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

17:27:57.0859 2080 USBAAPL - ok

17:27:57.0921 2080 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:27:57.0921 2080 usbccgp - ok

17:27:57.0953 2080 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:27:57.0953 2080 usbehci - ok

17:27:57.0968 2080 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:27:57.0968 2080 usbhub - ok

17:27:58.0000 2080 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

17:27:58.0000 2080 usbohci - ok

17:27:58.0015 2080 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:27:58.0015 2080 usbscan - ok

17:27:58.0046 2080 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:27:58.0046 2080 USBSTOR - ok

17:27:58.0078 2080 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:27:58.0078 2080 VgaSave - ok

17:27:58.0078 2080 ViaIde - ok

17:27:58.0093 2080 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

17:27:58.0093 2080 VolSnap - ok

17:27:58.0156 2080 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

17:27:58.0187 2080 VSS - ok

17:27:58.0375 2080 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

17:27:58.0437 2080 vToolbarUpdater11.1.0 - ok

17:27:58.0500 2080 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

17:27:58.0515 2080 W32Time - ok

17:27:58.0578 2080 W8335XP (7455b3c11a1d6a844b53febdb58646e9) C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys

17:27:58.0625 2080 W8335XP - ok

17:27:58.0671 2080 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:27:58.0671 2080 Wanarp - ok

17:27:58.0734 2080 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

17:27:58.0765 2080 Wdf01000 - ok

17:27:58.0781 2080 WDICA - ok

17:27:58.0796 2080 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:27:58.0812 2080 wdmaud - ok

17:27:58.0859 2080 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

17:27:58.0859 2080 WebClient - ok

17:27:58.0968 2080 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

17:27:58.0968 2080 winmgmt - ok

17:27:59.0015 2080 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

17:27:59.0031 2080 WmdmPmSN - ok

17:27:59.0062 2080 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:27:59.0078 2080 WmiApSrv - ok

17:27:59.0171 2080 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

17:27:59.0187 2080 WMPNetworkSvc - ok

17:27:59.0203 2080 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

17:27:59.0203 2080 WpdUsb - ok

17:27:59.0234 2080 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:27:59.0234 2080 WS2IFSL - ok

17:27:59.0281 2080 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

17:27:59.0296 2080 wscsvc - ok

17:27:59.0343 2080 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

17:27:59.0359 2080 wuauserv - ok

17:27:59.0406 2080 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:27:59.0421 2080 WudfPf - ok

17:27:59.0437 2080 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:27:59.0453 2080 WudfRd - ok

17:27:59.0500 2080 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll

17:27:59.0500 2080 WudfSvc - ok

17:27:59.0562 2080 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

17:27:59.0562 2080 WZCSVC - ok

17:27:59.0609 2080 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

17:27:59.0625 2080 xmlprov - ok

17:27:59.0640 2080 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:27:59.0984 2080 \Device\Harddisk0\DR0 - ok

17:27:59.0984 2080 Boot (0x1200) (86694bad516a94c6930ce71b6445749b) \Device\Harddisk0\DR0\Partition0

17:27:59.0984 2080 \Device\Harddisk0\DR0\Partition0 - ok

17:28:00.0000 2080 ============================================================

17:28:00.0000 2080 Scan finished

17:28:00.0000 2080 ============================================================

17:28:00.0000 3456 Detected object count: 0

17:28:00.0000 3456 Actual detected object count: 0

Link to post
Share on other sites

Disable Spybot's Tea Timer, otherwise it will interfere with any fixes. Keep it disabled always, until after we are entirely finished with your case.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 3

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Reply with copy of the aswMBR log + the DrWeb Cure-It log, and tell me, How is your system now?

Step 4

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Step 5

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
    ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml

When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.

Step 6

Your Firefox browser is out of date. Start FF. From main menu, select Help >> About Firefox. Allow it to update to newest release version.

Step 7

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with copy of the aswMBR log + the DrWeb Cure-It log + last MBAM scan log, and tell me, How is your system now?

Link to post
Share on other sites

Hi Maurice,

I have completed all the other steps and attach the logs below:

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-22 20:24:14

-----------------------------

20:24:14.390 OS Version: Windows 5.1.2600 Service Pack 3

20:24:14.390 Number of processors: 1 586 0x5F02

20:24:14.390 ComputerName: SHA UserName:

20:24:15.078 Initialize success

20:51:41.015 AVAST engine defs: 12062200

20:58:29.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

20:58:29.390 Disk 0 Vendor: WDC_WD800JD-22MSA1 10.01E01 Size: 76319MB BusType: 3

20:58:29.390 Disk 0 MBR read successfully

20:58:29.390 Disk 0 MBR scan

20:58:29.421 Disk 0 Windows XP default MBR code

20:58:29.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63

20:58:29.421 Disk 0 scanning sectors +156296385

20:58:29.500 Disk 0 scanning C:\WINDOWS\system32\drivers

20:58:45.703 Service scanning

20:59:02.515 Modules scanning

20:59:08.078 Scan finished successfully

20:59:37.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sasha Gilby\Desktop\MBR.dat"

20:59:37.281 The log file has been saved successfully to "C:\Documents and Settings\Sasha Gilby\Desktop\aswMBR.txt"

Link to post
Share on other sites

MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.23.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Sasha Gilby :: SHA [administrator]

23/06/2012 9:46:47 PM

mbam-log-2012-06-23 (21-46-47).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 200510

Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Well done.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use on a periodic basis to backup Windows registry.

Delete the following if still present:

aswMBR.exe

TDSSKILLER.exe

Roguekiller.exe

Safer practices and malware prevention

We are finished here. Best regards.

Link to post
Share on other sites

Thank you so much for all your help on this one, Maurice.

I'm sure you hear it all the time but what you guys do here is absolutely amazing.

I shall be in touch if any issues arise.

Thank you again and enjoy the rest of your weekend.

Cheers :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.