Jump to content

redirect virus?


Recommended Posts

Whenever I do a google search and it gives me results. I click on any of the results and am redirected to another page of links.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Family at 11:42:50 on 2012-08-19

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2096 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

H:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

H:\WINDOWS\System32\svchost.exe -k netsvcs

H:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\WINDOWS\Explorer.EXE

H:\WINDOWS\RTHDCPL.EXE

H:\Program Files\AVG\AVG2012\avgtray.exe

H:\Program Files\Common Files\Java\Java Update\jusched.exe

H:\WINDOWS\system32\igfxtray.exe

H:\WINDOWS\system32\hkcmd.exe

H:\WINDOWS\system32\igfxpers.exe

H:\WINDOWS\system32\igfxsrvc.exe

H:\WINDOWS\system32\ctfmon.exe

H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

H:\Program Files\Microsoft ActiveSync\wcescomm.exe

H:\PROGRA~1\MICROS~3\rapimgr.exe

svchost.exe

H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

H:\Program Files\AVG\AVG2012\avgwdsvc.exe

H:\Program Files\Bonjour\mDNSResponder.exe

H:\Program Files\Java\jre6\bin\jqs.exe

H:\Program Files\Common Files\Motive\McciCMService.exe

H:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

H:\WINDOWS\system32\HPZipm12.exe

H:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

H:\Program Files\AVG\AVG2012\avgnsx.exe

H:\WINDOWS\system32\svchost.exe -k imgsvc

H:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

H:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

H:\Program Files\AVG\AVG2012\avgrsx.exe

H:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

H:\Program Files\AVG\AVG2012\avgcsrvx.exe

H:\Program Files\Google\Chrome\Application\chrome.exe

H:\Program Files\Google\Chrome\Application\chrome.exe

H:\Program Files\Google\Chrome\Application\chrome.exe

H:\Program Files\Google\Chrome\Application\chrome.exe

H:\Program Files\Google\Chrome\Application\chrome.exe

H:\Program Files\Google\Chrome\Application\chrome.exe

H:\Program Files\Google\Chrome\Application\chrome.exe

H:\Program Files\Google\Chrome\Application\chrome.exe

H:\Program Files\Google\Chrome\Application\chrome.exe

H:\Program Files\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - h:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - h:\program files\avg\avg2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - h:\program files\avg\avg2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - h:\progra~1\spybot~1\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - h:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - h:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - h:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No File

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - h:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - h:\program files\yontoo\YontooIEClient.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - h:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [ctfmon.exe] h:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] h:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [H/PC Connection Agent] "h:\program files\microsoft activesync\wcescomm.exe"

mRun: [Alcmtr] ALCMTR.EXE

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AVG_TRAY] "h:\program files\avg\avg2012\avgtray.exe"

mRun: [sunJavaUpdateSched] "h:\program files\common files\java\java update\jusched.exe"

mRun: [igfxTray] h:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] h:\windows\system32\hkcmd.exe

mRun: [Persistence] h:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "h:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe ARM] "h:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

IE: E&xport to Microsoft Excel - h:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Google Sidewiki... - h:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - h:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - h:\program files\microsoft office\office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\progra~1\micros~3\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - h:\progra~1\micros~3\INetRepl.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - h:\program files\avg\avg2012\avgdtiex.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - h:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - h:\progra~1\spybot~1\SDHelper.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{8B89743E-7BB8-436C-914D-565D6D227A52} : DhcpNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - h:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - h:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - h:\program files\avg\avg2012\avgpp.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - h:\windows\system32\mscoree.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;h:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;h:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]

R1 Avgldx86;AVG AVI Loader Driver;h:\windows\system32\drivers\avgldx86.sys [2011-10-7 235216]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;h:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]

R1 Avgtdix;AVG TDI Driver;h:\windows\system32\drivers\avgtdix.sys [2011-7-11 301248]

R2 AVGIDSAgent;AVGIDSAgent;h:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]

R2 avgwd;AVG WatchDog;h:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;h:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 WDDMService;WD SmartWare Drive Manager;h:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;h:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R3 AVGIDSDriver;AVGIDSDriver;h:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;h:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;h:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;h:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);h:\program files\google\update\GoogleUpdate.exe [2011-1-27 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;h:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;h:\windows\system32\drivers\bcmwlhigh5.sys --> h:\windows\system32\drivers\bcmwlhigh5.sys [?]

S3 cpudrv;cpudrv;h:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]

S3 gupdatem;Google Update Service (gupdatem);h:\program files\google\update\GoogleUpdate.exe [2011-1-27 136176]

S3 NPF;Netgroup Packet Filter;h:\windows\system32\drivers\npf.sys --> h:\windows\system32\drivers\npf.sys [?]

S3 osppsvc;Office Software Protection Platform;h:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;h:\windows\system32\drivers\RTL8192su.sys [2011-2-22 594048]

S3 WDC_SAM;WD SCSI Pass Thru driver;h:\windows\system32\drivers\wdcsam.sys [2011-1-5 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;h:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

.scr=AutoCADScriptFile

.

=============== Created Last 30 ================

.

2012-08-16 17:11:41 -------- d-----w- h:\program files\ProProfs CompTIA A+ Practice Exams

2012-08-16 17:11:31 831488 ------w- h:\windows\Setup1.exe

2012-08-16 17:11:30 73216 ----a-w- h:\windows\ST6UNST.EXE

2012-08-16 13:42:55 -------- d-----w- h:\documents and settings\family\local settings\application data\SlimWare Utilities Inc

2012-08-14 19:12:08 9232584 ----a-w- h:\windows\system32\FlashPlayerInstaller.exe

2012-08-01 22:51:21 -------- d-----w- h:\program files\Citrix

2012-08-01 22:51:10 60304 ----a-w- h:\documents and settings\family\g2mdlhlpx.exe

2012-07-27 20:51:30 184248 ----a-w- h:\program files\internet explorer\plugins\nppdf32.dll

2012-07-26 23:52:20 -------- d-----w- h:\documents and settings\family\application data\.techniclauncher

2012-07-22 15:09:21 -------- d-----w- h:\documents and settings\family\application data\calibre

2012-07-22 15:08:25 -------- d-----w- h:\program files\Calibre2

2012-07-22 14:54:53 -------- d-----w- h:\documents and settings\family\application data\Xilisoft

2012-07-22 14:51:39 -------- d-----w- h:\documents and settings\all users\application data\blekko toolbars

2012-07-22 14:51:32 -------- d-----w- h:\documents and settings\family\local settings\application data\blekkotb_031

.

==================== Find3M ====================

.

2012-08-14 19:12:10 70344 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-14 19:12:10 426184 ----a-w- h:\windows\system32\FlashPlayerApp.exe

2012-07-03 17:46:44 22344 ----a-w- h:\windows\system32\drivers\mbam.sys

2012-06-01 16:04:32 499712 ----a-w- h:\windows\system32\msvcp71.dll

2012-06-01 16:04:32 348160 ----a-w- h:\windows\system32\msvcr71.dll

1997-07-21 23:30:54 1045776 --sha-w- h:\windows\system32\Msjet35.dll

1997-06-23 07:00:00 123664 --sha-w- h:\windows\system32\Msjint35.dll

1997-06-23 16:06:50 24848 --sha-w- h:\windows\system32\Msjter35.dll

1997-06-23 16:06:50 252176 --sha-w- h:\windows\system32\Msrd2x35.dll

1997-06-23 16:06:50 287504 --sha-w- h:\windows\system32\Msxbse35.dll

.

============= FINISH: 11:43:22.70 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/27/2010 3:28:48 PM

System Uptime: 8/19/2012 10:22:30 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0RY007

Processor: Intel Pentium III Xeon processor | Socket 775 | 2660/333mhz

.

==== Disk Partitions =========================

.

E: is Removable

F: is Removable

G: is CDROM ()

H: is FIXED (NTFS) - 932 GiB total, 535.356 GiB free.

I: is Removable

K: is CDROM ()

N: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP60: 5/21/2012 4:46:13 PM - System Checkpoint

RP61: 5/22/2012 5:47:46 PM - System Checkpoint

RP62: 5/23/2012 5:55:17 PM - System Checkpoint

RP63: 5/24/2012 7:02:32 PM - System Checkpoint

RP64: 5/25/2012 7:56:34 PM - System Checkpoint

RP65: 5/26/2012 8:49:34 PM - System Checkpoint

RP66: 5/27/2012 9:06:27 PM - System Checkpoint

RP67: 5/28/2012 9:15:57 PM - System Checkpoint

RP68: 5/29/2012 9:16:41 PM - System Checkpoint

RP69: 5/30/2012 11:54:21 PM - System Checkpoint

RP70: 6/1/2012 3:27:22 AM - System Checkpoint

RP71: 6/2/2012 4:03:22 AM - System Checkpoint

RP72: 6/3/2012 9:53:49 AM - System Checkpoint

RP73: 6/4/2012 10:24:59 AM - System Checkpoint

RP74: 6/5/2012 11:23:54 AM - System Checkpoint

RP75: 6/6/2012 11:39:28 AM - System Checkpoint

RP76: 6/7/2012 12:26:24 PM - System Checkpoint

RP77: 6/8/2012 12:57:04 PM - System Checkpoint

RP78: 6/9/2012 2:11:28 PM - System Checkpoint

RP79: 6/10/2012 2:32:32 PM - System Checkpoint

RP80: 6/11/2012 3:20:18 PM - System Checkpoint

RP81: 6/12/2012 4:44:25 PM - System Checkpoint

RP82: 6/13/2012 10:17:17 PM - System Checkpoint

RP83: 6/15/2012 1:00:28 AM - System Checkpoint

RP84: 6/16/2012 2:04:43 AM - System Checkpoint

RP85: 6/17/2012 2:58:07 AM - System Checkpoint

RP86: 6/18/2012 3:57:03 AM - System Checkpoint

RP87: 6/19/2012 6:03:00 AM - System Checkpoint

RP88: 6/20/2012 8:14:54 AM - System Checkpoint

RP89: 6/21/2012 9:55:28 AM - System Checkpoint

RP90: 6/22/2012 9:57:15 AM - System Checkpoint

RP91: 6/23/2012 10:33:07 AM - System Checkpoint

RP92: 6/24/2012 11:04:40 AM - System Checkpoint

RP93: 6/25/2012 12:56:48 PM - System Checkpoint

RP94: 6/26/2012 2:12:23 PM - System Checkpoint

RP95: 6/27/2012 9:01:50 PM - System Checkpoint

RP96: 6/28/2012 11:05:28 PM - System Checkpoint

RP97: 6/30/2012 1:04:30 AM - System Checkpoint

RP98: 7/1/2012 3:02:47 AM - System Checkpoint

RP99: 7/2/2012 7:46:44 AM - System Checkpoint

RP100: 7/3/2012 7:48:22 AM - System Checkpoint

RP101: 7/4/2012 8:39:54 AM - System Checkpoint

RP102: 7/5/2012 9:20:23 AM - System Checkpoint

RP103: 7/6/2012 2:13:35 PM - System Checkpoint

RP104: 7/7/2012 7:32:50 AM - Installed DirectX

RP105: 7/8/2012 10:26:03 AM - System Checkpoint

RP106: 7/9/2012 11:35:32 AM - System Checkpoint

RP107: 7/10/2012 2:33:57 PM - System Checkpoint

RP108: 7/11/2012 3:23:40 PM - System Checkpoint

RP109: 7/12/2012 4:17:00 PM - System Checkpoint

RP110: 7/13/2012 4:32:39 PM - System Checkpoint

RP111: 7/14/2012 4:51:19 PM - System Checkpoint

RP112: 7/17/2012 10:57:33 PM - System Checkpoint

RP113: 7/18/2012 11:55:03 PM - System Checkpoint

RP114: 7/20/2012 3:48:14 AM - System Checkpoint

RP115: 7/21/2012 4:26:11 AM - System Checkpoint

RP116: 7/22/2012 6:41:15 AM - System Checkpoint

RP117: 7/22/2012 11:08:24 AM - Installed calibre

RP118: 7/23/2012 4:11:53 PM - System Checkpoint

RP119: 7/24/2012 8:43:42 PM - System Checkpoint

RP120: 7/25/2012 10:44:04 PM - System Checkpoint

RP121: 7/27/2012 12:07:57 AM - System Checkpoint

RP122: 7/28/2012 4:54:59 AM - System Checkpoint

RP123: 7/29/2012 6:08:23 AM - System Checkpoint

RP124: 7/30/2012 9:04:18 AM - System Checkpoint

RP125: 7/31/2012 10:25:44 AM - System Checkpoint

RP126: 8/1/2012 4:13:56 PM - System Checkpoint

RP127: 8/2/2012 7:04:47 PM - System Checkpoint

RP128: 8/3/2012 7:59:02 PM - System Checkpoint

RP129: 8/5/2012 2:18:51 AM - System Checkpoint

RP130: 8/6/2012 2:39:19 AM - System Checkpoint

RP131: 8/7/2012 5:03:31 AM - System Checkpoint

RP132: 8/8/2012 7:09:51 AM - System Checkpoint

RP133: 8/9/2012 7:56:51 AM - System Checkpoint

RP134: 8/10/2012 11:13:05 AM - System Checkpoint

RP135: 8/11/2012 11:38:53 AM - System Checkpoint

RP136: 8/12/2012 1:35:26 PM - System Checkpoint

RP137: 8/13/2012 1:43:59 PM - System Checkpoint

RP138: 8/14/2012 2:40:41 PM - System Checkpoint

RP139: 8/15/2012 3:02:22 PM - System Checkpoint

RP140: 8/16/2012 9:46:15 AM - Removed DriverUpdate

RP141: 8/17/2012 11:33:16 AM - System Checkpoint

RP142: 8/18/2012 11:40:08 AM - System Checkpoint

.

==== Installed Programs ======================

.

1500

1500_Help

1500Trb

7-Zip 9.20

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

AiO_Scan

AiOSoftware

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARMA 2: Free

AutoCAD Express Tools Volumes 1-9

Autodesk Express Viewer

Autodesk Land Desktop 2004

Autodesk Survey 2004

AVG 2012

BitTorrent

Bonjour

BufferChm

Burn4Free CD & DVD 5.3.0.0

Burn4Free Toolbar

calibre

CP_AtenaShokunin1Config

CP_CalendarTemplates1

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

CueTour

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Resource CD

Destinations

DeviceFunctionQFolder

DeviceManagementQFolder

DocProc

DocumentViewer

DocumentViewerQFolder

Dungeon Defenders Demo

eSupportQFolder

Fax

FormatFactory 2.70

Free Audio CD Burner version 1.4.8

Free FLAC to MP3 Converter 1.0

Free Video Joiner 1.1

FullDPAppQFolder

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Document Viewer 5.3

HP Image Zone 5.3

HP Imaging Device Functions 5.3

HP PSC & OfficeJet 5.3.B

HP Software Update

HP Solution Center & Imaging Support Tools 5.3

HPProductAssistant

InstantShareDevices

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections 12.1.12.0

iTunes

Java Auto Updater

Java™ 6 Update 31

Left 4 Dead 2

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft ActiveSync

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Professional Edition 2003

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Minute Menu Kids

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Native Instruments Kore Player

Native Instruments Service Center

NewCopy

Non Driver CIO Components

PanoStandAlone

PDF reDirect (remove only)

PhotoGallery

PhotoScape

PMB

ProductContext

ProProfs CompTIA A+ Practice Exams

QuickBooks

QuickBooks Simple Start 2010

QuickTime

RandMap

Readme

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Reason 5.0

ReCycle v2.1

Scan

ScannerCopy

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

SkinsHP1

SolutionCenter

Sonic_PrimoSDK

Sony ACID Music Studio 7.0

Spybot - Search & Destroy

Status

Steam

System Requirements Lab for Intel

The Rosetta Stone

TrayApp

Uninstall 1.0.0.1

Unity Web Player

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VLC media player 1.1.9

WD SmartWare

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows XP Service Pack 3

Yontoo 1.10.02

.

==== Event Viewer Messages From Past Week ========

.

8/14/2012 8:39:21 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please uninstall > Yontoo 1.10.02

~~~~~~~~~~~~~~~~~~~~~~

Then..............

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Family [Admin rights]

Mode: Scan -- Date: 08/19/2012 12:27:54

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[] HKLM\[...]\Windows : () -> ACCESS DENIED

[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FALS-00J7B0 +++++

--- User ---

[MBR] 253541b0f6b649e762ccebb741f8a731

[bSP] d70386338c994455403ffd20da7d4036 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

15:04:47.0125 2940 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

15:04:47.0406 2940 ============================================================

15:04:47.0406 2940 Current date / time: 2012/08/19 15:04:47.0406

15:04:47.0406 2940 SystemInfo:

15:04:47.0406 2940

15:04:47.0406 2940 OS Version: 5.1.2600 ServicePack: 3.0

15:04:47.0406 2940 Product type: Workstation

15:04:47.0406 2940 ComputerName: ROBERTSON

15:04:47.0406 2940 UserName: Family

15:04:47.0406 2940 Windows directory: H:\WINDOWS

15:04:47.0406 2940 System windows directory: H:\WINDOWS

15:04:47.0406 2940 Processor architecture: Intel x86

15:04:47.0406 2940 Number of processors: 2

15:04:47.0406 2940 Page size: 0x1000

15:04:47.0406 2940 Boot type: Normal boot

15:04:47.0406 2940 ============================================================

15:04:48.0546 2940 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:04:48.0625 2940 ============================================================

15:04:48.0625 2940 \Device\Harddisk0\DR0:

15:04:48.0625 2940 MBR partitions:

15:04:48.0625 2940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1

15:04:48.0625 2940 ============================================================

15:04:48.0656 2940 H: <-> \Device\Harddisk0\DR0\Partition1

15:04:48.0656 2940 ============================================================

15:04:48.0656 2940 Initialize success

15:04:48.0656 2940 ============================================================

15:04:56.0703 0180 ============================================================

15:04:56.0703 0180 Scan started

15:04:56.0703 0180 Mode: Manual; SigCheck; TDLFS;

15:04:56.0703 0180 ============================================================

15:04:57.0140 0180 ================ Scan services =============================

15:04:57.0203 0180 Abiosdsk - ok

15:04:57.0203 0180 abp480n5 - ok

15:04:57.0250 0180 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI H:\WINDOWS\system32\DRIVERS\ACPI.sys

15:04:57.0703 0180 ACPI - ok

15:04:57.0765 0180 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC H:\WINDOWS\system32\drivers\ACPIEC.sys

15:04:57.0828 0180 ACPIEC - ok

15:04:57.0875 0180 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

15:04:57.0875 0180 AdobeFlashPlayerUpdateSvc - ok

15:04:57.0890 0180 adpu160m - ok

15:04:57.0890 0180 [ 8bed39e3c35d6a489438b8141717a557 ] aec H:\WINDOWS\system32\drivers\aec.sys

15:04:57.0968 0180 aec - ok

15:04:58.0015 0180 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD H:\WINDOWS\System32\drivers\afd.sys

15:04:58.0062 0180 AFD - ok

15:04:58.0062 0180 Aha154x - ok

15:04:58.0062 0180 aic78u2 - ok

15:04:58.0062 0180 aic78xx - ok

15:04:58.0093 0180 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter H:\WINDOWS\system32\alrsvc.dll

15:04:58.0171 0180 Alerter - ok

15:04:58.0171 0180 [ 8c515081584a38aa007909cd02020b3d ] ALG H:\WINDOWS\System32\alg.exe

15:04:58.0250 0180 ALG - ok

15:04:58.0250 0180 AliIde - ok

15:04:58.0250 0180 amsint - ok

15:04:58.0343 0180 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:04:58.0359 0180 Apple Mobile Device - ok

15:04:58.0375 0180 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt H:\WINDOWS\System32\appmgmts.dll

15:04:58.0453 0180 AppMgmt - ok

15:04:58.0453 0180 asc - ok

15:04:58.0468 0180 asc3350p - ok

15:04:58.0468 0180 asc3550 - ok

15:04:58.0546 0180 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

15:04:58.0562 0180 aspnet_state - ok

15:04:58.0593 0180 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac H:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:04:58.0671 0180 AsyncMac - ok

15:04:58.0671 0180 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi H:\WINDOWS\system32\DRIVERS\atapi.sys

15:04:58.0750 0180 atapi - ok

15:04:58.0765 0180 Atdisk - ok

15:04:58.0781 0180 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc H:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:04:58.0859 0180 Atmarpc - ok

15:04:58.0890 0180 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv H:\WINDOWS\System32\audiosrv.dll

15:04:58.0968 0180 AudioSrv - ok

15:04:59.0000 0180 [ d9f724aa26c010a217c97606b160ed68 ] audstub H:\WINDOWS\system32\DRIVERS\audstub.sys

15:04:59.0062 0180 audstub - ok

15:04:59.0203 0180 [ ba60fd7a64b9759a14c0fba4a9ed4c7b ] AVGIDSAgent H:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

15:04:59.0328 0180 AVGIDSAgent - ok

15:04:59.0343 0180 [ 1074f787080068c71303b61fae7e7ca4 ] AVGIDSDriver H:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

15:04:59.0375 0180 AVGIDSDriver - ok

15:04:59.0375 0180 [ 61a7e0b02f82cff3db2445bbe50b3589 ] AVGIDSFilter H:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

15:04:59.0390 0180 AVGIDSFilter - ok

15:04:59.0390 0180 [ d63d83659eedf60b3a3e620281a888e5 ] AVGIDSHX H:\WINDOWS\system32\DRIVERS\avgidshx.sys

15:04:59.0390 0180 AVGIDSHX - ok

15:04:59.0406 0180 [ baf975b72062f53d327788e99d64197e ] AVGIDSShim H:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

15:04:59.0421 0180 AVGIDSShim - ok

15:04:59.0421 0180 [ dda6a2a18841e4c9172bb85958b8d948 ] Avgldx86 H:\WINDOWS\system32\DRIVERS\avgldx86.sys

15:04:59.0437 0180 Avgldx86 - ok

15:04:59.0437 0180 [ ccdd61545aaea265977e4b1efdc74e8c ] Avgmfx86 H:\WINDOWS\system32\DRIVERS\avgmfx86.sys

15:04:59.0453 0180 Avgmfx86 - ok

15:04:59.0453 0180 [ 1fd90b28d2c3100bf4500199c8ad6358 ] Avgrkx86 H:\WINDOWS\system32\DRIVERS\avgrkx86.sys

15:04:59.0453 0180 Avgrkx86 - ok

15:04:59.0468 0180 [ 1263f2554ace925c237a40b4c568d815 ] Avgtdix H:\WINDOWS\system32\DRIVERS\avgtdix.sys

15:04:59.0484 0180 Avgtdix - ok

15:04:59.0515 0180 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd H:\Program Files\AVG\AVG2012\avgwdsvc.exe

15:04:59.0531 0180 avgwd - ok

15:04:59.0531 0180 BCMH43XX - ok

15:04:59.0562 0180 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep H:\WINDOWS\system32\drivers\Beep.sys

15:04:59.0625 0180 Beep - ok

15:04:59.0640 0180 [ 574738f61fca2935f5265dc4e5691314 ] BITS H:\WINDOWS\system32\qmgr.dll

15:04:59.0734 0180 BITS - ok

15:04:59.0781 0180 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service H:\Program Files\Bonjour\mDNSResponder.exe

15:04:59.0796 0180 Bonjour Service - ok

15:04:59.0812 0180 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser H:\WINDOWS\System32\browser.dll

15:04:59.0875 0180 Browser - ok

15:04:59.0906 0180 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k H:\WINDOWS\system32\drivers\cbidf2k.sys

15:04:59.0968 0180 cbidf2k - ok

15:05:00.0000 0180 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE H:\WINDOWS\system32\DRIVERS\CCDECODE.sys

15:05:00.0062 0180 CCDECODE - ok

15:05:00.0062 0180 cd20xrnt - ok

15:05:00.0093 0180 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio H:\WINDOWS\system32\drivers\Cdaudio.sys

15:05:00.0171 0180 Cdaudio - ok

15:05:00.0171 0180 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs H:\WINDOWS\system32\drivers\Cdfs.sys

15:05:00.0234 0180 Cdfs - ok

15:05:00.0265 0180 [ 4b0a100eaf5c49ef3cca8c641431eacc ] Cdrom H:\WINDOWS\system32\DRIVERS\cdrom.sys

15:05:00.0281 0180 Cdrom - ok

15:05:00.0312 0180 [ 84853b3fd012251690570e9e7e43343f ] cercsr6 H:\WINDOWS\system32\drivers\cercsr6.sys

15:05:00.0312 0180 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

15:05:00.0312 0180 cercsr6 - detected UnsignedFile.Multi.Generic (1)

15:05:00.0328 0180 Changer - ok

15:05:00.0328 0180 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc H:\WINDOWS\system32\cisvc.exe

15:05:00.0406 0180 CiSvc - ok

15:05:00.0406 0180 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv H:\WINDOWS\system32\clipsrv.exe

15:05:00.0484 0180 ClipSrv - ok

15:05:00.0515 0180 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:05:00.0531 0180 clr_optimization_v2.0.50727_32 - ok

15:05:00.0562 0180 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:05:00.0562 0180 clr_optimization_v4.0.30319_32 - ok

15:05:00.0578 0180 CmdIde - ok

15:05:00.0578 0180 COMSysApp - ok

15:05:00.0578 0180 Cpqarray - ok

15:05:00.0625 0180 [ d01f685f8b4598d144b0cce9ff95d8d5 ] cpudrv H:\Program Files\SystemRequirementsLab\cpudrv.sys

15:05:00.0640 0180 cpudrv - ok

15:05:00.0640 0180 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc H:\WINDOWS\System32\cryptsvc.dll

15:05:00.0703 0180 CryptSvc - ok

15:05:00.0703 0180 dac2w2k - ok

15:05:00.0703 0180 dac960nt - ok

15:05:00.0734 0180 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch H:\WINDOWS\system32\rpcss.dll

15:05:00.0765 0180 DcomLaunch - ok

15:05:00.0812 0180 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp H:\WINDOWS\System32\dhcpcsvc.dll

15:05:00.0875 0180 Dhcp - ok

15:05:00.0890 0180 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk H:\WINDOWS\system32\DRIVERS\disk.sys

15:05:00.0953 0180 Disk - ok

15:05:00.0953 0180 dmadmin - ok

15:05:00.0984 0180 [ d992fe1274bde0f84ad826acae022a41 ] dmboot H:\WINDOWS\system32\drivers\dmboot.sys

15:05:01.0062 0180 dmboot - ok

15:05:01.0062 0180 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio H:\WINDOWS\system32\drivers\dmio.sys

15:05:01.0125 0180 dmio - ok

15:05:01.0156 0180 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload H:\WINDOWS\system32\drivers\dmload.sys

15:05:01.0218 0180 dmload - ok

15:05:01.0218 0180 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver H:\WINDOWS\System32\dmserver.dll

15:05:01.0281 0180 dmserver - ok

15:05:01.0312 0180 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic H:\WINDOWS\system32\drivers\DMusic.sys

15:05:01.0375 0180 DMusic - ok

15:05:01.0390 0180 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache H:\WINDOWS\System32\dnsrslvr.dll

15:05:01.0437 0180 Dnscache - ok

15:05:01.0468 0180 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc H:\WINDOWS\System32\dot3svc.dll

15:05:01.0546 0180 Dot3svc - ok

15:05:01.0546 0180 dpti2o - ok

15:05:01.0562 0180 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud H:\WINDOWS\system32\drivers\drmkaud.sys

15:05:01.0625 0180 drmkaud - ok

15:05:01.0656 0180 [ 34aaa3b298a852b3663e6e0d94d12945 ] e1express H:\WINDOWS\system32\DRIVERS\e1e5132.sys

15:05:01.0656 0180 e1express - ok

15:05:01.0687 0180 [ 2187855a7703adef0cef9ee4285182cc ] EapHost H:\WINDOWS\System32\eapsvc.dll

15:05:01.0750 0180 EapHost - ok

15:05:01.0750 0180 [ bc93b4a066477954555966d77fec9ecb ] ERSvc H:\WINDOWS\System32\ersvc.dll

15:05:01.0828 0180 ERSvc - ok

15:05:01.0859 0180 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog H:\WINDOWS\system32\services.exe

15:05:01.0890 0180 Eventlog - ok

15:05:01.0921 0180 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem H:\WINDOWS\system32\es.dll

15:05:01.0937 0180 EventSystem - ok

15:05:01.0953 0180 [ 38d332a6d56af32635675f132548343e ] Fastfat H:\WINDOWS\system32\drivers\Fastfat.sys

15:05:02.0015 0180 Fastfat - ok

15:05:02.0046 0180 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility H:\WINDOWS\System32\shsvcs.dll

15:05:02.0078 0180 FastUserSwitchingCompatibility - ok

15:05:02.0093 0180 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc H:\WINDOWS\system32\drivers\Fdc.sys

15:05:02.0156 0180 Fdc - ok

15:05:02.0156 0180 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips H:\WINDOWS\system32\drivers\Fips.sys

15:05:02.0218 0180 Fips - ok

15:05:02.0218 0180 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk H:\WINDOWS\system32\drivers\Flpydisk.sys

15:05:02.0296 0180 Flpydisk - ok

15:05:02.0312 0180 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr H:\WINDOWS\system32\drivers\fltmgr.sys

15:05:02.0375 0180 FltMgr - ok

15:05:02.0437 0180 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:05:02.0453 0180 FontCache3.0.0.0 - ok

15:05:02.0453 0180 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec H:\WINDOWS\system32\drivers\Fs_Rec.sys

15:05:02.0515 0180 Fs_Rec - ok

15:05:02.0531 0180 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk H:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:05:02.0609 0180 Ftdisk - ok

15:05:02.0625 0180 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:05:02.0625 0180 GEARAspiWDM - ok

15:05:02.0640 0180 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc H:\WINDOWS\system32\DRIVERS\msgpc.sys

15:05:02.0718 0180 Gpc - ok

15:05:02.0765 0180 [ f02a533f517eb38333cb12a9e8963773 ] gupdate H:\Program Files\Google\Update\GoogleUpdate.exe

15:05:02.0781 0180 gupdate - ok

15:05:02.0781 0180 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem H:\Program Files\Google\Update\GoogleUpdate.exe

15:05:02.0796 0180 gupdatem - ok

15:05:02.0812 0180 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

15:05:02.0828 0180 gusvc - ok

15:05:02.0828 0180 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus H:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:05:02.0906 0180 HDAudBus - ok

15:05:02.0953 0180 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:05:03.0015 0180 helpsvc - ok

15:05:03.0015 0180 HidServ - ok

15:05:03.0015 0180 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb H:\WINDOWS\system32\DRIVERS\hidusb.sys

15:05:03.0078 0180 hidusb - ok

15:05:03.0093 0180 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc H:\WINDOWS\System32\kmsvc.dll

15:05:03.0171 0180 hkmsvc - ok

15:05:03.0171 0180 hpn - ok

15:05:03.0203 0180 [ 9f1d80908658eb7f1bf70809e0b51470 ] HPZid412 H:\WINDOWS\system32\DRIVERS\HPZid412.sys

15:05:03.0234 0180 HPZid412 - ok

15:05:03.0234 0180 [ f7e3e9d50f9cd3de28085a8fdaa0a1c3 ] HPZipr12 H:\WINDOWS\system32\DRIVERS\HPZipr12.sys

15:05:03.0296 0180 HPZipr12 - ok

15:05:03.0328 0180 [ cf1b7951b4ec8d13f3c93b74bb2b461b ] HPZius12 H:\WINDOWS\system32\DRIVERS\HPZius12.sys

15:05:03.0375 0180 HPZius12 - ok

15:05:03.0406 0180 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP H:\WINDOWS\system32\Drivers\HTTP.sys

15:05:03.0453 0180 HTTP - ok

15:05:03.0468 0180 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter H:\WINDOWS\System32\w3ssl.dll

15:05:03.0531 0180 HTTPFilter - ok

15:05:03.0531 0180 i2omgmt - ok

15:05:03.0531 0180 i2omp - ok

15:05:03.0546 0180 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt H:\WINDOWS\system32\drivers\i8042prt.sys

15:05:03.0625 0180 i8042prt - ok

15:05:03.0687 0180 [ c5db546f9028cd00e64335091860d8f3 ] ialm H:\WINDOWS\system32\DRIVERS\igxpmp32.sys

15:05:03.0765 0180 ialm - ok

15:05:03.0828 0180 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:05:03.0859 0180 idsvc - ok

15:05:03.0859 0180 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi H:\WINDOWS\system32\DRIVERS\imapi.sys

15:05:03.0937 0180 Imapi - ok

15:05:03.0968 0180 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService H:\WINDOWS\system32\imapi.exe

15:05:04.0046 0180 ImapiService - ok

15:05:04.0046 0180 ini910u - ok

15:05:04.0156 0180 [ 17bbbabb21f86b650b2626045a9d016c ] IntcAzAudAddService H:\WINDOWS\system32\drivers\RtkHDAud.sys

15:05:04.0281 0180 IntcAzAudAddService - ok

15:05:04.0281 0180 IntelIde - ok

15:05:04.0312 0180 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm H:\WINDOWS\system32\DRIVERS\intelppm.sys

15:05:04.0375 0180 intelppm - ok

15:05:04.0390 0180 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw H:\WINDOWS\system32\drivers\ip6fw.sys

15:05:04.0453 0180 Ip6Fw - ok

15:05:04.0468 0180 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:05:04.0546 0180 IpFilterDriver - ok

15:05:04.0593 0180 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp H:\WINDOWS\system32\DRIVERS\ipinip.sys

15:05:04.0656 0180 IpInIp - ok

15:05:04.0656 0180 [ cc748ea12c6effde940ee98098bf96bb ] IpNat H:\WINDOWS\system32\DRIVERS\ipnat.sys

15:05:04.0734 0180 IpNat - ok

15:05:04.0781 0180 [ 57edb35ea2feca88f8b17c0c095c9a56 ] iPod Service H:\Program Files\iPod\bin\iPodService.exe

15:05:04.0812 0180 iPod Service - ok

15:05:04.0812 0180 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec H:\WINDOWS\system32\DRIVERS\ipsec.sys

15:05:04.0906 0180 IPSec - ok

15:05:04.0921 0180 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM H:\WINDOWS\system32\DRIVERS\irenum.sys

15:05:05.0000 0180 IRENUM - ok

15:05:05.0031 0180 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp H:\WINDOWS\system32\DRIVERS\isapnp.sys

15:05:05.0109 0180 isapnp - ok

15:05:05.0171 0180 [ 0a5709543986843d37a92290b7838340 ] JavaQuickStarterService H:\Program Files\Java\jre6\bin\jqs.exe

15:05:05.0171 0180 JavaQuickStarterService - ok

15:05:05.0187 0180 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass H:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:05:05.0250 0180 Kbdclass - ok

15:05:05.0250 0180 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid H:\WINDOWS\system32\DRIVERS\kbdhid.sys

15:05:05.0312 0180 kbdhid - ok

15:05:05.0328 0180 [ 692bcf44383d056aed41b045a323d378 ] kmixer H:\WINDOWS\system32\drivers\kmixer.sys

15:05:05.0390 0180 kmixer - ok

15:05:05.0421 0180 [ b467646c54cc746128904e1654c750c1 ] KSecDD H:\WINDOWS\system32\drivers\KSecDD.sys

15:05:05.0453 0180 KSecDD - ok

15:05:05.0500 0180 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver H:\WINDOWS\System32\srvsvc.dll

15:05:05.0531 0180 lanmanserver - ok

15:05:05.0546 0180 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation H:\WINDOWS\System32\wkssvc.dll

15:05:05.0578 0180 lanmanworkstation - ok

15:05:05.0578 0180 lbrtfdc - ok

15:05:05.0625 0180 [ a7db739ae99a796d91580147e919cc59 ] LmHosts H:\WINDOWS\System32\lmhsvc.dll

15:05:05.0687 0180 LmHosts - ok

15:05:05.0718 0180 [ 4f74184920b2d6e33024409b4c5c57c1 ] McciCMService H:\Program Files\Common Files\Motive\McciCMService.exe

15:05:05.0734 0180 McciCMService ( UnsignedFile.Multi.Generic ) - warning

15:05:05.0734 0180 McciCMService - detected UnsignedFile.Multi.Generic (1)

15:05:05.0750 0180 [ 8fd868e32459ece2a1bb0169f513d31e ] mcdbus H:\WINDOWS\system32\DRIVERS\mcdbus.sys

15:05:05.0765 0180 mcdbus ( UnsignedFile.Multi.Generic ) - warning

15:05:05.0765 0180 mcdbus - detected UnsignedFile.Multi.Generic (1)

15:05:05.0796 0180 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger H:\WINDOWS\System32\msgsvc.dll

15:05:05.0875 0180 Messenger - ok

15:05:05.0890 0180 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd H:\WINDOWS\system32\drivers\mnmdd.sys

15:05:05.0953 0180 mnmdd - ok

15:05:05.0984 0180 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc H:\WINDOWS\system32\mnmsrvc.exe

15:05:06.0046 0180 mnmsrvc - ok

15:05:06.0078 0180 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem H:\WINDOWS\system32\drivers\Modem.sys

15:05:06.0140 0180 Modem - ok

15:05:06.0156 0180 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass H:\WINDOWS\system32\DRIVERS\mouclass.sys

15:05:06.0218 0180 Mouclass - ok

15:05:06.0234 0180 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid H:\WINDOWS\system32\DRIVERS\mouhid.sys

15:05:06.0296 0180 mouhid - ok

15:05:06.0312 0180 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr H:\WINDOWS\system32\drivers\MountMgr.sys

15:05:06.0375 0180 MountMgr - ok

15:05:06.0375 0180 mraid35x - ok

15:05:06.0390 0180 [ 80b2ec735495823ae5771a5f603e73bd ] MREMP50 H:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

15:05:06.0390 0180 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

15:05:06.0390 0180 MREMP50 - detected UnsignedFile.Multi.Generic (1)

15:05:06.0390 0180 MREMP50a64 - ok

15:05:06.0390 0180 [ 37d7c22f7e26da90e2d2d260e5d27846 ] MRESP50 H:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

15:05:06.0406 0180 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

15:05:06.0406 0180 MRESP50 - detected UnsignedFile.Multi.Generic (1)

15:05:06.0406 0180 MRESP50a64 - ok

15:05:06.0421 0180 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV H:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:05:06.0484 0180 MRxDAV - ok

15:05:06.0500 0180 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb H:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:05:06.0531 0180 MRxSmb - ok

15:05:06.0531 0180 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC H:\WINDOWS\system32\msdtc.exe

15:05:06.0609 0180 MSDTC - ok

15:05:06.0609 0180 [ c941ea2454ba8350021d774daf0f1027 ] Msfs H:\WINDOWS\system32\drivers\Msfs.sys

15:05:06.0671 0180 Msfs - ok

15:05:06.0671 0180 MSIServer - ok

15:05:06.0687 0180 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV H:\WINDOWS\system32\drivers\MSKSSRV.sys

15:05:06.0750 0180 MSKSSRV - ok

15:05:06.0750 0180 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK H:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:05:06.0812 0180 MSPCLOCK - ok

15:05:06.0812 0180 [ bad59648ba099da4a17680b39730cb3d ] MSPQM H:\WINDOWS\system32\drivers\MSPQM.sys

15:05:06.0875 0180 MSPQM - ok

15:05:06.0906 0180 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios H:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:05:06.0968 0180 mssmbios - ok

15:05:06.0968 0180 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE H:\WINDOWS\system32\drivers\MSTEE.sys

15:05:07.0031 0180 MSTEE - ok

15:05:07.0031 0180 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup H:\WINDOWS\system32\drivers\Mup.sys

15:05:07.0046 0180 Mup - ok

15:05:07.0046 0180 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

15:05:07.0109 0180 NABTSFEC - ok

15:05:07.0140 0180 [ 0102140028fad045756796e1c685d695 ] napagent H:\WINDOWS\System32\qagentrt.dll

15:05:07.0218 0180 napagent - ok

15:05:07.0218 0180 [ 1df7f42665c94b825322fae71721130d ] NDIS H:\WINDOWS\system32\drivers\NDIS.sys

15:05:07.0281 0180 NDIS - ok

15:05:07.0281 0180 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP H:\WINDOWS\system32\DRIVERS\NdisIP.sys

15:05:07.0343 0180 NdisIP - ok

15:05:07.0359 0180 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi H:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:05:07.0359 0180 NdisTapi - ok

15:05:07.0375 0180 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio H:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:05:07.0437 0180 Ndisuio - ok

15:05:07.0453 0180 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan H:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:05:07.0515 0180 NdisWan - ok

15:05:07.0546 0180 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy H:\WINDOWS\system32\drivers\NDProxy.sys

15:05:07.0578 0180 NDProxy - ok

15:05:07.0578 0180 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS H:\WINDOWS\system32\DRIVERS\netbios.sys

15:05:07.0640 0180 NetBIOS - ok

15:05:07.0656 0180 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT H:\WINDOWS\system32\DRIVERS\netbt.sys

15:05:07.0734 0180 NetBT - ok

15:05:07.0734 0180 [ b857ba82860d7ff85ae29b095645563b ] NetDDE H:\WINDOWS\system32\netdde.exe

15:05:07.0812 0180 NetDDE - ok

15:05:07.0812 0180 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm H:\WINDOWS\system32\netdde.exe

15:05:07.0875 0180 NetDDEdsdm - ok

15:05:07.0890 0180 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon H:\WINDOWS\system32\lsass.exe

15:05:07.0953 0180 Netlogon - ok

15:05:07.0968 0180 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman H:\WINDOWS\System32\netman.dll

15:05:08.0031 0180 Netman - ok

15:05:08.0093 0180 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:05:08.0093 0180 NetTcpPortSharing - ok

15:05:08.0140 0180 [ 943337d786a56729263071623bbb9de5 ] Nla H:\WINDOWS\System32\mswsock.dll

15:05:08.0171 0180 Nla - ok

15:05:08.0171 0180 NPF - ok

15:05:08.0171 0180 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs H:\WINDOWS\system32\drivers\Npfs.sys

15:05:08.0234 0180 Npfs - ok

15:05:08.0234 0180 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs H:\WINDOWS\system32\drivers\Ntfs.sys

15:05:08.0312 0180 Ntfs - ok

15:05:08.0312 0180 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp H:\WINDOWS\system32\lsass.exe

15:05:08.0375 0180 NtLmSsp - ok

15:05:08.0390 0180 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc H:\WINDOWS\system32\ntmssvc.dll

15:05:08.0468 0180 NtmsSvc - ok

15:05:08.0468 0180 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null H:\WINDOWS\system32\drivers\Null.sys

15:05:08.0546 0180 Null - ok

15:05:08.0578 0180 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:05:08.0640 0180 NwlnkFlt - ok

15:05:08.0656 0180 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:05:08.0718 0180 NwlnkFwd - ok

15:05:08.0718 0180 OMCI - ok

15:05:08.0765 0180 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:05:08.0781 0180 ose - ok

15:05:08.0921 0180 [ 358a9cca612c68eb2f07ddad4ce1d8d7 ] osppsvc H:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:05:09.0093 0180 osppsvc - ok

15:05:09.0109 0180 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport H:\WINDOWS\system32\drivers\Parport.sys

15:05:09.0171 0180 Parport - ok

15:05:09.0171 0180 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr H:\WINDOWS\system32\drivers\PartMgr.sys

15:05:09.0234 0180 PartMgr - ok

15:05:09.0265 0180 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm H:\WINDOWS\system32\drivers\ParVdm.sys

15:05:09.0343 0180 ParVdm - ok

15:05:09.0359 0180 [ a219903ccf74233761d92bef471a07b1 ] PCI H:\WINDOWS\system32\DRIVERS\pci.sys

15:05:09.0421 0180 PCI - ok

15:05:09.0421 0180 PCIDump - ok

15:05:09.0421 0180 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde H:\WINDOWS\system32\DRIVERS\pciide.sys

15:05:09.0484 0180 PCIIde - ok

15:05:09.0500 0180 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia H:\WINDOWS\system32\drivers\Pcmcia.sys

15:05:09.0562 0180 Pcmcia - ok

15:05:09.0562 0180 PDCOMP - ok

15:05:09.0578 0180 PDFRAME - ok

15:05:09.0578 0180 PDRELI - ok

15:05:09.0578 0180 PDRFRAME - ok

15:05:09.0578 0180 perc2 - ok

15:05:09.0578 0180 perc2hib - ok

15:05:09.0593 0180 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay H:\WINDOWS\system32\services.exe

15:05:09.0625 0180 PlugPlay - ok

15:05:09.0703 0180 [ 627fa58adc043704f9d14ca44340956f ] PMBDeviceInfoProvider H:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

15:05:09.0750 0180 PMBDeviceInfoProvider - ok

15:05:09.0796 0180 [ 9d84376931440f3679beef2a414fa493 ] Pml Driver HPZ12 H:\WINDOWS\system32\HPZipm12.exe

15:05:09.0796 0180 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

15:05:09.0796 0180 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

15:05:09.0796 0180 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent H:\WINDOWS\system32\lsass.exe

15:05:09.0859 0180 PolicyAgent - ok

15:05:09.0875 0180 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport H:\WINDOWS\system32\DRIVERS\raspptp.sys

15:05:09.0937 0180 PptpMiniport - ok

15:05:09.0937 0180 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage H:\WINDOWS\system32\lsass.exe

15:05:10.0000 0180 ProtectedStorage - ok

15:05:10.0015 0180 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched H:\WINDOWS\system32\DRIVERS\psched.sys

15:05:10.0078 0180 PSched - ok

15:05:10.0078 0180 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink H:\WINDOWS\system32\DRIVERS\ptilink.sys

15:05:10.0140 0180 Ptilink - ok

15:05:10.0156 0180 [ 7c81ae3c9b82ba2da437ed4d31bc56cf ] PxHelp20 H:\WINDOWS\system32\Drivers\PxHelp20.sys

15:05:10.0156 0180 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

15:05:10.0156 0180 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

15:05:10.0187 0180 [ ee46f431b25c14778d2e89d6f10f1d65 ] QBCFMonitorService H:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

15:05:10.0203 0180 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning

15:05:10.0203 0180 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)

15:05:10.0218 0180 [ 6bee1814470dc12fa20c53dfc3c97ebb ] QBFCService H:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

15:05:10.0218 0180 QBFCService ( UnsignedFile.Multi.Generic ) - warning

15:05:10.0218 0180 QBFCService - detected UnsignedFile.Multi.Generic (1)

15:05:10.0234 0180 ql1080 - ok

15:05:10.0234 0180 Ql10wnt - ok

15:05:10.0234 0180 ql12160 - ok

15:05:10.0234 0180 ql1240 - ok

15:05:10.0234 0180 ql1280 - ok

15:05:10.0265 0180 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd H:\WINDOWS\system32\DRIVERS\rasacd.sys

15:05:10.0328 0180 RasAcd - ok

15:05:10.0359 0180 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto H:\WINDOWS\System32\rasauto.dll

15:05:10.0421 0180 RasAuto - ok

15:05:10.0437 0180 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp H:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:05:10.0515 0180 Rasl2tp - ok

15:05:10.0546 0180 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan H:\WINDOWS\System32\rasmans.dll

15:05:10.0625 0180 RasMan - ok

15:05:10.0625 0180 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe H:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:05:10.0687 0180 RasPppoe - ok

15:05:10.0687 0180 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti H:\WINDOWS\system32\DRIVERS\raspti.sys

15:05:10.0750 0180 Raspti - ok

15:05:10.0765 0180 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss H:\WINDOWS\system32\DRIVERS\rdbss.sys

15:05:10.0828 0180 Rdbss - ok

15:05:10.0828 0180 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD H:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:05:10.0906 0180 RDPCDD - ok

15:05:10.0921 0180 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr H:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:05:10.0984 0180 rdpdr - ok

15:05:11.0015 0180 [ 5b3055daa788bd688594d2f5981f2a83 ] RDPWD H:\WINDOWS\system32\drivers\RDPWD.sys

15:05:11.0046 0180 RDPWD - ok

15:05:11.0062 0180 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr H:\WINDOWS\system32\sessmgr.exe

15:05:11.0125 0180 RDSessMgr - ok

15:05:11.0125 0180 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook H:\WINDOWS\system32\DRIVERS\redbook.sys

15:05:11.0203 0180 redbook - ok

15:05:11.0218 0180 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess H:\WINDOWS\System32\mprdim.dll

15:05:11.0296 0180 RemoteAccess - ok

15:05:11.0328 0180 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry H:\WINDOWS\system32\regsvc.dll

15:05:11.0390 0180 RemoteRegistry - ok

15:05:11.0421 0180 [ f17713d108aca124a139fde877eef68a ] RimUsb H:\WINDOWS\system32\Drivers\RimUsb.sys

15:05:11.0453 0180 RimUsb - ok

15:05:11.0453 0180 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator H:\WINDOWS\system32\locator.exe

15:05:11.0515 0180 RpcLocator - ok

15:05:11.0546 0180 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs H:\WINDOWS\system32\rpcss.dll

15:05:11.0578 0180 RpcSs - ok

15:05:11.0593 0180 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP H:\WINDOWS\system32\rsvp.exe

15:05:11.0671 0180 RSVP - ok

15:05:11.0687 0180 [ b29eeb1ea7971bd83069eb2e2258d224 ] RTL8192su H:\WINDOWS\system32\DRIVERS\RTL8192su.sys

15:05:11.0734 0180 RTL8192su - ok

15:05:11.0750 0180 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs H:\WINDOWS\system32\lsass.exe

15:05:11.0812 0180 SamSs - ok

15:05:11.0812 0180 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr H:\WINDOWS\System32\SCardSvr.exe

15:05:11.0890 0180 SCardSvr - ok

15:05:11.0890 0180 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule H:\WINDOWS\system32\schedsvc.dll

15:05:11.0968 0180 Schedule - ok

15:05:11.0984 0180 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv H:\WINDOWS\system32\DRIVERS\secdrv.sys

15:05:12.0046 0180 Secdrv - ok

15:05:12.0062 0180 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon H:\WINDOWS\System32\seclogon.dll

15:05:12.0125 0180 seclogon - ok

15:05:12.0140 0180 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS H:\WINDOWS\system32\sens.dll

15:05:12.0203 0180 SENS - ok

15:05:12.0203 0180 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial H:\WINDOWS\system32\drivers\Serial.sys

15:05:12.0265 0180 Serial - ok

15:05:12.0296 0180 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy H:\WINDOWS\system32\drivers\Sfloppy.sys

15:05:12.0375 0180 Sfloppy - ok

15:05:12.0406 0180 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess H:\WINDOWS\System32\ipnathlp.dll

15:05:12.0468 0180 SharedAccess - ok

15:05:12.0484 0180 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection H:\WINDOWS\System32\shsvcs.dll

15:05:12.0500 0180 ShellHWDetection - ok

15:05:12.0500 0180 Simbad - ok

15:05:12.0515 0180 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP H:\WINDOWS\system32\DRIVERS\SLIP.sys

15:05:12.0578 0180 SLIP - ok

15:05:12.0578 0180 Sparrow - ok

15:05:12.0578 0180 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter H:\WINDOWS\system32\drivers\splitter.sys

15:05:12.0640 0180 splitter - ok

15:05:12.0671 0180 [ 60784f891563fb1b767f70117fc2428f ] Spooler H:\WINDOWS\system32\spoolsv.exe

15:05:12.0703 0180 Spooler - ok

15:05:12.0718 0180 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr H:\WINDOWS\system32\DRIVERS\sr.sys

15:05:12.0781 0180 sr - ok

15:05:12.0812 0180 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice H:\WINDOWS\system32\srsvc.dll

15:05:12.0875 0180 srservice - ok

15:05:12.0890 0180 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv H:\WINDOWS\system32\DRIVERS\srv.sys

15:05:12.0906 0180 Srv - ok

15:05:12.0968 0180 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV H:\WINDOWS\System32\ssdpsrv.dll

15:05:13.0031 0180 SSDPSRV - ok

15:05:13.0062 0180 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc H:\WINDOWS\system32\wiaservc.dll

15:05:13.0125 0180 stisvc - ok

15:05:13.0140 0180 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip H:\WINDOWS\system32\DRIVERS\StreamIP.sys

15:05:13.0203 0180 streamip - ok

15:05:13.0203 0180 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum H:\WINDOWS\system32\DRIVERS\swenum.sys

15:05:13.0281 0180 swenum - ok

15:05:13.0281 0180 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi H:\WINDOWS\system32\drivers\swmidi.sys

15:05:13.0343 0180 swmidi - ok

15:05:13.0343 0180 SwPrv - ok

15:05:13.0359 0180 symc810 - ok

15:05:13.0359 0180 symc8xx - ok

15:05:13.0359 0180 sym_hi - ok

15:05:13.0359 0180 sym_u3 - ok

15:05:13.0390 0180 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio H:\WINDOWS\system32\drivers\sysaudio.sys

15:05:13.0453 0180 sysaudio - ok

15:05:13.0468 0180 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog H:\WINDOWS\system32\smlogsvc.exe

15:05:13.0531 0180 SysmonLog - ok

15:05:13.0546 0180 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv H:\WINDOWS\System32\tapisrv.dll

15:05:13.0609 0180 TapiSrv - ok

15:05:13.0656 0180 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip H:\WINDOWS\system32\DRIVERS\tcpip.sys

15:05:13.0687 0180 Tcpip - ok

15:05:13.0718 0180 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE H:\WINDOWS\system32\drivers\TDPIPE.sys

15:05:13.0781 0180 TDPIPE - ok

15:05:13.0781 0180 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP H:\WINDOWS\system32\drivers\TDTCP.sys

15:05:13.0843 0180 TDTCP - ok

15:05:13.0859 0180 [ 88155247177638048422893737429d9e ] TermDD H:\WINDOWS\system32\DRIVERS\termdd.sys

15:05:13.0921 0180 TermDD - ok

15:05:13.0937 0180 [ ff3477c03be7201c294c35f684b3479f ] TermService H:\WINDOWS\System32\termsrv.dll

15:05:14.0000 0180 TermService - ok

15:05:14.0015 0180 [ 99bc0b50f511924348be19c7c7313bbf ] Themes H:\WINDOWS\System32\shsvcs.dll

15:05:14.0031 0180 Themes - ok

15:05:14.0046 0180 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr H:\WINDOWS\system32\tlntsvr.exe

15:05:14.0109 0180 TlntSvr - ok

15:05:14.0109 0180 TosIde - ok

15:05:14.0140 0180 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks H:\WINDOWS\system32\trkwks.dll

15:05:14.0218 0180 TrkWks - ok

15:05:14.0234 0180 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs H:\WINDOWS\system32\drivers\Udfs.sys

15:05:14.0296 0180 Udfs - ok

15:05:14.0296 0180 ultra - ok

15:05:14.0328 0180 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update H:\WINDOWS\system32\DRIVERS\update.sys

15:05:14.0406 0180 Update - ok

15:05:14.0437 0180 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost H:\WINDOWS\System32\upnphost.dll

15:05:14.0515 0180 upnphost - ok

15:05:14.0515 0180 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS H:\WINDOWS\System32\ups.exe

15:05:14.0593 0180 UPS - ok

15:05:14.0625 0180 [ eafe1e00739afe6c51487a050e772e17 ] USBAAPL H:\WINDOWS\system32\Drivers\usbaapl.sys

15:05:14.0656 0180 USBAAPL - ok

15:05:14.0656 0180 [ e919708db44ed8543a7c017953148330 ] usbaudio H:\WINDOWS\system32\drivers\usbaudio.sys

15:05:14.0718 0180 usbaudio - ok

15:05:14.0734 0180 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp H:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:05:14.0796 0180 usbccgp - ok

15:05:14.0812 0180 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci H:\WINDOWS\system32\DRIVERS\usbehci.sys

15:05:14.0890 0180 usbehci - ok

15:05:14.0906 0180 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub H:\WINDOWS\system32\DRIVERS\usbhub.sys

15:05:14.0984 0180 usbhub - ok

15:05:15.0000 0180 [ a717c8721046828520c9edf31288fc00 ] usbprint H:\WINDOWS\system32\DRIVERS\usbprint.sys

15:05:15.0078 0180 usbprint - ok

15:05:15.0093 0180 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan H:\WINDOWS\system32\DRIVERS\usbscan.sys

15:05:15.0156 0180 usbscan - ok

15:05:15.0171 0180 [ a32426d9b14a089eaa1d922e0c5801a9 ] usbstor H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:05:15.0234 0180 usbstor - ok

15:05:15.0265 0180 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci H:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:05:15.0328 0180 usbuhci - ok

15:05:15.0328 0180 [ 63bbfca7f390f4c49ed4b96bfb1633e0 ] usbvideo H:\WINDOWS\system32\Drivers\usbvideo.sys

15:05:15.0390 0180 usbvideo - ok

15:05:15.0406 0180 [ b6cc50279d6cd28e090a5d33244adc9a ] usb_rndisx H:\WINDOWS\system32\DRIVERS\usb8023x.sys

15:05:15.0468 0180 usb_rndisx - ok

15:05:15.0468 0180 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave H:\WINDOWS\System32\drivers\vga.sys

15:05:15.0531 0180 VgaSave - ok

15:05:15.0546 0180 ViaIde - ok

15:05:15.0546 0180 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap H:\WINDOWS\system32\drivers\VolSnap.sys

15:05:15.0609 0180 VolSnap - ok

15:05:15.0625 0180 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS H:\WINDOWS\System32\vssvc.exe

15:05:15.0687 0180 VSS - ok

15:05:15.0703 0180 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time H:\WINDOWS\system32\w32time.dll

15:05:15.0765 0180 W32Time - ok

15:05:15.0765 0180 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp H:\WINDOWS\system32\DRIVERS\wanarp.sys

15:05:15.0828 0180 Wanarp - ok

15:05:15.0859 0180 [ d6efaf429fd30c5df613d220e344cce7 ] WDC_SAM H:\WINDOWS\system32\DRIVERS\wdcsam.sys

15:05:15.0890 0180 WDC_SAM - ok

15:05:15.0921 0180 [ 0220362deb2a21551b418d61f3153347 ] WDDMService H:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

15:05:15.0921 0180 WDDMService ( UnsignedFile.Multi.Generic ) - warning

15:05:15.0921 0180 WDDMService - detected UnsignedFile.Multi.Generic (1)

15:05:15.0921 0180 WDICA - ok

15:05:15.0937 0180 [ 6768acf64b18196494413695f0c3a00f ] wdmaud H:\WINDOWS\system32\drivers\wdmaud.sys

15:05:16.0000 0180 wdmaud - ok

15:05:16.0000 0180 [ 138ab06adbbf300aa804d7974a5aec82 ] WDSmartWareBackgroundService H:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

15:05:16.0000 0180 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning

15:05:16.0000 0180 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)

15:05:16.0015 0180 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient H:\WINDOWS\System32\webclnt.dll

15:05:16.0093 0180 WebClient - ok

15:05:16.0156 0180 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt H:\WINDOWS\system32\wbem\WMIsvc.dll

15:05:16.0234 0180 winmgmt - ok

15:05:16.0250 0180 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN H:\WINDOWS\system32\MsPMSNSv.dll

15:05:16.0281 0180 WmdmPmSN - ok

15:05:16.0296 0180 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi H:\WINDOWS\System32\advapi32.dll

15:05:16.0343 0180 Wmi - ok

15:05:16.0343 0180 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv H:\WINDOWS\system32\wbem\wmiapsrv.exe

15:05:16.0421 0180 WmiApSrv - ok

15:05:16.0421 0180 [ cf4def1bf66f06964dc0d91844239104 ] WpdUsb H:\WINDOWS\system32\DRIVERS\wpdusb.sys

15:05:16.0437 0180 WpdUsb - ok

15:05:16.0484 0180 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

15:05:16.0515 0180 WPFFontCache_v0400 - ok

15:05:16.0546 0180 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL H:\WINDOWS\System32\drivers\ws2ifsl.sys

15:05:16.0625 0180 WS2IFSL - ok

15:05:16.0640 0180 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc H:\WINDOWS\system32\wscsvc.dll

15:05:16.0718 0180 wscsvc - ok

15:05:16.0734 0180 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

15:05:16.0812 0180 WSTCODEC - ok

15:05:16.0812 0180 wuauserv - ok

15:05:16.0859 0180 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf H:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:05:16.0890 0180 WudfPf - ok

15:05:16.0890 0180 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd H:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:05:16.0921 0180 WudfRd - ok

15:05:16.0937 0180 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc H:\WINDOWS\System32\WUDFSvc.dll

15:05:16.0953 0180 WudfSvc - ok

15:05:16.0984 0180 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC H:\WINDOWS\System32\wzcsvc.dll

15:05:17.0062 0180 WZCSVC - ok

15:05:17.0093 0180 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov H:\WINDOWS\System32\xmlprov.dll

15:05:17.0156 0180 xmlprov - ok

15:05:17.0171 0180 ================ Scan global ===============================

15:05:17.0203 0180 (42f1f4c0afb08410e5f02d4b13ebb623) H:\WINDOWS\system32\basesrv.dll

15:05:17.0234 0180 (8c7dca4b158bf16894120786a7a5f366) H:\WINDOWS\system32\winsrv.dll

15:05:17.0250 0180 (8c7dca4b158bf16894120786a7a5f366) H:\WINDOWS\system32\winsrv.dll

15:05:17.0250 0180 (65df52f5b8b6e9bbd183505225c37315) H:\WINDOWS\system32\services.exe

15:05:17.0250 0180 [Global] - ok

15:05:17.0250 0180 ================ Scan MBR ==================================

15:05:17.0265 0180 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:05:17.0453 0180 \Device\Harddisk0\DR0 - ok

15:05:17.0453 0180 ================ Scan VBR ==================================

15:05:17.0453 0180 Boot (0x1200) (097654d4df1e196c0d560ea8f99d5f56) \Device\Harddisk0\DR0\Partition1

15:05:17.0453 0180 \Device\Harddisk0\DR0\Partition1 - ok

15:05:17.0453 0180 ============================================================

15:05:17.0453 0180 Scan finished

15:05:17.0453 0180 ============================================================

15:05:17.0562 1856 Detected object count: 11

15:05:17.0562 1856 Actual detected object count: 11

15:06:18.0843 1856 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:18.0843 1856 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:18.0843 1856 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:18.0843 1856 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:18.0843 1856 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:18.0843 1856 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:18.0859 1856 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:18.0859 1856 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:18.0859 1856 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:18.0859 1856 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:18.0859 1856 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:18.0859 1856 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:18.0859 1856 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:18.0859 1856 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:18.0859 1856 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:18.0859 1856 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:18.0859 1856 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:18.0859 1856 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:18.0859 1856 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:18.0859 1856 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:18.0859 1856 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user

15:06:18.0859 1856 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:06:25.0984 1708 Deinitialize success

Link to post
Share on other sites

That scan was clean.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-08-18.03 - Family 08/19/2012 21:39:04.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2401 [GMT -4:00]

Running from: h:\documents and settings\Family\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

h:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle

h:\documents and settings\All Users\Application Data\Propellerhead Software\ReCycle\ReCycle210.dat

h:\documents and settings\All Users\Start Menu\HP Image Zone .lnk

h:\documents and settings\Family\Application Data\PriceGong

h:\documents and settings\Family\Application Data\PriceGong\Data\1.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\2229.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\a.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\b.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\c.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\d.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\e.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\f.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\g.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\h.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\i.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\j.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\k.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\l.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\m.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\mru.xml

h:\documents and settings\Family\Application Data\PriceGong\Data\n.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\o.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\p.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\q.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\r.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\s.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\t.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\u.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\v.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\w.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\wlu.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\x.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\y.txt

h:\documents and settings\Family\Application Data\PriceGong\Data\z.txt

h:\documents and settings\Family\Application Data\Propellerhead Software\ReCycle

h:\documents and settings\Family\Application Data\Propellerhead Software\ReCycle\ReCycle Preferences File.prf

h:\documents and settings\Family\g2mdlhlpx.exe

h:\documents and settings\Family\Recent\Thumbs.db

h:\documents and settings\Mikes\10.rns

h:\documents and settings\Mikes\11.rns

h:\documents and settings\Mikes\12.rns

h:\documents and settings\Mikes\13.rns

h:\documents and settings\Mikes\14.rns

h:\documents and settings\Mikes\15.rns

h:\documents and settings\Mikes\16.rns

h:\documents and settings\Mikes\18.rns

h:\documents and settings\Mikes\21.rns

h:\documents and settings\Mikes\22.rns

h:\documents and settings\Mikes\472.rns

h:\documents and settings\Mikes\6a.rns

h:\documents and settings\Mikes\7a.rns

h:\documents and settings\Mikes\8a.rns

h:\documents and settings\Mikes\8j.rns

h:\documents and settings\Mikes\chef kit .drp

h:\documents and settings\Mikes\Folder2Iso.exe

h:\windows\a3kebook.ini

h:\windows\akebook.ini

h:\windows\ANS2000.INI

h:\windows\EventSystem.log

h:\windows\system32\dllcache\dlimport.exe

h:\windows\system32\URTTemp

h:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))

.

.

2012-08-16 17:11 . 2012-08-16 17:49 -------- d-----w- h:\program files\ProProfs CompTIA A+ Practice Exams

2012-08-16 17:11 . 2012-08-16 17:11 831488 ------w- h:\windows\Setup1.exe

2012-08-16 17:11 . 2012-08-16 17:11 73216 ----a-w- h:\windows\ST6UNST.EXE

2012-08-16 13:42 . 2012-08-16 13:42 -------- d-----w- h:\documents and settings\Family\Local Settings\Application Data\SlimWare Utilities Inc

2012-08-14 19:12 . 2012-08-14 19:12 9232584 ----a-w- h:\windows\system32\FlashPlayerInstaller.exe

2012-08-01 22:51 . 2012-08-11 21:18 -------- d-----w- h:\program files\Citrix

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- h:\program files\Internet Explorer\PLUGINS\nppdf32.dll

2012-07-26 23:52 . 2012-08-13 20:06 -------- d-----w- h:\documents and settings\Family\Application Data\.techniclauncher

2012-07-22 15:09 . 2012-07-22 15:11 -------- d-----w- h:\documents and settings\Family\Application Data\calibre

2012-07-22 15:08 . 2012-07-22 15:08 -------- d-----w- h:\program files\Calibre2

2012-07-22 14:54 . 2012-07-22 14:54 -------- d-----w- h:\documents and settings\Family\Application Data\Xilisoft

2012-07-22 14:51 . 2012-07-22 15:03 -------- d-----w- h:\documents and settings\All Users\Application Data\blekko toolbars

2012-07-22 14:51 . 2012-07-22 14:51 -------- d-----w- h:\documents and settings\Family\Local Settings\Application Data\blekkotb_031

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-14 19:12 . 2012-04-03 21:31 426184 ----a-w- h:\windows\system32\FlashPlayerApp.exe

2012-08-14 19:12 . 2011-05-14 12:19 70344 ----a-w- h:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 17:46 . 2012-03-26 11:28 22344 ----a-w- h:\windows\system32\drivers\mbam.sys

2012-06-01 16:04 . 2003-03-19 01:14 499712 ----a-w- h:\windows\system32\msvcp71.dll

2012-06-01 16:04 . 2003-02-21 09:42 348160 ----a-w- h:\windows\system32\msvcr71.dll

1997-07-21 23:30 1045776 --sha-w- h:\windows\system32\Msjet35.dll

1997-06-23 07:00 123664 --sha-w- h:\windows\system32\Msjint35.dll

1997-06-23 16:06 24848 --sha-w- h:\windows\system32\Msjter35.dll

1997-06-23 16:06 252176 --sha-w- h:\windows\system32\Msrd2x35.dll

1997-06-23 16:06 287504 --sha-w- h:\windows\system32\Msxbse35.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="h:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"H/PC Connection Agent"="h:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 16132608]

"AVG_TRAY"="h:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"SunJavaUpdateSched"="h:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"IgfxTray"="h:\windows\system32\igfxtray.exe" [2010-01-13 134656]

"HotKeysCmds"="h:\windows\system32\hkcmd.exe" [2010-01-13 166912]

"Persistence"="h:\windows\system32\igfxpers.exe" [2010-01-13 135680]

"QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0h:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=h:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=h:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

path=h:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

backup=h:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51 919008 ----a-w- h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-21 01:28 59240 ----a-w- h:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C98CF85A63E3CDE4C38D8157EBCF010F6E713B24._service_run]

2012-08-14 04:31 1229848 ----a-w- h:\program files\Google\Chrome\Application\chrome.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]

2006-11-13 17:39 1289000 ----a-w- h:\program files\Microsoft ActiveSync\wcescomm.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2010-01-13 15:46 166912 ----a-w- h:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-12 04:12 49152 ----a-w- h:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]

2010-10-19 10:58 1439496 ----a-w- h:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-03-27 09:09 421736 ----a-w- h:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]

2010-03-24 19:42 599328 ----a-w- h:\program files\Sony\PMB\PMBVolumeWatcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 18:28 421888 ----a-w- h:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2012-08-11 21:17 1353080 ----a-w- h:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 18:02 254696 ----a-w- h:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2012-06-01 16:04 296056 ----a-w- h:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"h:\\Program Files\\att-nap\\McciBrowser.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"h:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"h:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"h:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"h:\\Program Files\\Steam\\Steam.exe"=

"h:\program files\Microsoft ActiveSync\rapimgr.exe"= h:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"h:\program files\Microsoft ActiveSync\wcescomm.exe"= h:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"h:\program files\Microsoft ActiveSync\WCESMgr.exe"= h:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"h:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"h:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"h:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"h:\\Program Files\\iTunes\\iTunes.exe"=

"h:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"h:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"h:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"h:\\Program Files\\Steam\\SteamApps\\common\\dungeon defenders demo\\Binaries\\Win32\\DungeonDefenders.exe"=

"h:\\Program Files\\Steam\\SteamApps\\common\\arma 2 free\\ArmA2Free.exe"=

"h:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=

"h:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 AVGIDSHX;AVGIDSHX;h:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;h:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 31952]

R1 Avgldx86;AVG AVI Loader Driver;h:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 235216]

R1 Avgtdix;AVG TDI Driver;h:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 301248]

R2 avgwd;AVG WatchDog;h:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;h:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]

R2 WDDMService;WD SmartWare Drive Manager;h:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 5:24 PM 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;h:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 9:58 AM 20480]

R3 AVGIDSDriver;AVGIDSDriver;h:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;h:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;h:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]

S2 AVGIDSAgent;AVGIDSAgent;h:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]

S2 gupdate;Google Update Service (gupdate);h:\program files\Google\Update\GoogleUpdate.exe [1/27/2011 9:06 PM 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;h:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 5:31 PM 250056]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;h:\windows\system32\DRIVERS\bcmwlhigh5.sys --> h:\windows\system32\DRIVERS\bcmwlhigh5.sys [?]

S3 cpudrv;cpudrv;h:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]

S3 gupdatem;Google Update Service (gupdatem);h:\program files\Google\Update\GoogleUpdate.exe [1/27/2011 9:06 PM 136176]

S3 osppsvc;Office Software Protection Platform;h:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;h:\windows\system32\drivers\RTL8192su.sys [2/22/2011 11:17 AM 594048]

S3 WDC_SAM;WD SCSI Pass Thru driver;h:\windows\system32\drivers\wdcsam.sys [1/5/2011 8:55 AM 11520]

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-20 h:\windows\Tasks\Adobe Flash Player Updater.job

- h:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:12]

.

2012-08-18 h:\windows\Tasks\AppleSoftwareUpdate.job

- h:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]

.

2012-08-20 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- h:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 01:06]

.

2012-08-20 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- h:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 01:06]

.

2012-08-20 h:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-527237240-839522115-1003.job

- h:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]

.

2012-08-20 h:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-527237240-839522115-1003.job

- h:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - h:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Se&nd to OneNote - h:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

.

.

------- File Associations -------

.

.scr=AutoCADScriptFile

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-10 - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

MSConfigStartUp-Anti-phishing Domain Advisor - h:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe

MSConfigStartUp-Google Update - h:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

AddRemove-Free Audio CD Burner_is1 - h:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe

AddRemove-Uninstall_is1 - h:\program files\Common Files\DVDVideoSoft\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-19 21:51

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2692)

h:\windows\system32\WININET.dll

h:\windows\system32\ieframe.dll

h:\windows\system32\webcheck.dll

h:\windows\system32\WPDShServiceObj.dll

h:\windows\system32\PortableDeviceTypes.dll

h:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

h:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

h:\program files\Bonjour\mDNSResponder.exe

h:\program files\Java\jre6\bin\jqs.exe

h:\program files\Common Files\Motive\McciCMService.exe

h:\windows\system32\HPZipm12.exe

h:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

h:\windows\RTHDCPL.EXE

h:\windows\system32\igfxsrvc.exe

h:\progra~1\MICROS~3\rapimgr.exe

h:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-08-19 21:55:13 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-20 01:54

.

Pre-Run: 580,198,854,656 bytes free

Post-Run: 580,509,679,616 bytes free

.

- - End Of File - - A101E376F1C64F074042970686A3D18F

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.20.09

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Family :: ROBERTSON [administrator]

8/23/2012 9:42:14 AM

mbam-log-2012-08-23 (09-42-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 236354

Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

The redirect is still present.

Link to post
Share on other sites

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

OTL logfile created on: 8/23/2012 4:55:55 PM - Run 1

OTL by OldTimer - Version 3.2.58.1 Folder = H:\Documents and Settings\Family\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 74.15% Memory free

4.83 Gb Paging File | 4.09 Gb Available in Paging File | 84.67% Paging File free

Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files

Drive H: | 931.50 Gb Total Space | 538.72 Gb Free Space | 57.83% Space Free | Partition Type: NTFS

Computer Name: ROBERTSON | User Name: Family | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/23 16:55:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe

PRC - [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.) -- H:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgidsagent.exe

PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgnsx.exe

PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgtray.exe

PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- H:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) -- H:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) -- H:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- H:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- H:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe

PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- H:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/17 18:28:55 | 000,442,392 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll

MOD - [2012/08/17 18:28:52 | 003,997,720 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll

MOD - [2012/08/17 18:27:23 | 000,144,424 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\21.0.1180.83\avutil-51.dll

MOD - [2012/08/17 18:27:22 | 000,266,792 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\21.0.1180.83\avformat-54.dll

MOD - [2012/08/17 18:27:21 | 002,480,680 | ---- | M] () -- H:\Program Files\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2012/02/16 04:33:15 | 000,212,992 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll

MOD - [2012/02/16 04:32:06 | 000,971,264 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll

MOD - [2012/02/16 04:10:37 | 005,450,752 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll

MOD - [2012/02/16 04:09:23 | 007,953,408 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll

MOD - [2012/02/16 04:08:47 | 000,303,104 | ---- | M] () -- H:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2012/01/03 04:02:30 | 011,490,816 | ---- | M] () -- H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2010/06/06 10:20:02 | 000,065,344 | ---- | M] () -- H:\WINDOWS\system32\PDFreDirectMonNT.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2012/08/14 15:12:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- H:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- H:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2012/02/04 08:40:44 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- H:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2010/01/21 17:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- H:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- H:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- H:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- H:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- H:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- H:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\ComboFix\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\bcmwlhigh5.sys -- (BCMH43XX)

DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)

DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- H:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- H:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)

DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)

DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)

DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- H:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - [2010/01/06 05:21:00 | 000,594,048 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)

DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)

DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2008/01/28 16:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2008/01/28 16:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- H:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2007/05/02 17:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2003/07/16 12:05:32 | 000,001,247 | ---- | M] () [Kernel | System | Stopped] -- H:\Program Files\Land Desktop 2004\Land\changer.lsp -- (Changer)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {17DB2045-0C50-4102-BB7E-7D79B78F489D}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{17DB2045-0C50-4102-BB7E-7D79B78F489D}: "URL" = http://www.google.com/'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/'>http://www.google.com/

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\URLSearchHook: - No CLSID value found

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes,DefaultScope = {8EA46386-210C-4709-9654-4AC694F38D62}

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{11FC9A64-3DD3-4EE1-8330-843181AE3E5C}: "URL" = http://www.google.com/'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=4D9226180AD59EF48EA170500C13592A&q={searchTerms}

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{8EA46386-210C-4709-9654-4AC694F38D62}: "URL" = http://search.yahoo.com/?ourmark=4&p={searchTerms}

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3059010

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{C30F98D4-03A1-46D0-901D-58C02687F059}: "URL" = http://start.funmoods.com/results.php?f=4&a=bndlr&q={searchTerms}

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4d19e2f1&v=7.4.22.4&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2025429265-527237240-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: H:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: h:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: h:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: h:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: H:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: H:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/12 08:53:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: H:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/12 08:52:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/01 12:04:56 | 000,000,000 | ---D | M]

[2012/04/11 18:07:08 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = H:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = H:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = H:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: AVG Internet Security (Enabled) = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll

CHR - plugin: Adobe Acrobat (Enabled) = H:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = H:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = H:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = H:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = h:\program files\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = h:\program files\real\realplayer\Netscape6\nprpplugin.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = H:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = H:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = H:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = H:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = H:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Unity Player (Enabled) = H:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: iTunes Application Detector (Enabled) = H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = h:\program files\real\realplayer\Netscape6\nprjplug.dll

CHR - Extension: YouTube = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: AVG Safe Search = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\

CHR - Extension: AVG Do Not Track = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

CHR - Extension: Gmail = H:\Documents and Settings\Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/19 21:50:32 | 000,000,027 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)

O2 - BHO: (no name) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No CLSID value found.

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - H:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKU\S-1-5-21-2025429265-527237240-839522115-1003..\Run: [C98CF85A63E3CDE4C38D8157EBCF010F6E713B24._service_run] H:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKU\S-1-5-21-2025429265-527237240-839522115-1003..\Run: [spybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - H:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Se&nd to OneNote - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - H:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B89743E-7BB8-436C-914D-565D6D227A52}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - H:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: H:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: H:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (H:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/23 16:55:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe

[2012/08/22 17:31:40 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\Super Hostile - Spellbound Caves v3.0

[2012/08/22 17:31:26 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\The Minercraft Stories

[2012/08/20 23:58:29 | 000,000,000 | ---D | C] -- H:\Program Files\OxeFMSynth

[2012/08/20 23:58:29 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Start Menu\Programs\Oxe FM Synth

[2012/08/20 19:46:37 | 000,000,000 | -HSD | C] -- H:\RECYCLER

[2012/08/19 21:36:21 | 000,518,144 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWREG.exe

[2012/08/19 21:36:21 | 000,406,528 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWSC.exe

[2012/08/19 21:36:21 | 000,212,480 | ---- | C] (SteelWerX) -- H:\WINDOWS\SWXCACLS.exe

[2012/08/19 21:36:21 | 000,060,416 | ---- | C] (NirSoft) -- H:\WINDOWS\NIRCMD.exe

[2012/08/19 21:36:13 | 000,000,000 | ---D | C] -- H:\Qoobox

[2012/08/19 12:26:53 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\RK_Quarantine

[2012/08/16 21:41:00 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\jit

[2012/08/16 13:11:44 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Start Menu\Programs\ProProfs

[2012/08/16 13:11:41 | 000,000,000 | ---D | C] -- H:\Program Files\ProProfs CompTIA A+ Practice Exams

[2012/08/16 13:11:31 | 000,831,488 | ---- | C] (Atrixware, LLC.) -- H:\WINDOWS\Setup1.exe

[2012/08/16 09:42:55 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Local Settings\Application Data\SlimWare Utilities Inc

[2012/08/16 09:42:46 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Documents\Downloaded Installers

[2012/08/01 18:51:21 | 000,000,000 | ---D | C] -- H:\Program Files\Citrix

[2012/07/29 15:27:48 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Desktop\craigslist

[2012/07/26 19:52:20 | 000,000,000 | ---D | C] -- H:\Documents and Settings\Family\Application Data\.techniclauncher

[6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/23 16:55:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\Family\Desktop\OTL.exe

[2012/08/23 16:54:40 | 000,000,280 | ---- | M] () -- H:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-527237240-839522115-1003.job

[2012/08/23 16:54:37 | 000,000,288 | ---- | M] () -- H:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-527237240-839522115-1003.job

[2012/08/23 16:54:35 | 000,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl

[2012/08/23 16:53:46 | 000,000,882 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/23 16:53:44 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat

[2012/08/23 16:46:00 | 000,000,886 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/23 16:12:00 | 000,000,830 | ---- | M] () -- H:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/08/23 12:18:43 | 000,122,881 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\tv.jpg

[2012/08/23 09:38:04 | 104,747,107 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/08/22 23:49:00 | 000,229,946 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\shutupsamf.rns

[2012/08/22 18:01:55 | 000,253,301 | ---- | M] () -- H:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012/08/21 00:02:01 | 000,000,628 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Oxe FM Synth.lnk

[2012/08/19 21:50:32 | 000,000,027 | ---- | M] () -- H:\WINDOWS\System32\drivers\etc\hosts

[2012/08/19 00:00:07 | 022,201,900 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\Super Hostile 10 - Spellbound Caves v3.0.zip

[2012/08/18 15:11:00 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/08/16 16:28:20 | 000,001,077 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\my_skin.png

[2012/08/16 13:12:04 | 000,000,921 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\CompTIA A+ Practice Exams.LNK

[2012/08/16 13:11:31 | 000,831,488 | ---- | M] (Atrixware, LLC.) -- H:\WINDOWS\Setup1.exe

[2012/08/16 12:50:12 | 000,505,612 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat

[2012/08/16 12:50:12 | 000,089,332 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat

[2012/08/16 12:34:46 | 000,253,052 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\realquick.rns

[2012/08/16 09:20:07 | 000,000,602 | ---- | M] () -- H:\WINDOWS\link32.INI

[2012/08/13 19:28:13 | 000,001,327 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\sketch.png

[2012/08/13 11:57:24 | 000,556,103 | ---- | M] () -- H:\Documents and Settings\Family\Desktop\kidzplayw9.pdf

[2012/08/11 21:15:32 | 000,000,616 | ---- | M] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\ReCycle.lnk

[2012/08/10 10:48:03 | 000,027,520 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\dt.dat

[2012/08/09 09:28:47 | 000,178,616 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\yeahdad.rns

[2012/07/27 20:49:56 | 000,000,038 | ---- | M] () -- H:\WINDOWS\AviSplitter.INI

[2012/07/27 20:48:58 | 000,055,808 | ---- | M] () -- H:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/26 21:18:03 | 000,258,794 | ---- | M] () -- H:\Documents and Settings\Family\My Documents\fuqagoat.rns

[6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/23 12:18:49 | 000,122,881 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\tv.jpg

[2012/08/21 21:32:30 | 000,229,946 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\shutupsamf.rns

[2012/08/21 00:02:01 | 000,000,628 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Oxe FM Synth.lnk

[2012/08/19 21:36:21 | 000,256,000 | ---- | C] () -- H:\WINDOWS\PEV.exe

[2012/08/19 21:36:21 | 000,208,896 | ---- | C] () -- H:\WINDOWS\MBR.exe

[2012/08/19 21:36:21 | 000,098,816 | ---- | C] () -- H:\WINDOWS\sed.exe

[2012/08/19 21:36:21 | 000,080,412 | ---- | C] () -- H:\WINDOWS\grep.exe

[2012/08/19 21:36:21 | 000,068,096 | ---- | C] () -- H:\WINDOWS\zip.exe

[2012/08/19 00:00:07 | 022,201,900 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\Super Hostile 10 - Spellbound Caves v3.0.zip

[2012/08/16 13:12:04 | 000,000,921 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\CompTIA A+ Practice Exams.LNK

[2012/08/13 19:46:30 | 000,001,077 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\my_skin.png

[2012/08/13 19:28:13 | 000,001,327 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\sketch.png

[2012/08/13 11:56:51 | 000,556,103 | ---- | C] () -- H:\Documents and Settings\Family\Desktop\kidzplayw9.pdf

[2012/08/11 21:15:32 | 000,000,616 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\Microsoft\Internet Explorer\Quick Launch\ReCycle.lnk

[2012/08/10 10:48:03 | 000,027,520 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\dt.dat

[2012/08/09 09:28:57 | 000,253,052 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\realquick.rns

[2012/08/05 17:12:23 | 000,178,616 | ---- | C] () -- H:\Documents and Settings\Family\My Documents\yeahdad.rns

[2012/07/27 20:48:57 | 000,000,038 | ---- | C] () -- H:\WINDOWS\AviSplitter.INI

[2012/04/12 16:15:27 | 000,407,120 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\store-pp.db-journal

[2012/03/29 09:52:05 | 000,204,800 | ---- | C] () -- H:\WINDOWS\System32\igfxCoIn_v4820.dll

[2012/03/29 09:40:15 | 000,000,664 | ---- | C] () -- H:\WINDOWS\System32\d3d9caps.dat

[2012/03/16 14:36:27 | 000,188,633 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\census.cache

[2012/03/16 14:36:24 | 000,195,586 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\ars.cache

[2012/03/16 14:29:43 | 000,000,036 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\housecall.guid.cache

[2012/02/15 19:48:01 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll

[2012/02/14 13:47:00 | 000,331,263 | ---- | C] () -- H:\WINDOWS\LOOP.exe

[2011/09/01 15:27:54 | 000,000,000 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\prvlcl.dat

[2011/08/04 17:58:40 | 000,000,602 | ---- | C] () -- H:\WINDOWS\link32.INI

[2011/07/11 15:18:32 | 000,002,528 | ---- | C] () -- H:\Documents and Settings\Family\Application Data\$_hpcst$.hpc

[2011/02/11 22:11:08 | 000,048,588 | -H-- | C] () -- H:\WINDOWS\System32\mlfcache.dat

[2011/02/03 11:51:41 | 000,055,808 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/05 00:18:14 | 000,000,376 | ---- | C] () -- H:\WINDOWS\ODBC.INI

[2010/12/30 12:08:00 | 000,000,129 | ---- | C] () -- H:\Documents and Settings\Family\Local Settings\Application Data\fusioncache.dat

[2010/12/30 11:56:05 | 000,112,410 | ---- | C] () -- H:\WINDOWS\hpoins07.dat

[2010/12/30 11:56:05 | 000,021,124 | ---- | C] () -- H:\WINDOWS\hpomdl07.dat

[2010/12/28 13:18:32 | 000,000,090 | ---- | C] () -- H:\WINDOWS\QBChanUtil_Trigger.ini

[2010/12/28 08:34:30 | 000,049,152 | ---- | C] () -- H:\WINDOWS\System32\ChCfg.exe

[2010/12/27 16:28:52 | 000,002,048 | --S- | C] () -- H:\WINDOWS\bootstat.dat

[2010/12/27 16:24:54 | 000,021,640 | ---- | C] () -- H:\WINDOWS\System32\emptyregdb.dat

[2010/12/27 11:13:49 | 000,004,161 | ---- | C] () -- H:\WINDOWS\ODBCINST.INI

[2010/12/27 11:12:49 | 000,411,880 | ---- | C] () -- H:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/07/27 20:35:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Autodesk

[2012/03/26 08:14:00 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\AVG2012

[2012/07/22 11:03:55 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\blekko toolbars

[2012/04/11 18:10:15 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\boost_interprocess

[2010/12/28 13:18:31 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\Common Files

[2012/07/08 15:23:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\F4D55F17000402900023F694D151FC4E

[2012/08/23 09:38:06 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\MFAData

[2010/12/28 13:18:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Nuance

[2011/01/27 13:31:43 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\PDF reDirect

[2012/08/19 21:48:49 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2010/12/28 13:24:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\SQL Anywhere 11

[2012/08/19 12:24:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Tarma Installer

[2011/01/05 09:00:07 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon

[2011/01/05 08:55:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\Western Digital

[2010/12/29 08:43:34 | 000,000,000 | ---D | M] -- H:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/01/11 21:19:05 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\{B5F0C192-874D-49A8-88D7-8431E3714756}

[2011/01/12 07:14:46 | 000,000,000 | -H-D | M] -- H:\Documents and Settings\All Users\Application Data\{C5A0D307-9319-4B00-9734-C0F4B0454A7B}

[2012/08/22 19:25:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\.minecraft

[2012/08/13 16:06:52 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\.techniclauncher

[2011/07/27 20:43:57 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Autodesk

[2012/03/26 08:05:27 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\AVG2012

[2012/08/23 16:52:25 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\BitTorrent

[2012/07/22 11:11:09 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\calibre

[2011/10/20 10:13:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\ChessBase

[2011/01/23 23:13:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\dtband

[2011/08/18 22:04:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\DVDVideoSoft

[2011/03/13 22:00:28 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\DVDVideoSoftIEHelpers

[2012/04/12 16:12:28 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\mcpatcher

[2010/12/28 14:22:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\NetMedia Providers

[2010/12/30 11:43:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\OpenOffice.org

[2012/04/12 07:00:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\PDF reDirect

[2011/12/27 12:57:37 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\PhotoScape

[2012/08/19 21:48:49 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Propellerhead Software

[2010/12/28 14:22:11 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Publish Providers

[2012/04/11 18:10:56 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\searchquband

[2011/01/23 23:13:19 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\somototoolbar

[2010/12/28 14:24:17 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Sony

[2012/03/29 09:57:23 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\SystemRequirementsLab

[2010/12/29 01:05:03 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Unity

[2011/01/05 08:55:14 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Western Digital

[2012/07/22 10:54:53 | 000,000,000 | ---D | M] -- H:\Documents and Settings\Family\Application Data\Xilisoft

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 8/23/2012 4:55:55 PM - Run 1

OTL by OldTimer - Version 3.2.58.1 Folder = H:\Documents and Settings\Family\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 74.15% Memory free

4.83 Gb Paging File | 4.09 Gb Available in Paging File | 84.67% Paging File free

Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files

Drive H: | 931.50 Gb Total Space | 538.72 Gb Free Space | 57.83% Space Free | Partition Type: NTFS

Computer Name: ROBERTSON | User Name: Family | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "H:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "H:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "H:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "H:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"H:\Program Files\att-nap\McciBrowser.exe" = H:\Program Files\att-nap\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)

"H:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = H:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)

"H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = H:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = H:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"H:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = H:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = H:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"H:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = H:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = H:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"H:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = H:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"H:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = H:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = H:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"H:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = H:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)

"H:\Program Files\Steam\Steam.exe" = H:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"H:\Program Files\BitTorrent\BitTorrent.exe" = H:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"H:\Program Files\AVG\AVG2012\avgmfapx.exe" = H:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = H:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"H:\Program Files\AVG\AVG2012\avgnsx.exe" = H:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"H:\Program Files\AVG\AVG2012\avgdiagex.exe" = H:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)

"H:\Program Files\AVG\AVG2012\avgemcx.exe" = H:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

"H:\Program Files\Steam\SteamApps\common\dungeon defenders demo\Binaries\Win32\DungeonDefenders.exe" = H:\Program Files\Steam\SteamApps\common\dungeon defenders demo\Binaries\Win32\DungeonDefenders.exe:*:Enabled:Dungeon Defenders Demo -- (Trendy Entertainment LLC)

"H:\Program Files\Steam\SteamApps\common\arma 2 free\ArmA2Free.exe" = H:\Program Files\Steam\SteamApps\common\arma 2 free\ArmA2Free.exe:*:Enabled:ARMA 2: Free -- (Bohemia Interactive)

"H:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = H:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()

"H:\Program Files\Java\jre6\bin\javaw.exe" = H:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks

"{0700E22B-A420-40A5-BD20-04BF618CA0F9}" = QuickBooks Simple Start 2010

"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.1

"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare

"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config

"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes

"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java 6 Update 34

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{411949AB-6EE8-4C62-9C72-EBC93B6A7935}" = AVG 2012

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{5783F2D7-0208-0409-0000-0060B0CE6BBA}" = Autodesk Land Desktop 2004

"{5783F2D7-0211-0409-0000-0060B0CE6BBA}" = AutoCAD Express Tools Volumes 1-9

"{5783F2D7-2208-0409-0000-0060B0CE6BBA}" = Autodesk Survey 2004

"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder

"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500

"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config

"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1" = Free FLAC to MP3 Converter 1.0

"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour

"{A74C1699-4BCE-433F-82D6-F11207A0581B}" = Sony ACID Music Studio 7.0

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{B364DC2A-9783-4737-B795-D6F0562A41C5}" = calibre

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status

"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Autodesk Express Viewer" = Autodesk Express Viewer

"AVG" = AVG 2012

"BitTorrent" = BitTorrent

"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 5.3.0.0

"Burn4Free Toolbar" = Burn4Free Toolbar

"FormatFactory" = FormatFactory 2.70

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"HP Document Viewer" = HP Document Viewer 5.3

"HP Imaging Device Functions" = HP Imaging Device Functions 5.3

"HP Photo & Imaging" = HP Image Zone 5.3

"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Native Instruments Kore Player" = Native Instruments Kore Player

"Native Instruments Service Center" = Native Instruments Service Center

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Non Driver CIO Components" = Non Driver CIO Components

"Office14.SingleImage" = Microsoft Office Professional 2010

"Oxe FM Synth_is1" = Oxe FM Synth 1.1.2

"PDF reDirect" = PDF reDirect (remove only)

"PhotoScape" = PhotoScape

"RealPlayer 15.0" = RealPlayer

"Reason5_is1" = Reason 5.0

"ReCycle v2.1" = ReCycle v2.1

"SkyHillKIDSforWindows_is1" = Minute Menu Kids

"ST6UNST #1" = ProProfs CompTIA A+ Practice Exams

"Steam App 107400" = ARMA 2: Free

"Steam App 201680" = Dungeon Defenders Demo

"Steam App 550" = Left 4 Dead 2

"The Rosetta Stone" = The Rosetta Stone

"UnityWebPlayer" = Unity Web Player

"VLC media player" = VLC media player 1.1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2025429265-527237240-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/9/2012 4:36:31 PM | Computer Name = ROBERTSON | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 8/10/2012 10:17:38 PM | Computer Name = ROBERTSON | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module unknown, version 0.0.0.0, fault address 0x035f6218.

Error - 8/11/2012 3:07:16 PM | Computer Name = ROBERTSON | Source = Application Error | ID = 1000

Description = Faulting application mbam.exe, version 1.62.0.87, faulting module

ntdll.dll, version 5.1.2600.6055, fault address 0x000108d3.

Error - 8/13/2012 11:16:34 AM | Computer Name = ROBERTSON | Source = Microsoft Office 14 | ID = 5000

Description = EventType office11shipassert, P1 2jiy, P2 14.0.6029.0, P3 NIL, P4

NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 8/13/2012 7:25:13 PM | Computer Name = ROBERTSON | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 8/13/2012 7:25:29 PM | Computer Name = ROBERTSON | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 8/18/2012 5:21:41 PM | Computer Name = ROBERTSON | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2012 4:29:18 PM | Computer Name = ROBERTSON | Source = Application Hang | ID = 1002

Description = Hanging application javaw.exe, version 6.0.310.5, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2012 4:37:17 PM | Computer Name = ROBERTSON | Source = Application Hang | ID = 1002

Description = Hanging application javaw.exe, version 6.0.310.5, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2012 9:33:11 PM | Computer Name = ROBERTSON | Source = Application Error | ID = 1000

Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module

teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

[ System Events ]

Error - 8/19/2012 10:50:56 AM | Computer Name = ROBERTSON | Source = DCOM | ID = 10010

Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register

with DCOM within the required timeout.

Error - 8/19/2012 12:22:17 PM | Computer Name = ROBERTSON | Source = Service Control Manager | ID = 7023

Description = The Automatic Updates service terminated with the following error:

%%126

Error - 8/19/2012 12:22:47 PM | Computer Name = ROBERTSON | Source = DCOM | ID = 10010

Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register

with DCOM within the required timeout.

Error - 8/19/2012 12:36:40 PM | Computer Name = ROBERTSON | Source = Service Control Manager | ID = 7023

Description = The Automatic Updates service terminated with the following error:

%%126

Error - 8/19/2012 12:37:10 PM | Computer Name = ROBERTSON | Source = DCOM | ID = 10010

Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register

with DCOM within the required timeout.

Error - 8/19/2012 9:50:58 PM | Computer Name = ROBERTSON | Source = Service Control Manager | ID = 7023

Description = The Automatic Updates service terminated with the following error:

%%126

Error - 8/20/2012 2:33:04 PM | Computer Name = ROBERTSON | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring

the volume.

Error - 8/20/2012 2:33:20 PM | Computer Name = ROBERTSON | Source = Service Control Manager | ID = 7023

Description = The Automatic Updates service terminated with the following error:

%%126

Error - 8/22/2012 7:39:44 PM | Computer Name = ROBERTSON | Source = Service Control Manager | ID = 7023

Description = The Automatic Updates service terminated with the following error:

%%126

Error - 8/23/2012 4:54:21 PM | Computer Name = ROBERTSON | Source = Service Control Manager | ID = 7023

Description = The Automatic Updates service terminated with the following error:

%%126

< End of report >

Link to post
Share on other sites

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Family [Admin rights]

Mode: Scan -- Date: 08/23/2012 18:11:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1001FALS-00J7B0 +++++

--- User ---

[MBR] 253541b0f6b649e762ccebb741f8a731

[bSP] d70386338c994455403ffd20da7d4036 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Try Internet Explorer without any add-ons:

http://www.askdrtech...ut-add-ons.aspx

~~~~~~~~~~~~~~~~~~

also in Chrome........

First please make sure you have the latest version of Chrome:

Click the wrench in the upper right hand corner

Click on "About Google Chrome"

If an update is available it will be downloaded and installed

Next:

Carefully check for any odd extensions or plugins:

Type the following into the address box and hit Enter:

chrome:plugins

Do the same for:

chrome:extensions

Next:

Go to Settings > Show advanced settings........ (at the bottom)

Put a check next to all of these:

  1. Clear browsing history
  2. Clear download history
  3. Empty the cache

Click "Clear Browsing Data"

Next:

Look through the rest of Tools, Settings and View Backround Pages and make sure there's nothing suspicious.

---------------------------

Then look at this link (it's for a different infection but the way to change Chromes settings is the same)

http://deletemalware...tall-guide.html

Let me know, MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.