Jump to content

Computer Problems


Recommended Posts

About two weeks ago my computer began running very slowly. Audio and Video is very choppy. The system as a whole has dramatically slowed down.

I have run MalwareBytes but there is no change in the computer.

I tried running DDS in normal start up and in safe mode however, the computer froze in both modes.

I was able to scan with HiJackThis. Below is the log.

I am grateful for any help.

Justin

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:56:20 PM, on 11/28/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\ACS.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\Program Files\TOSHIBA\Power Management\CePMTray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PdaNet for Android\PdaNetPC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Real\RealPlayer\RecordingManager.exe

C:\Program Files\PdaNet for Android\smsagent.exe

C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\explorer.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"

O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"

O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"

O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-342708476-2127193123-2648729015-500\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Administrator')

O4 - HKUS\S-1-5-21-342708476-2127193123-2648729015-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: Rupsd (mnsframework) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: Si3114r5 (relational) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 0: (no name) - (no file)

--

End of file - 10021 bytes

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Report from Security Check:

Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG 2013

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Windows Defender

Malwarebytes Anti-Malware version 1.65.1.1000

Wise Disk Cleaner 5.93

SlimCleaner

Java 7 Update 9

Adobe Flash Player 11.3.300.257

Adobe Reader 10.1.4 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Report from adwcleaner:

# AdwCleaner v2.009 - Logfile created 11/28/2012 at 21:59:00

# Updated 24/11/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Just - TOSHIBA-USER

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Just\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\~0

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Deleted : C:\Documents and Settings\Just\Application Data\PriceGong

Folder Deleted : C:\Documents and Settings\Just\Local Settings\Application Data\blekkotb

Folder Deleted : C:\Documents and Settings\Just\Local Settings\Application Data\Conduit

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Trymedia

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Software

Key Deleted : HKLM\Software\Viewpoint

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v18.0.1025.162

File : C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [2320 octets] - [28/11/2012 21:59:00]

########## EOF - C:\AdwCleaner[s1].txt - [2380 octets] ##########

Report from RougeKiller:

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Just [Admin rights]

Mode : Scan -- Date : 11/28/2012 22:20:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 17 ¤¤¤

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\18059 (globalroot\systemroot\system32\drivers\18059.sys) -> FOUND

[services][HJNAME] HKLM\[...]\ControlSet001\Services\mnsframework (\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs) -> FOUND

[services][HJNAME] HKLM\[...]\ControlSet001\Services\relational (\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet003\Services\18059 (globalroot\systemroot\system32\drivers\18059.sys) -> FOUND

[services][HJNAME] HKLM\[...]\ControlSet003\Services\mnsframework (\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs) -> FOUND

[services][HJNAME] HKLM\[...]\ControlSet003\Services\relational (\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs) -> FOUND

[PROXY FF] 7b2u35gy.default\ 127.0.0.1:61333 -> FOUND

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[Tr.Karagany][FOLDER] plugs : C:\Documents and Settings\Just\Application Data\Adobe\plugs --> FOUND

[Tr.Karagany][FOLDER] shed : C:\Documents and Settings\Just\Application Data\Adobe\shed --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] sfsync02.sys @ 0xF7717D60)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC25N060ATMR04-0 +++++

--- User ---

[MBR] 9d1bf7d970a1eee6be744f48508c878b

[bSP] d5d822a81171860c2954de9b8504e2d7 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57231 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11282012_02d2220.txt >>

RKreport[1]_S_11282012_02d2220.txt

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

TDDS Report:

16:28:14.0890 4732 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

16:28:16.0500 4732 ============================================================

16:28:16.0500 4732 Current date / time: 2012/11/30 16:28:16.0500

16:28:16.0500 4732 SystemInfo:

16:28:16.0500 4732

16:28:16.0515 4732 OS Version: 5.1.2600 ServicePack: 3.0

16:28:16.0515 4732 Product type: Workstation

16:28:16.0515 4732 ComputerName: TOSHIBA-USER

16:28:16.0515 4732 UserName: Just

16:28:16.0515 4732 Windows directory: C:\WINDOWS

16:28:16.0515 4732 System windows directory: C:\WINDOWS

16:28:16.0515 4732 Processor architecture: Intel x86

16:28:16.0515 4732 Number of processors: 2

16:28:16.0515 4732 Page size: 0x1000

16:28:16.0515 4732 Boot type: Normal boot

16:28:16.0515 4732 ============================================================

16:28:42.0890 4732 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

16:28:43.0343 4732 ============================================================

16:28:43.0375 4732 \Device\Harddisk0\DR0:

16:28:43.0812 4732 MBR partitions:

16:28:43.0812 4732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41

16:28:43.0812 4732 ============================================================

16:28:46.0343 4732 C: <-> \Device\Harddisk0\DR0\Partition1

16:28:46.0343 4732 ============================================================

16:28:46.0343 4732 Initialize success

16:28:46.0343 4732 ============================================================

16:28:57.0890 9232 ============================================================

16:28:57.0890 9232 Scan started

16:28:57.0890 9232 Mode: Manual;

16:28:57.0890 9232 ============================================================

16:29:50.0968 9232 ================ Scan system memory ========================

16:29:50.0968 9232 System memory - ok

16:29:50.0984 9232 ================ Scan services =============================

16:30:04.0703 9232 18059 - ok

16:30:04.0765 9232 Abiosdsk - ok

16:30:04.0828 9232 abp480n5 - ok

16:30:05.0562 9232 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:30:05.0796 9232 ACPI - ok

16:30:06.0125 9232 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

16:30:06.0171 9232 ACPIEC - ok

16:30:06.0375 9232 [ 414DFC28E08096CE36A1B6D2F9A15A37 ] ACS C:\WINDOWS\System32\ACS.exe

16:30:06.0453 9232 ACS - ok

16:30:06.0656 9232 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys

16:30:06.0906 9232 adfs - ok

16:30:06.0953 9232 adpu160m - ok

16:30:07.0296 9232 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

16:30:07.0515 9232 aec - ok

16:30:07.0796 9232 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

16:30:08.0828 9232 AFD - ok

16:30:11.0078 9232 [ 052343CD49C8DA20C48958CFE73C7D44 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys

16:30:14.0171 9232 AgereSoftModem - ok

16:30:14.0203 9232 Aha154x - ok

16:30:14.0218 9232 aic78u2 - ok

16:30:14.0250 9232 aic78xx - ok

16:30:15.0375 9232 [ FBBCB95F677CBAA924140B6EA2D9A97B ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS

16:30:16.0265 9232 ALCXSENS - ok

16:30:20.0750 9232 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS

16:30:26.0234 9232 ALCXWDM - ok

16:30:26.0390 9232 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

16:30:26.0437 9232 Alerter - ok

16:30:26.0578 9232 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

16:30:26.0656 9232 ALG - ok

16:30:26.0687 9232 AliIde - ok

16:30:26.0703 9232 amsint - ok

16:30:26.0906 9232 [ 3ED81E8B4709D13E5A38DB2D8E792B28 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

16:30:27.0031 9232 ApfiltrService - ok

16:30:27.0140 9232 AppMgmt - ok

16:30:27.0703 9232 [ B38FBCD95B8E4C130CF78A1DF7F04523 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys

16:30:28.0265 9232 AR5211 - ok

16:30:28.0375 9232 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

16:30:28.0734 9232 Arp1394 - ok

16:30:28.0765 9232 asc - ok

16:30:28.0796 9232 asc3350p - ok

16:30:28.0828 9232 asc3550 - ok

16:30:29.0031 9232 [ 54AB078660E536DA72B21A27F56B035B ] Aspi32 C:\WINDOWS\system32\drivers\aspi32.sys

16:30:29.0078 9232 Aspi32 - ok

16:30:30.0406 9232 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

16:30:31.0343 9232 aspnet_state - ok

16:30:31.0531 9232 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:30:31.0562 9232 AsyncMac - ok

16:30:31.0718 9232 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

16:30:31.0718 9232 atapi - ok

16:30:31.0750 9232 Atdisk - ok

16:30:32.0281 9232 [ 174C7EE63011017CA12E31CED195581D ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe

16:30:32.0875 9232 Ati HotKey Poller - ok

16:30:33.0703 9232 [ 4938AD74DE9088F70922FABF86912EEE ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

16:30:34.0640 9232 ati2mtag - ok

16:30:34.0796 9232 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:30:34.0875 9232 Atmarpc - ok

16:30:35.0093 9232 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

16:30:35.0234 9232 AudioSrv - ok

16:30:35.0406 9232 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

16:30:35.0453 9232 audstub - ok

16:30:42.0765 9232 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe

16:30:50.0843 9232 AVGIDSAgent - ok

16:30:51.0125 9232 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

16:30:51.0687 9232 AVGIDSDriver - ok

16:30:51.0890 9232 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys

16:30:51.0968 9232 AVGIDSHX - ok

16:30:52.0125 9232 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

16:30:52.0156 9232 AVGIDSShim - ok

16:30:52.0500 9232 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys

16:30:52.0796 9232 Avgldx86 - ok

16:30:53.0093 9232 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys

16:30:53.0406 9232 Avglogx - ok

16:30:53.0718 9232 [ 6C7C00B8DD22B4343B47FED148387057 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

16:30:53.0828 9232 Avgmfx86 - ok

16:30:54.0000 9232 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

16:30:54.0046 9232 Avgrkx86 - ok

16:30:54.0375 9232 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys

16:30:54.0593 9232 Avgtdix - ok

16:30:54.0906 9232 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe

16:30:55.0218 9232 avgwd - ok

16:30:55.0437 9232 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

16:30:55.0515 9232 Beep - ok

16:30:56.0015 9232 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

16:30:56.0906 9232 BITS - ok

16:30:57.0125 9232 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll

16:30:57.0265 9232 Browser - ok

16:30:57.0718 9232 [ 10D5FB74EE18EA49C30DAAA203C0E0EC ] caboagp C:\WINDOWS\system32\DRIVERS\atisgkaf.sys

16:30:57.0734 9232 caboagp - ok

16:30:59.0171 9232 catchme - ok

16:30:59.0406 9232 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

16:30:59.0578 9232 cbidf2k - ok

16:30:59.0937 9232 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

16:31:00.0000 9232 CCDECODE - ok

16:31:00.0031 9232 cd20xrnt - ok

16:31:00.0187 9232 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

16:31:00.0218 9232 Cdaudio - ok

16:31:00.0359 9232 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

16:31:00.0453 9232 Cdfs - ok

16:31:00.0484 9232 Cdr4_xp - ok

16:31:00.0609 9232 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:31:00.0718 9232 Cdrom - ok

16:31:01.0109 9232 [ EDFB15C5AF45B381277E6A275680C81D ] CeEPwrSvc C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe

16:31:01.0203 9232 CeEPwrSvc - ok

16:31:01.0578 9232 [ 183691781D89AF30395DEB4CCE310FD6 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

16:31:01.0625 9232 CFSvcs - ok

16:31:01.0656 9232 Changer - ok

16:31:01.0875 9232 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

16:31:01.0921 9232 CiSvc - ok

16:31:02.0046 9232 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

16:31:02.0109 9232 ClipSrv - ok

16:31:02.0859 9232 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:31:05.0218 9232 clr_optimization_v2.0.50727_32 - ok

16:31:05.0609 9232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:31:07.0140 9232 clr_optimization_v4.0.30319_32 - ok

16:31:07.0250 9232 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

16:31:07.0296 9232 CmBatt - ok

16:31:07.0437 9232 CmdIde - ok

16:31:07.0625 9232 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

16:31:07.0687 9232 Compbatt - ok

16:31:07.0750 9232 COMSysApp - ok

16:31:07.0796 9232 Cpqarray - ok

16:31:08.0000 9232 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

16:31:08.0078 9232 CryptSvc - ok

16:31:08.0109 9232 dac2w2k - ok

16:31:08.0156 9232 dac960nt - ok

16:31:08.0781 9232 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

16:31:09.0312 9232 DcomLaunch - ok

16:31:09.0468 9232 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

16:31:09.0703 9232 Dhcp - ok

16:31:09.0828 9232 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

16:31:09.0890 9232 Disk - ok

16:31:09.0921 9232 dmadmin - ok

16:31:10.0968 9232 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

16:31:12.0015 9232 dmboot - ok

16:31:12.0265 9232 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

16:31:12.0468 9232 dmio - ok

16:31:12.0765 9232 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

16:31:12.0796 9232 dmload - ok

16:31:12.0953 9232 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

16:31:13.0000 9232 dmserver - ok

16:31:13.0093 9232 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

16:31:13.0203 9232 DMusic - ok

16:31:13.0375 9232 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

16:31:13.0437 9232 Dnscache - ok

16:31:13.0875 9232 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

16:31:14.0187 9232 Dot3svc - ok

16:31:14.0218 9232 dpti2o - ok

16:31:14.0328 9232 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

16:31:14.0390 9232 drmkaud - ok

16:31:14.0734 9232 [ 19F07389ADE563B46E99626FD675070D ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys

16:31:14.0859 9232 drvmcdb - ok

16:31:14.0953 9232 [ 0FFE2F06E9103A4FBD5E6418CA044D1C ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys

16:31:15.0015 9232 drvnddm - ok

16:31:15.0250 9232 [ 77C4901986FC7A83E853B300E80D234B ] DVD-RAM_Service C:\WINDOWS\System32\DVDRAMSV.exe

16:31:15.0453 9232 DVD-RAM_Service - ok

16:31:15.0640 9232 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

16:31:15.0718 9232 EapHost - ok

16:31:15.0734 9232 easytether - ok

16:31:15.0875 9232 [ 5DD48EC0D82B708857EEDD5A59BE5BC5 ] ECioctl C:\WINDOWS\system32\Drivers\ECioctl.sys

16:31:17.0375 9232 ECioctl - ok

16:31:17.0640 9232 [ A1CCDCB2E1EB8A6C3AF879463BA2BE89 ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys

16:31:17.0843 9232 EMSCR - ok

16:31:17.0953 9232 [ 0B07768AE046F9ED6A75E5BC75660828 ] EPOWER C:\WINDOWS\system32\Drivers\hkdrv.sys

16:31:19.0765 9232 EPOWER - ok

16:31:19.0937 9232 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

16:31:20.0000 9232 ERSvc - ok

16:31:20.0187 9232 [ EC2A61FABD6F311D2A8596C280EFBA6F ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys

16:31:20.0234 9232 ESDCR - ok

16:31:20.0796 9232 [ 328C7B07F4BE4826D33B826396305686 ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys

16:31:21.0312 9232 ESMCR - ok

16:31:21.0531 9232 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

16:31:21.0718 9232 Eventlog - ok

16:31:22.0093 9232 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\Es.dll

16:31:22.0484 9232 EventSystem - ok

16:31:22.0703 9232 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

16:31:22.0953 9232 Fastfat - ok

16:31:23.0312 9232 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

16:31:23.0484 9232 FastUserSwitchingCompatibility - ok

16:31:24.0218 9232 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe

16:31:24.0515 9232 Fax - ok

16:31:24.0687 9232 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

16:31:24.0734 9232 Fdc - ok

16:31:24.0890 9232 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

16:31:24.0921 9232 Fips - ok

16:31:26.0406 9232 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

16:31:27.0968 9232 FLEXnet Licensing Service - ok

16:31:28.0062 9232 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

16:31:28.0109 9232 Flpydisk - ok

16:31:28.0328 9232 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

16:31:28.0640 9232 FltMgr - ok

16:31:28.0843 9232 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS

16:31:29.0000 9232 FsUsbExDisk - ok

16:31:29.0312 9232 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:31:29.0406 9232 Fs_Rec - ok

16:31:29.0703 9232 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:31:29.0796 9232 Ftdisk - ok

16:31:30.0015 9232 [ 5271DFDC3C390FE46D69220784CB0D2E ] Generalusbserialser20675 C:\WINDOWS\system32\DRIVERS\CT_U_USBSER.sys

16:31:30.0156 9232 Generalusbserialser20675 - ok

16:31:30.0437 9232 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:31:30.0531 9232 Gpc - ok

16:31:31.0343 9232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

16:31:31.0609 9232 gupdate - ok

16:31:31.0890 9232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

16:31:31.0890 9232 gupdatem - ok

16:31:32.0187 9232 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

16:31:32.0250 9232 helpsvc - ok

16:31:32.0406 9232 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

16:31:32.0468 9232 HidServ - ok

16:31:32.0750 9232 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:31:32.0812 9232 HidUsb - ok

16:31:32.0968 9232 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

16:31:33.0062 9232 hkmsvc - ok

16:31:33.0093 9232 hpn - ok

16:31:34.0437 9232 [ 38D6B51F04DEF7FB248FA56E4C47407E ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

16:31:34.0984 9232 hpqcxs08 - ok

16:31:35.0234 9232 [ 3EE4A63539EC04EE2D4BD293985087AB ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

16:31:35.0406 9232 hpqddsvc - ok

16:31:35.0671 9232 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys

16:31:36.0140 9232 HPZid412 - ok

16:31:36.0265 9232 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

16:31:36.0312 9232 HPZipr12 - ok

16:31:36.0453 9232 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys

16:31:36.0500 9232 HPZius12 - ok

16:31:36.0984 9232 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

16:31:37.0390 9232 HTTP - ok

16:31:37.0781 9232 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

16:31:37.0859 9232 HTTPFilter - ok

16:31:37.0890 9232 i2omgmt - ok

16:31:37.0906 9232 i2omp - ok

16:31:38.0015 9232 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:31:38.0078 9232 i8042prt - ok

16:31:38.0406 9232 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

16:31:42.0343 9232 IDriverT - ok

16:31:42.0421 9232 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

16:31:42.0484 9232 Imapi - ok

16:31:43.0453 9232 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

16:31:43.0765 9232 ImapiService - ok

16:31:43.0968 9232 ini910u - ok

16:31:44.0000 9232 IntelIde - ok

16:31:44.0640 9232 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:31:44.0828 9232 intelppm - ok

16:31:45.0250 9232 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys

16:31:45.0328 9232 ip6fw - ok

16:31:45.0515 9232 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:31:45.0640 9232 IpFilterDriver - ok

16:31:46.0234 9232 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:31:46.0312 9232 IpInIp - ok

16:31:46.0593 9232 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:31:46.0968 9232 IpNat - ok

16:31:47.0265 9232 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:31:47.0390 9232 IPSec - ok

16:31:47.0531 9232 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys

16:31:47.0734 9232 irda - ok

16:31:48.0031 9232 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

16:31:48.0140 9232 IRENUM - ok

16:31:48.0296 9232 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll

16:31:48.0359 9232 Irmon - ok

16:31:48.0531 9232 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:31:48.0593 9232 isapnp - ok

16:31:50.0281 9232 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

16:31:50.0515 9232 JavaQuickStarterService - ok

16:31:50.0796 9232 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:31:50.0875 9232 Kbdclass - ok

16:31:51.0093 9232 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

16:31:51.0281 9232 kmixer - ok

16:31:51.0515 9232 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

16:31:51.0734 9232 KSecDD - ok

16:31:52.0187 9232 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

16:31:52.0328 9232 lanmanserver - ok

16:31:52.0609 9232 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

16:31:52.0953 9232 lanmanworkstation - ok

16:31:52.0984 9232 lbrtfdc - ok

16:31:53.0140 9232 [ B716D4D759663BC4174FD0A379DA8E50 ] libusb0 C:\WINDOWS\system32\DRIVERS\libusb0.sys

16:31:54.0453 9232 libusb0 - ok

16:31:55.0359 9232 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

16:31:55.0390 9232 LmHosts - ok

16:31:55.0484 9232 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

16:31:55.0531 9232 MBAMProtector - ok

16:31:56.0328 9232 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

16:31:56.0671 9232 MBAMScheduler - ok

16:31:57.0562 9232 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

16:31:58.0984 9232 MBAMService - ok

16:31:59.0750 9232 [ 67B6F4E0DB57DD2020A2415294BA4ED8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe

16:32:04.0968 9232 McciCMService - ok

16:32:05.0015 9232 mcdbus - ok

16:32:05.0187 9232 [ D7010580BF4E45D5E793A1FE75758C69 ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys

16:32:05.0218 9232 MDC8021X - ok

16:32:05.0531 9232 [ 766A1D242F4390DDF1243084898A20C9 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys

16:32:05.0609 9232 meiudf - ok

16:32:06.0031 9232 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

16:32:06.0109 9232 Messenger - ok

16:32:06.0375 9232 [ 688B626FCA708EE9EB161CAD1F7363A9 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys

16:32:06.0640 9232 mfeapfk - ok

16:32:07.0750 9232 [ 44184F32392FA2E94D08D056CE750D56 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys

16:32:08.0593 9232 mfehidk - ok

16:32:09.0109 9232 [ 6991A9EA5E74E6035B8DAB17A7572CF3 ] mfevtp C:\WINDOWS\system32\mfevtps.exe

16:32:09.0656 9232 mfevtp - ok

16:32:09.0812 9232 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

16:32:09.0828 9232 mnmdd - ok

16:32:10.0093 9232 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe

16:32:10.0203 9232 mnmsrvc - ok

16:32:10.0390 9232 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

16:32:10.0421 9232 Modem - ok

16:32:10.0609 9232 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:32:10.0640 9232 Mouclass - ok

16:32:10.0812 9232 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:32:11.0234 9232 mouhid - ok

16:32:11.0625 9232 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

16:32:11.0687 9232 MountMgr - ok

16:32:11.0703 9232 MR97310_USB_DUAL_CAMERA - ok

16:32:11.0734 9232 mraid35x - ok

16:32:12.0468 9232 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

16:32:15.0031 9232 MREMP50 - ok

16:32:15.0046 9232 MREMP50a64 - ok

16:32:15.0234 9232 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

16:32:15.0968 9232 MRESP50 - ok

16:32:16.0000 9232 MRESP50a64 - ok

16:32:16.0468 9232 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:32:16.0734 9232 MRxDAV - ok

16:32:17.0843 9232 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:32:18.0515 9232 MRxSmb - ok

16:32:18.0671 9232 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe

16:32:18.0859 9232 MSDTC - ok

16:32:18.0968 9232 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

16:32:19.0156 9232 Msfs - ok

16:32:19.0187 9232 MSIServer - ok

16:32:19.0453 9232 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:32:19.0515 9232 MSKSSRV - ok

16:32:19.0734 9232 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:32:19.0765 9232 MSPCLOCK - ok

16:32:19.0875 9232 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

16:32:19.0906 9232 MSPQM - ok

16:32:20.0000 9232 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:32:20.0062 9232 mssmbios - ok

16:32:21.0078 9232 MSSQL$SQLEXPRESS - ok

16:32:21.0546 9232 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

16:32:21.0671 9232 MSSQLServerADHelper100 - ok

16:32:22.0125 9232 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

16:32:22.0156 9232 MSTEE - ok

16:32:22.0640 9232 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

16:32:22.0828 9232 Mup - ok

16:32:23.0046 9232 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

16:32:23.0171 9232 NABTSFEC - ok

16:32:23.0843 9232 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

16:32:24.0203 9232 napagent - ok

16:32:24.0640 9232 [ E78CE4B8E70CCC1A6E63008C3660867C ] NCHSSVAD C:\WINDOWS\system32\drivers\nchssvad.sys

16:32:26.0250 9232 NCHSSVAD - ok

16:32:26.0578 9232 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

16:32:26.0781 9232 NDIS - ok

16:32:26.0921 9232 [ B797EE2EF919C95561DEE78B72B33E5B ] ndiscm C:\WINDOWS\system32\DRIVERS\NetMotCM.sys

16:32:26.0968 9232 ndiscm - ok

16:32:27.0093 9232 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

16:32:27.0109 9232 NdisIP - ok

16:32:27.0296 9232 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:32:27.0546 9232 NdisTapi - ok

16:32:27.0656 9232 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:32:27.0687 9232 Ndisuio - ok

16:32:27.0828 9232 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:32:27.0921 9232 NdisWan - ok

16:32:28.0093 9232 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

16:32:28.0406 9232 NDProxy - ok

16:32:28.0515 9232 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll

16:32:28.0546 9232 Net Driver HPZ12 - ok

16:32:28.0609 9232 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

16:32:28.0750 9232 NetBIOS - ok

16:32:28.0906 9232 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

16:32:29.0062 9232 NetBT - ok

16:32:29.0296 9232 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

16:32:29.0406 9232 NetDDE - ok

16:32:29.0593 9232 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

16:32:29.0593 9232 NetDDEdsdm - ok

16:32:29.0656 9232 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys

16:32:29.0687 9232 Netdevio - ok

16:32:29.0796 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

16:32:29.0812 9232 Netlogon - ok

16:32:29.0984 9232 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

16:32:30.0140 9232 Netman - ok

16:32:30.0234 9232 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

16:32:30.0296 9232 NIC1394 - ok

16:32:30.0578 9232 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

16:32:30.0765 9232 Nla - ok

16:32:30.0796 9232 NMSAccess - ok

16:32:30.0859 9232 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

16:32:30.0890 9232 Npfs - ok

16:32:31.0703 9232 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

16:32:32.0578 9232 Ntfs - ok

16:32:32.0796 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe

16:32:32.0812 9232 NtLmSsp - ok

16:32:33.0484 9232 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

16:32:34.0078 9232 NtmsSvc - ok

16:32:34.0187 9232 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

16:32:34.0312 9232 NuidFltr - ok

16:32:34.0421 9232 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

16:32:34.0437 9232 Null - ok

16:32:34.0546 9232 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:32:34.0593 9232 NwlnkFlt - ok

16:32:34.0781 9232 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:32:34.0843 9232 NwlnkFwd - ok

16:32:35.0500 9232 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:32:36.0109 9232 odserv - ok

16:32:36.0296 9232 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

16:32:36.0375 9232 ohci1394 - ok

16:32:36.0640 9232 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:32:36.0984 9232 ose - ok

16:32:37.0203 9232 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

16:32:37.0312 9232 Parport - ok

16:32:37.0375 9232 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

16:32:37.0421 9232 PartMgr - ok

16:32:37.0500 9232 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

16:32:37.0515 9232 ParVdm - ok

16:32:37.0625 9232 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

16:32:37.0687 9232 pccsmcfd - ok

16:32:37.0812 9232 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

16:32:37.0968 9232 PCI - ok

16:32:38.0000 9232 PCIDump - ok

16:32:38.0078 9232 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

16:32:38.0078 9232 PCIIde - ok

16:32:38.0359 9232 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys

16:32:38.0515 9232 Pcmcia - ok

16:32:38.0546 9232 PDCOMP - ok

16:32:38.0578 9232 PDFRAME - ok

16:32:38.0640 9232 PDRELI - ok

16:32:38.0671 9232 PDRFRAME - ok

16:32:38.0703 9232 perc2 - ok

16:32:38.0734 9232 perc2hib - ok

16:32:39.0390 9232 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE

16:32:39.0796 9232 PEVSystemStart - ok

16:32:39.0890 9232 [ ED2E7F396B4098608C95BC3806BDF6FC ] pfc C:\WINDOWS\system32\drivers\pfc.sys

16:32:40.0218 9232 pfc - ok

16:32:40.0406 9232 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

16:32:40.0406 9232 PlugPlay - ok

16:32:40.0531 9232 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll

16:32:40.0593 9232 Pml Driver HPZ12 - ok

16:32:40.0656 9232 [ 713E294439D982BB161317DE0136FAA0 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys

16:32:41.0078 9232 pneteth - ok

16:32:41.0359 9232 [ DCDF0421A1C14F2923E298A30FD7636D ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys

16:32:41.0390 9232 Point32 - ok

16:32:41.0437 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

16:32:41.0453 9232 PolicyAgent - ok

16:32:41.0562 9232 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:32:41.0625 9232 PptpMiniport - ok

16:32:41.0718 9232 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

16:32:41.0765 9232 Processor - ok

16:32:41.0843 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

16:32:41.0859 9232 ProtectedStorage - ok

16:32:42.0000 9232 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

16:32:42.0140 9232 PSched - ok

16:32:42.0250 9232 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:32:42.0296 9232 Ptilink - ok

16:32:42.0328 9232 ql1080 - ok

16:32:42.0390 9232 Ql10wnt - ok

16:32:42.0437 9232 ql12160 - ok

16:32:42.0484 9232 ql1240 - ok

16:32:42.0531 9232 ql1280 - ok

16:32:42.0750 9232 [ 3B68696914E467BBE827D2552B5B85EF ] qrkis C:\WINDOWS\system32\DRIVERS\qrkis.sys

16:32:44.0000 9232 qrkis - ok

16:32:44.0093 9232 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:32:44.0125 9232 RasAcd - ok

16:32:44.0296 9232 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

16:32:44.0375 9232 RasAuto - ok

16:32:44.0468 9232 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys

16:32:44.0484 9232 Rasirda - ok

16:32:44.0546 9232 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:32:44.0625 9232 Rasl2tp - ok

16:32:44.0859 9232 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

16:32:45.0015 9232 RasMan - ok

16:32:45.0078 9232 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:32:45.0109 9232 RasPppoe - ok

16:32:45.0234 9232 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

16:32:45.0250 9232 Raspti - ok

16:32:45.0453 9232 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:32:45.0640 9232 Rdbss - ok

16:32:45.0781 9232 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:32:45.0828 9232 RDPCDD - ok

16:32:46.0234 9232 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

16:32:46.0578 9232 RDPWD - ok

16:32:46.0843 9232 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

16:32:47.0109 9232 RDSessMgr - ok

16:32:47.0234 9232 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

16:32:47.0281 9232 redbook - ok

16:32:47.0421 9232 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

16:32:47.0484 9232 RemoteAccess - ok

16:32:47.0593 9232 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe

16:32:47.0656 9232 RpcLocator - ok

16:32:47.0968 9232 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

16:32:47.0984 9232 RpcSs - ok

16:32:48.0265 9232 [ FEDD2710B75BE3ECF078ADACE790C423 ] RsFx0102 C:\WINDOWS\system32\DRIVERS\RsFx0102.sys

16:32:48.0437 9232 RsFx0102 - ok

16:32:48.0578 9232 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe

16:32:48.0671 9232 RSVP - ok

16:32:48.0781 9232 [ 29F9879A1FD386F7251AE9FDADB2CBF1 ] RTL8023 C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

16:32:48.0843 9232 RTL8023 - ok

16:32:49.0031 9232 [ CF84B1F0E8B14D4120AAF9CF35CBB265 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

16:32:49.0140 9232 RTL8023xp - ok

16:32:49.0234 9232 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

16:32:49.0250 9232 rtl8139 - ok

16:32:49.0281 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

16:32:49.0296 9232 SamSs - ok

16:32:49.0390 9232 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

16:32:49.0453 9232 SCardSvr - ok

16:32:49.0625 9232 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

16:32:49.0765 9232 Schedule - ok

16:32:49.0828 9232 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:32:49.0875 9232 Secdrv - ok

16:32:49.0921 9232 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

16:32:49.0937 9232 seclogon - ok

16:32:49.0984 9232 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

16:32:50.0015 9232 SENS - ok

16:32:50.0093 9232 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

16:32:50.0140 9232 Serial - ok

16:32:50.0656 9232 [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

16:32:52.0062 9232 ServiceLayer - ok

16:32:52.0187 9232 [ 56250672235BBE54BA8A4963B1AC997C ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys

16:32:52.0218 9232 sfdrv01 - ok

16:32:52.0281 9232 [ 3AD2B15CCC03FEBFBAF5FF057822AA75 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys

16:32:52.0281 9232 sfhlp02 - ok

16:32:52.0343 9232 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys

16:32:52.0359 9232 Sfloppy - ok

16:32:52.0390 9232 [ 798D918D8F20380008277CE3CE5319D1 ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys

16:32:52.0406 9232 sfsync02 - ok

16:32:52.0671 9232 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

16:32:52.0921 9232 SharedAccess - ok

16:32:53.0046 9232 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

16:32:53.0046 9232 ShellHWDetection - ok

16:32:53.0062 9232 Simbad - ok

16:32:53.0093 9232 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

16:32:53.0093 9232 SLIP - ok

16:32:53.0171 9232 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys

16:32:53.0203 9232 SMCIRDA - ok

16:32:53.0234 9232 Sparrow - ok

16:32:53.0281 9232 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

16:32:53.0281 9232 splitter - ok

16:32:53.0390 9232 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

16:32:53.0421 9232 Spooler - ok

16:32:53.0703 9232 [ EB2FD937449B7ACEB39372F875EB8E78 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

16:32:53.0984 9232 SQLAgent$SQLEXPRESS - ok

16:32:54.0062 9232 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

16:32:54.0109 9232 sr - ok

16:32:54.0250 9232 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

16:32:54.0375 9232 srservice - ok

16:32:54.0687 9232 [ 3EED76A0C1412F52860F7E7EAB5AECCA ] SRS_AE_Service C:\WINDOWS\system32\drivers\SRS_AE_i386.sys

16:32:55.0000 9232 SRS_AE_Service - ok

16:32:55.0234 9232 [ 25ECEA986742275ECB23A1CB6BC87A61 ] SRS_SSCFilter C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys

16:32:55.0515 9232 SRS_SSCFilter - ok

16:32:55.0796 9232 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

16:32:56.0078 9232 Srv - ok

16:32:56.0250 9232 [ 2024A857CC3351662655EE32B60254A1 ] SrvcEKIOMngr C:\WINDOWS\system32\Drivers\EKIoMngr.sys

16:32:57.0421 9232 SrvcEKIOMngr - ok

16:32:57.0515 9232 [ DDAC6148D760D3854CAE2409D4046D07 ] SrvcEPIOMngr C:\WINDOWS\system32\Drivers\EPIoMngr.sys

16:32:57.0796 9232 SrvcEPIOMngr - ok

16:32:57.0906 9232 [ BB30A993E1CD2C74B9160B82F95AA3EA ] SrvcSSIOMngr C:\WINDOWS\system32\Drivers\SSIoMngr.sys

16:32:58.0296 9232 SrvcSSIOMngr - ok

16:32:58.0453 9232 [ 0C2FE008042012CD24FCDCEDC7EC8832 ] SrvcTPIOMngr C:\WINDOWS\system32\Drivers\TPIoMngr.sys

16:32:58.0656 9232 SrvcTPIOMngr - ok

16:32:58.0703 9232 [ 7C0C9BDCA2D351FF3B4F9B69F99AA995 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys

16:32:58.0718 9232 sscdbhk5 - ok

16:32:58.0796 9232 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

16:32:58.0859 9232 SSDPSRV - ok

16:32:58.0921 9232 [ A2BE8FBFA987E95D70CFED0E2DACDA6D ] SSKBFD C:\WINDOWS\system32\Drivers\sskbfd.sys

16:32:59.0000 9232 SSKBFD - ok

16:32:59.0062 9232 [ 31726706D54894D5059F7471111A87BB ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys

16:32:59.0078 9232 ssrtln - ok

16:32:59.0343 9232 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

16:32:59.0562 9232 stisvc - ok

16:32:59.0625 9232 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

16:32:59.0640 9232 streamip - ok

16:32:59.0703 9232 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

16:32:59.0703 9232 swenum - ok

16:32:59.0765 9232 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

16:32:59.0812 9232 swmidi - ok

16:32:59.0828 9232 SwPrv - ok

16:32:59.0984 9232 [ 74E8543A4647A53A26788D5ED3C2172F ] Swupdtmr c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe

16:33:00.0187 9232 Swupdtmr - ok

16:33:00.0218 9232 symc810 - ok

16:33:00.0234 9232 symc8xx - ok

16:33:00.0250 9232 sym_hi - ok

16:33:00.0265 9232 sym_u3 - ok

16:33:00.0328 9232 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

16:33:00.0375 9232 sysaudio - ok

16:33:00.0468 9232 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

16:33:00.0531 9232 SysmonLog - ok

16:33:00.0609 9232 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys

16:33:00.0937 9232 tap0901 - ok

16:33:01.0250 9232 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

16:33:01.0421 9232 TapiSrv - ok

16:33:01.0484 9232 [ EECA2B57545E7B7BE949B5E70E31444F ] TBiosDrv C:\WINDOWS\System32\drivers\TBiosDrv.sys

16:33:01.0734 9232 TBiosDrv - ok

16:33:02.0140 9232 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:33:02.0390 9232 Tcpip - ok

16:33:02.0453 9232 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

16:33:02.0468 9232 TDPIPE - ok

16:33:02.0515 9232 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

16:33:02.0531 9232 TDTCP - ok

16:33:02.0593 9232 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

16:33:02.0625 9232 TermDD - ok

16:33:02.0843 9232 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

16:33:03.0046 9232 TermService - ok

16:33:03.0156 9232 [ E269D9FEDFC0F56A247CAD1A63796520 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys

16:33:03.0171 9232 tfsnboio - ok

16:33:03.0234 9232 [ 3C1E664EFE8A77A39BD6C75D5A528F71 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys

16:33:03.0265 9232 tfsncofs - ok

16:33:03.0296 9232 [ D31218FF783E87796FF6FC08947B7B1A ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys

16:33:03.0296 9232 tfsndrct - ok

16:33:03.0312 9232 [ 2C6BB69577142532CA2D500EB9F13D33 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys

16:33:03.0328 9232 tfsndres - ok

16:33:03.0406 9232 [ E426978F51AF4A6A35570ECED8D1E1F3 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys

16:33:03.0468 9232 tfsnifs - ok

16:33:03.0500 9232 [ 38C8E56FA7E82C977507C1FDCBF3A294 ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys

16:33:03.0515 9232 tfsnopio - ok

16:33:03.0531 9232 [ AE9E9BF9BDE115D1B343A2E520450B4E ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys

16:33:03.0546 9232 tfsnpool - ok

16:33:03.0640 9232 [ 1CD2D88DD844D77E7B3DA0CEF4108EA1 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys

16:33:03.0703 9232 tfsnudf - ok

16:33:03.0812 9232 [ D992C38EC8E99729C02179932D16A700 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys

16:33:03.0875 9232 tfsnudfa - ok

16:33:04.0015 9232 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

16:33:04.0015 9232 Themes - ok

16:33:04.0062 9232 TosIde - ok

16:33:04.0187 9232 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

16:33:04.0250 9232 TrkWks - ok

16:33:04.0328 9232 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

16:33:04.0375 9232 Udfs - ok

16:33:04.0765 9232 [ 54A4A93A984E5C30B5CAB9257A0A05BF ] UDisk Monitor C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe

16:33:05.0953 9232 UDisk Monitor - ok

16:33:05.0968 9232 ultra - ok

16:33:06.0390 9232 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

16:33:06.0640 9232 Update - ok

16:33:06.0828 9232 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

16:33:06.0968 9232 upnphost - ok

16:33:07.0015 9232 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

16:33:07.0031 9232 UPS - ok

16:33:07.0125 9232 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:33:07.0156 9232 usbccgp - ok

16:33:07.0203 9232 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:33:07.0234 9232 usbehci - ok

16:33:07.0296 9232 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:33:07.0343 9232 usbhub - ok

16:33:07.0375 9232 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

16:33:07.0390 9232 usbohci - ok

16:33:07.0437 9232 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

16:33:07.0468 9232 usbprint - ok

16:33:07.0500 9232 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:33:07.0515 9232 usbscan - ok

16:33:07.0562 9232 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:33:07.0578 9232 USBSTOR - ok

16:33:07.0656 9232 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:33:07.0703 9232 usbuhci - ok

16:33:07.0734 9232 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

16:33:07.0750 9232 VgaSave - ok

16:33:07.0765 9232 ViaIde - ok

16:33:07.0890 9232 [ 00046AA2E396EDC2238556E740A8E5AF ] viamraid C:\WINDOWS\system32\DRIVERS\viamraid.sys

16:33:07.0984 9232 viamraid - ok

16:33:08.0062 9232 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

16:33:08.0109 9232 VolSnap - ok

16:33:08.0265 9232 [ 4775579D1AE9C881A6F2F7739858E7CD ] VRAID Log Service C:\Program Files\VIA\RAID\vialogsv.exe

16:33:08.0312 9232 VRAID Log Service - ok

16:33:08.0531 9232 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

16:33:08.0734 9232 VSS - ok

16:33:08.0890 9232 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

16:33:09.0015 9232 W32Time - ok

16:33:09.0093 9232 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:33:09.0125 9232 Wanarp - ok

16:33:09.0125 9232 wanatw - ok

16:33:09.0468 9232 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

16:33:09.0765 9232 Wdf01000 - ok

16:33:09.0765 9232 WDICA - ok

16:33:09.0859 9232 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

16:33:09.0921 9232 wdmaud - ok

16:33:10.0015 9232 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

16:33:10.0078 9232 WebClient - ok

16:33:10.0406 9232 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

16:33:10.0500 9232 winmgmt - ok

16:33:10.0593 9232 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys

16:33:10.0625 9232 WinUSB - ok

16:33:10.0687 9232 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

16:33:10.0703 9232 WmdmPmSN - ok

16:33:10.0843 9232 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe

16:33:10.0921 9232 WmiApSrv - ok

16:33:11.0640 9232 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

16:33:12.0328 9232 WMPNetworkSvc - ok

16:33:13.0093 9232 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

16:33:13.0593 9232 WPFFontCache_v0400 - ok

16:33:13.0656 9232 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

16:33:13.0671 9232 WS2IFSL - ok

16:33:13.0781 9232 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

16:33:13.0843 9232 wscsvc - ok

16:33:13.0921 9232 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

16:33:13.0937 9232 WSTCODEC - ok

16:33:14.0000 9232 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

16:33:14.0015 9232 wuauserv - ok

16:33:14.0312 9232 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

16:33:14.0500 9232 WudfPf - ok

16:33:14.0593 9232 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

16:33:14.0671 9232 WudfRd - ok

16:33:14.0750 9232 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

16:33:14.0796 9232 WudfSvc - ok

16:33:15.0203 9232 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

16:33:15.0531 9232 WZCSVC - ok

16:33:15.0671 9232 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

16:33:15.0750 9232 xmlprov - ok

16:33:16.0296 9232 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

16:33:16.0750 9232 YahooAUService - ok

16:33:16.0906 9232 ================ Scan global ===============================

16:33:17.0140 9232 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

16:33:17.0562 9232 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

16:33:17.0984 9232 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

16:33:18.0093 9232 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

16:33:18.0109 9232 [Global] - ok

16:33:18.0125 9232 ================ Scan MBR ==================================

16:33:18.0187 9232 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

16:33:19.0437 9232 \Device\Harddisk0\DR0 - ok

16:33:19.0437 9232 ================ Scan VBR ==================================

16:33:19.0453 9232 [ 3BC193B1A972A5A954ED1F28A6544DCA ] \Device\Harddisk0\DR0\Partition1

16:33:19.0468 9232 \Device\Harddisk0\DR0\Partition1 - ok

16:33:19.0468 9232 ============================================================

16:33:19.0468 9232 Scan finished

16:33:19.0468 9232 ============================================================

16:33:19.0500 4224 Detected object count: 0

16:33:19.0500 4224 Actual detected object count: 0

aswMBR Report:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-11-30 16:34:37

-----------------------------

16:34:37.718 OS Version: Windows 5.1.2600 Service Pack 3

16:34:37.718 Number of processors: 2 586 0x304

16:34:37.718 ComputerName: TOSHIBA-USER UserName: Just

16:34:45.890 Initialize success

17:01:31.421 AVAST engine defs: 12113001

17:02:11.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

17:02:11.578 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3

17:02:11.796 Disk 0 MBR read successfully

17:02:11.812 Disk 0 MBR scan

17:02:12.281 Disk 0 Windows XP default MBR code

17:02:12.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63

17:02:12.687 Disk 0 scanning sectors +117210240

17:02:13.703 Disk 0 scanning C:\WINDOWS\system32\drivers

17:03:20.593 Service scanning

17:05:51.234 Modules scanning

17:06:24.000 Disk 0 trace - called modules:

17:06:24.078 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys

17:06:24.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a64fab8]

17:06:24.093 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008f[0x8a5f19e8]

17:06:24.093 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5fa940]

17:06:24.093 \Driver\atapi[0x8a622f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf7717d60]

17:06:27.625 AVAST engine scan C:\WINDOWS

17:07:40.250 AVAST engine scan C:\WINDOWS\system32

17:32:12.437 AVAST engine scan C:\WINDOWS\system32\drivers

17:33:25.437 AVAST engine scan C:\Documents and Settings\Just

18:00:11.593 AVAST engine scan C:\Documents and Settings\All Users

18:03:16.125 Scan finished successfully

18:04:37.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Just\Desktop\MBR.dat"

18:04:37.234 The log file has been saved successfully to "C:\Documents and Settings\Just\Desktop\aswMBR1.txt"

Link to post
Share on other sites

<p>This time, ComboFix worked.</p>

<p>This is the report:</p>

<p> </p>

<p> </p>

<div>ComboFix 12-11-29.02 - Just 11/30/2012  19:28:59.1.2 - x86</div>

<div>Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1407.877 [GMT -6:00]</div>

<div>Running from: c:\documents and settings\Just\Desktop\ComboFix.exe</div>

<div>Command switches used :: /nombr</div>

<div>AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}</div>

<div>AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\documents and settings\Administrator\WINDOWS</div>

<div>c:\documents and settings\All Users\Application Data\18472756</div>

<div>c:\documents and settings\All Users\Application Data\19521332</div>

<div>c:\documents and settings\All Users\Application Data\TEMP</div>

<div>c:\documents and settings\Default User\WINDOWS</div>

<div>c:\documents and settings\Just\Application Data\Adobe\plugs</div>

<div>c:\documents and settings\Just\Application Data\Adobe\shed</div>

<div>c:\documents and settings\Just\Application Data\Love</div>

<div>c:\documents and settings\Just\Application Data\Love\mari0\options.txt</div>

<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}</div>

<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\chrome.manifest</div>

<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\chrome\content\overlay.xul</div>

<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\install.rdf</div>

<div>c:\documents and settings\Just\WINDOWS</div>

<div>c:\program files\LP</div>

<div>c:\windows\AutoRun.ini</div>

<div>c:\windows\EventSystem.log</div>

<div>c:\windows\iun6002.exe</div>

<div>c:\windows\system32\AutoRun.inf</div>

<div>c:\windows\system32\Cache</div>

<div>c:\windows\system32\Cache\272512937d9e61a4.fb</div>

<div>c:\windows\system32\Cache\287204568329e189.fb</div>

<div>c:\windows\system32\Cache\28bc8f716fd76a47.fb</div>

<div>c:\windows\system32\Cache\2c53092c95605355.fb</div>

<div>c:\windows\system32\Cache\32c84fe32bb74d60.fb</div>

<div>c:\windows\system32\Cache\3917078cb68ec657.fb</div>

<div>c:\windows\system32\Cache\590ba23ce359fd0c.fb</div>

<div>c:\windows\system32\Cache\610289e025a3ee9a.fb</div>

<div>c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb</div>

<div>c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb</div>

<div>c:\windows\system32\Cache\6d03dad1035885d3.fb</div>

<div>c:\windows\system32\Cache\9da7a57257febd31.fb</div>

<div>c:\windows\system32\Cache\a8556537add6dfc5.fb</div>

<div>c:\windows\system32\Cache\ad10a52aff5e038d.fb</div>

<div>c:\windows\system32\Cache\c1fa887b03019701.fb</div>

<div>c:\windows\system32\Cache\c4d28dca2e7648be.fb</div>

<div>c:\windows\system32\Cache\d201ef9910cd39de.fb</div>

<div>c:\windows\system32\Cache\d2e94710a5708128.fb</div>

<div>c:\windows\system32\Cache\d79b9dfe81484ec4.fb</div>

<div>c:\windows\system32\Cache\f998975c9cc711ee.fb</div>

<div>c:\windows\system32\config\systemprofile\WINDOWS</div>

<div>c:\windows\system32\dds_trash_log.cmd</div>

<div>c:\windows\system32\URTTemp</div>

<div>c:\windows\system32\URTTemp\fusion.dll</div>

<div>c:\windows\system32\URTTemp\mscoree.dll</div>

<div>c:\windows\system32\URTTemp\mscoree.dll.local</div>

<div>c:\windows\system32\URTTemp\mscorsn.dll</div>

<div>c:\windows\system32\URTTemp\mscorwks.dll</div>

<div>c:\windows\system32\URTTemp\msvcr71.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2012-11-01 to 2012-12-01  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2012-11-28 23:54 . 2012-11-28 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>388096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe</div>

<div>2012-11-28 23:54 . 2012-11-28 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Trend Micro</div>

<div>2012-11-27 18:32 . 2012-11-27 18:30<span class="Apple-tab-span" style="white-space:pre"> </span>143872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\javacpl.cpl</div>

<div>2012-11-27 18:31 . 2012-11-27 18:30<span class="Apple-tab-span" style="white-space:pre"> </span>93672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAccessBridge.dll</div>

<div>2012-11-25 05:04 . 2012-11-25 05:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Realtek AC97</div>

<div>2012-11-22 14:04 . 2012-11-22 14:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\xing shared</div>

<div>2012-11-17 12:09 . 2006-07-31 17:27<span class="Apple-tab-span" style="white-space:pre"> </span>217088<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\alcrmv.exe</div>

<div>2012-11-17 12:09 . 2006-07-31 17:19<span class="Apple-tab-span" style="white-space:pre"> </span>315392<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\alcupd.exe</div>

<div>2012-11-15 18:09 . 2012-11-15 18:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\Safer Networking</div>

<div>2012-11-15 18:08 . 2012-11-15 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Safer Networking</div>

<div>2012-11-15 00:43 . 2012-11-15 00:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\AVG2013</div>

<div>2012-11-14 21:44 . 2012-11-14 21:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG</div>

<div>2012-11-13 12:43 . 2012-11-15 04:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Local Settings\Application Data\Avg2013</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>2012-11-27 18:30 . 2012-07-15 02:16<span class="Apple-tab-span" style="white-space:pre"> </span>821736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\npDeployJava1.dll</div>

<div>2012-11-27 18:30 . 2010-12-16 01:08<span class="Apple-tab-span" style="white-space:pre"> </span>746984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div>

<div>2012-11-22 14:02 . 2006-07-11 23:35<span class="Apple-tab-span" style="white-space:pre"> </span>348160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msvcr71.dll</div>

<div>2012-10-22 19:02 . 2012-10-22 19:02<span class="Apple-tab-span" style="white-space:pre"> </span>179936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidsdriverx.sys</div>

<div>2012-10-15 09:48 . 2012-10-15 09:48<span class="Apple-tab-span" style="white-space:pre"> </span>55776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidshx.sys</div>

<div>2012-10-05 09:32 . 2012-10-05 09:32<span class="Apple-tab-span" style="white-space:pre"> </span>93536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgmfx86.sys</div>

<div>2012-10-02 09:30 . 2012-10-02 09:30<span class="Apple-tab-span" style="white-space:pre"> </span>159712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgldx86.sys</div>

<div>2012-09-30 00:54 . 2012-03-31 20:49<span class="Apple-tab-span" style="white-space:pre"> </span>22856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-09-21 09:46 . 2012-09-21 09:46<span class="Apple-tab-span" style="white-space:pre"> </span>164832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtdix.sys</div>

<div>2012-09-21 09:46 . 2012-09-21 09:46<span class="Apple-tab-span" style="white-space:pre"> </span>177376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avglogx.sys</div>

<div>2012-09-21 09:45 . 2012-09-21 09:45<span class="Apple-tab-span" style="white-space:pre"> </span>19936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidsshimx.sys</div>

<div>2012-09-14 09:05 . 2012-09-14 09:05<span class="Apple-tab-span" style="white-space:pre"> </span>35552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgrkx86.sys</div>

<div>2011-04-30 04:46 . 2011-04-30 04:46<span class="Apple-tab-span" style="white-space:pre"> </span>456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\0429201123462546.bat</div>

<div>2008-03-18 11:06 . 2008-03-18 11:07<span class="Apple-tab-span" style="white-space:pre"> </span>774144<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\RngInterstitial.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 335872]</div>

<div>"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-31 192512]</div>

<div>"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 638976]</div>

<div>"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]</div>

<div>"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 135168]</div>

<div>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]</div>

<div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]</div>

<div>"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]</div>

<div>"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-22 296096]</div>

<div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</div>

<div>.</div>

<div>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]</div>

<div>.</div>

<div>c:\documents and settings\Just\Start Menu\Programs\Startup\</div>

<div>PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2012-11-22 484976]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div>

<div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]</div>

<div>@="Driver"</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]</div>

<div>"AdobeBridge"=</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]</div>

<div>"NPSStartup"=</div>

<div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]</div>

<div>"DisableMonitoring"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]</div>

<div>"DisableMonitoring"=dword:00000001</div>

<div>.</div>

<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]</div>

<div>"DisableNotifications"= 1 (0x1)</div>

<div>.</div>

<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</div>

<div>"%windir%\\system32\\sessmgr.exe"=</div>

<div>"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=</div>

<div>"c:\\Program Files\\uTorrent\\uTorrent.exe"=</div>

<div>"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=</div>

<div>"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=</div>

<div>"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=</div>

<div>"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=</div>

<div>"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=</div>

<div>.</div>

<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]</div>

<div>"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4</div>

<div>"27910:TCP"= 27910:TCP:UFO AI</div>

<div>.</div>

<div>R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 55776]</div>

<div>R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]</div>

<div>R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]</div>

<div>R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 179936]</div>

<div>R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]</div>

<div>R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]</div>

<div>R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]</div>

<div>R1 ECioctl;ECioctl;c:\windows\system32\drivers\ECioctl.sys [5/6/2004 2:40 PM 4816]</div>

<div>R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]</div>

<div>R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/6/2012 9:00 PM 399432]</div>

<div>R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/19/2011 7:18 AM 148520]</div>

<div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/31/2012 2:49 PM 22856]</div>

<div>R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [9/11/2012 6:28 PM 13440]</div>

<div>S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/6/2012 7:00 PM 5814392]</div>

<div>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/31/2012 2:49 PM 676936]</div>

<div>S3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\drivers\CT_U_USBSER.sys [8/18/2012 8:09 PM 106496]</div>

<div>S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [5/18/2012 4:04 AM 42592]</div>

<div>S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [8/24/2012 2:28 AM 45608]</div>

<div>S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [11/2/2011 7:58 AM 404256]</div>

<div>S4 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys --> c:\windows\system32\DRIVERS\easytthr.sys [?]</div>

<div>S4 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [6/18/2011 5:14 PM 36608]</div>

<div>S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 6:28 PM 47128]</div>

<div>S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 1:49 AM 242712]</div>

<div>S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 6:28 PM 369688]</div>

<div>S4 UDisk Monitor;UDisk Monitor;c:\program files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [8/18/2012 8:09 PM 512000]</div>

<div>S4 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [10/13/2009 5:01 PM 52888]</div>

<div>.</div>

<div>--- Other Services/Drivers In Memory ---</div>

<div>.</div>

<div>*NewlyCreated* - 19560129</div>

<div>*Deregistered* - 19560129</div>

<div>*Deregistered* - aswMBR</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div>

<div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div>

<div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div>

<div>.</div>

<div>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs</div>

<div>KLOGNT</div>

<div>DM9102</div>

<div>w800mdfl</div>

<div>DevUpper</div>

<div>scramby</div>

<div>adobeactivefilemonitor4.0</div>

<div>nv4</div>

<div>acprfmgrsvc</div>

<div>IOSLINK</div>

<div>oracledbconsoleorcl</div>

<div>MA8032C</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:59]</div>

<div>.</div>

<div>2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:59]</div>

<div>.</div>

<div>2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div>

<div>- c:\documents and settings\Just\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-28 17:32]</div>

<div>.</div>

<div>2012-11-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>

<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>

<div>.</div>

<div>2012-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>

<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>

<div>.</div>

<div>2012-11-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>

<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>

<div>.</div>

<div>2012-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>

<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>

<div>.</div>

<div>2012-09-30 c:\windows\Tasks\ReclaimerResumeInstall_Just.job</div>

<div>- c:\documents and settings\Just\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-30 22:23]</div>

<div>.</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uStart Page = www.yahoo.com</div>

<div>uInternet Settings,ProxyOverride = *.local</div>

<div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</div>

<div>.</div>

<div>.</div>

<div>------- File Associations -------</div>

<div>.</div>

<div>regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1</div>

<div>.txt=</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)</div>

<div>WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)</div>

<div>SafeBoot-80275046.sys</div>

<div>SafeBoot-87008857.sys</div>

<div>SafeBoot-94267917.sys</div>

<div>SafeBoot-klmdb.sys</div>

<div>SafeBoot-WinDefend</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div>

<div>Rootkit scan 2012-11-30 19:53</div>

<div>Windows 5.1.2600 Service Pack 3 NTFS</div>

<div>.</div>

<div>scanning hidden processes ...  </div>

<div>.</div>

<div>scanning hidden autostart entries ... </div>

<div>.</div>

<div>scanning hidden files ...  </div>

<div>.</div>

<div>scan completed successfully</div>

<div>hidden files: 0</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>.</div>

<div>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]</div>

<div>@Denied: (2) (LocalSystem)</div>

<div>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div>

<div>   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,e9,5f,1e,c4,4b,1b,4f,b8,4d,8f,\</div>

<div>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div>

<div>   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,e9,5f,1e,c4,4b,1b,4f,b8,4d,8f,\</div>

<div>.</div>

<div>--------------------- DLLs Loaded Under Running Processes ---------------------</div>

<div>.</div>

<div>- - - - - - - > 'winlogon.exe'(1068)</div>

<div>c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll</div>

<div>.</div>

<div>Completion time: 2012-11-30  19:59:06</div>

<div>ComboFix-quarantined-files.txt  2012-12-01 01:59</div>

<div>.</div>

<div>Pre-Run: 8,098,377,728 bytes free</div>

<div>Post-Run: 9,064,124,416 bytes free</div>

<div>.</div>

<div>- - End Of File - - B73DAE9CCAA09511CAC0233572641D04</div>

<div> </div>

Link to post
Share on other sites

<p> </p>

<div>ComboFix 12-11-29.02 - Just 11/30/2012  19:28:59.1.2 - x86</div>

<div>Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1407.877 [GMT -6:00]</div>

<div>Running from: c:\documents and settings\Just\Desktop\ComboFix.exe</div>

<div>Command switches used :: /nombr</div>

<div>AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}</div>

<div>AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>c:\documents and settings\Administrator\WINDOWS</div>

<div>c:\documents and settings\All Users\Application Data\18472756</div>

<div>c:\documents and settings\All Users\Application Data\19521332</div>

<div>c:\documents and settings\All Users\Application Data\TEMP</div>

<div>c:\documents and settings\Default User\WINDOWS</div>

<div>c:\documents and settings\Just\Application Data\Adobe\plugs</div>

<div>c:\documents and settings\Just\Application Data\Adobe\shed</div>

<div>c:\documents and settings\Just\Application Data\Love</div>

<div>c:\documents and settings\Just\Application Data\Love\mari0\options.txt</div>

<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}</div>

<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\chrome.manifest</div>

<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\chrome\content\overlay.xul</div>

<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\install.rdf</div>

<div>c:\documents and settings\Just\WINDOWS</div>

<div>c:\program files\LP</div>

<div>c:\windows\AutoRun.ini</div>

<div>c:\windows\EventSystem.log</div>

<div>c:\windows\iun6002.exe</div>

<div>c:\windows\system32\AutoRun.inf</div>

<div>c:\windows\system32\Cache</div>

<div>c:\windows\system32\Cache\272512937d9e61a4.fb</div>

<div>c:\windows\system32\Cache\287204568329e189.fb</div>

<div>c:\windows\system32\Cache\28bc8f716fd76a47.fb</div>

<div>c:\windows\system32\Cache\2c53092c95605355.fb</div>

<div>c:\windows\system32\Cache\32c84fe32bb74d60.fb</div>

<div>c:\windows\system32\Cache\3917078cb68ec657.fb</div>

<div>c:\windows\system32\Cache\590ba23ce359fd0c.fb</div>

<div>c:\windows\system32\Cache\610289e025a3ee9a.fb</div>

<div>c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb</div>

<div>c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb</div>

<div>c:\windows\system32\Cache\6d03dad1035885d3.fb</div>

<div>c:\windows\system32\Cache\9da7a57257febd31.fb</div>

<div>c:\windows\system32\Cache\a8556537add6dfc5.fb</div>

<div>c:\windows\system32\Cache\ad10a52aff5e038d.fb</div>

<div>c:\windows\system32\Cache\c1fa887b03019701.fb</div>

<div>c:\windows\system32\Cache\c4d28dca2e7648be.fb</div>

<div>c:\windows\system32\Cache\d201ef9910cd39de.fb</div>

<div>c:\windows\system32\Cache\d2e94710a5708128.fb</div>

<div>c:\windows\system32\Cache\d79b9dfe81484ec4.fb</div>

<div>c:\windows\system32\Cache\f998975c9cc711ee.fb</div>

<div>c:\windows\system32\config\systemprofile\WINDOWS</div>

<div>c:\windows\system32\dds_trash_log.cmd</div>

<div>c:\windows\system32\URTTemp</div>

<div>c:\windows\system32\URTTemp\fusion.dll</div>

<div>c:\windows\system32\URTTemp\mscoree.dll</div>

<div>c:\windows\system32\URTTemp\mscoree.dll.local</div>

<div>c:\windows\system32\URTTemp\mscorsn.dll</div>

<div>c:\windows\system32\URTTemp\mscorwks.dll</div>

<div>c:\windows\system32\URTTemp\msvcr71.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((   Files Created from 2012-11-01 to 2012-12-01  )))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>2012-11-28 23:54 . 2012-11-28 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>388096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe</div>

<div>2012-11-28 23:54 . 2012-11-28 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Trend Micro</div>

<div>2012-11-27 18:32 . 2012-11-27 18:30<span class="Apple-tab-span" style="white-space:pre"> </span>143872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\javacpl.cpl</div>

<div>2012-11-27 18:31 . 2012-11-27 18:30<span class="Apple-tab-span" style="white-space:pre"> </span>93672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAccessBridge.dll</div>

<div>2012-11-25 05:04 . 2012-11-25 05:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Realtek AC97</div>

<div>2012-11-22 14:04 . 2012-11-22 14:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\xing shared</div>

<div>2012-11-17 12:09 . 2006-07-31 17:27<span class="Apple-tab-span" style="white-space:pre"> </span>217088<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\alcrmv.exe</div>

<div>2012-11-17 12:09 . 2006-07-31 17:19<span class="Apple-tab-span" style="white-space:pre"> </span>315392<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\alcupd.exe</div>

<div>2012-11-15 18:09 . 2012-11-15 18:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\Safer Networking</div>

<div>2012-11-15 18:08 . 2012-11-15 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Safer Networking</div>

<div>2012-11-15 00:43 . 2012-11-15 00:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\AVG2013</div>

<div>2012-11-14 21:44 . 2012-11-14 21:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG</div>

<div>2012-11-13 12:43 . 2012-11-15 04:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Local Settings\Application Data\Avg2013</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>2012-11-27 18:30 . 2012-07-15 02:16<span class="Apple-tab-span" style="white-space:pre"> </span>821736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\npDeployJava1.dll</div>

<div>2012-11-27 18:30 . 2010-12-16 01:08<span class="Apple-tab-span" style="white-space:pre"> </span>746984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div>

<div>2012-11-22 14:02 . 2006-07-11 23:35<span class="Apple-tab-span" style="white-space:pre"> </span>348160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msvcr71.dll</div>

<div>2012-10-22 19:02 . 2012-10-22 19:02<span class="Apple-tab-span" style="white-space:pre"> </span>179936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidsdriverx.sys</div>

<div>2012-10-15 09:48 . 2012-10-15 09:48<span class="Apple-tab-span" style="white-space:pre"> </span>55776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidshx.sys</div>

<div>2012-10-05 09:32 . 2012-10-05 09:32<span class="Apple-tab-span" style="white-space:pre"> </span>93536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgmfx86.sys</div>

<div>2012-10-02 09:30 . 2012-10-02 09:30<span class="Apple-tab-span" style="white-space:pre"> </span>159712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgldx86.sys</div>

<div>2012-09-30 00:54 . 2012-03-31 20:49<span class="Apple-tab-span" style="white-space:pre"> </span>22856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-09-21 09:46 . 2012-09-21 09:46<span class="Apple-tab-span" style="white-space:pre"> </span>164832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtdix.sys</div>

<div>2012-09-21 09:46 . 2012-09-21 09:46<span class="Apple-tab-span" style="white-space:pre"> </span>177376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avglogx.sys</div>

<div>2012-09-21 09:45 . 2012-09-21 09:45<span class="Apple-tab-span" style="white-space:pre"> </span>19936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidsshimx.sys</div>

<div>2012-09-14 09:05 . 2012-09-14 09:05<span class="Apple-tab-span" style="white-space:pre"> </span>35552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgrkx86.sys</div>

<div>2011-04-30 04:46 . 2011-04-30 04:46<span class="Apple-tab-span" style="white-space:pre"> </span>456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\0429201123462546.bat</div>

<div>2008-03-18 11:06 . 2008-03-18 11:07<span class="Apple-tab-span" style="white-space:pre"> </span>774144<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\RngInterstitial.dll</div>

<div>.</div>

<div>.</div>

<div>(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>.</div>

<div>.</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 335872]</div>

<div>"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-31 192512]</div>

<div>"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 638976]</div>

<div>"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]</div>

<div>"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 135168]</div>

<div>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]</div>

<div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]</div>

<div>"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]</div>

<div>"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-22 296096]</div>

<div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</div>

<div>.</div>

<div>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]</div>

<div>.</div>

<div>c:\documents and settings\Just\Start Menu\Programs\Startup\</div>

<div>PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2012-11-22 484976]</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div>

<div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]</div>

<div>@="Driver"</div>

<div>.</div>

<div>[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]</div>

<div>"AdobeBridge"=</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]</div>

<div>"NPSStartup"=</div>

<div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]</div>

<div>"DisableMonitoring"=dword:00000001</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]</div>

<div>"DisableMonitoring"=dword:00000001</div>

<div>.</div>

<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]</div>

<div>"DisableNotifications"= 1 (0x1)</div>

<div>.</div>

<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</div>

<div>"%windir%\\system32\\sessmgr.exe"=</div>

<div>"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=</div>

<div>"c:\\Program Files\\uTorrent\\uTorrent.exe"=</div>

<div>"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=</div>

<div>"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=</div>

<div>"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=</div>

<div>"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=</div>

<div>"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=</div>

<div>.</div>

<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]</div>

<div>"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4</div>

<div>"27910:TCP"= 27910:TCP:UFO AI</div>

<div>.</div>

<div>R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 55776]</div>

<div>R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]</div>

<div>R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]</div>

<div>R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 179936]</div>

<div>R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]</div>

<div>R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]</div>

<div>R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]</div>

<div>R1 ECioctl;ECioctl;c:\windows\system32\drivers\ECioctl.sys [5/6/2004 2:40 PM 4816]</div>

<div>R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]</div>

<div>R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/6/2012 9:00 PM 399432]</div>

<div>R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/19/2011 7:18 AM 148520]</div>

<div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/31/2012 2:49 PM 22856]</div>

<div>R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [9/11/2012 6:28 PM 13440]</div>

<div>S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/6/2012 7:00 PM 5814392]</div>

<div>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/31/2012 2:49 PM 676936]</div>

<div>S3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\drivers\CT_U_USBSER.sys [8/18/2012 8:09 PM 106496]</div>

<div>S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [5/18/2012 4:04 AM 42592]</div>

<div>S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [8/24/2012 2:28 AM 45608]</div>

<div>S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [11/2/2011 7:58 AM 404256]</div>

<div>S4 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys --> c:\windows\system32\DRIVERS\easytthr.sys [?]</div>

<div>S4 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [6/18/2011 5:14 PM 36608]</div>

<div>S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 6:28 PM 47128]</div>

<div>S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 1:49 AM 242712]</div>

<div>S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 6:28 PM 369688]</div>

<div>S4 UDisk Monitor;UDisk Monitor;c:\program files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [8/18/2012 8:09 PM 512000]</div>

<div>S4 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [10/13/2009 5:01 PM 52888]</div>

<div>.</div>

<div>--- Other Services/Drivers In Memory ---</div>

<div>.</div>

<div>*NewlyCreated* - 19560129</div>

<div>*Deregistered* - 19560129</div>

<div>*Deregistered* - aswMBR</div>

<div>.</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div>

<div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div>

<div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ   <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div>

<div>.</div>

<div>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs</div>

<div>KLOGNT</div>

<div>DM9102</div>

<div>w800mdfl</div>

<div>DevUpper</div>

<div>scramby</div>

<div>adobeactivefilemonitor4.0</div>

<div>nv4</div>

<div>acprfmgrsvc</div>

<div>IOSLINK</div>

<div>oracledbconsoleorcl</div>

<div>MA8032C</div>

<div>.</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>.</div>

<div>2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:59]</div>

<div>.</div>

<div>2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div>

<div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:59]</div>

<div>.</div>

<div>2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div>

<div>- c:\documents and settings\Just\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-28 17:32]</div>

<div>.</div>

<div>2012-11-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>

<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>

<div>.</div>

<div>2012-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>

<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>

<div>.</div>

<div>2012-11-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>

<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>

<div>.</div>

<div>2012-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>

<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>

<div>.</div>

<div>2012-09-30 c:\windows\Tasks\ReclaimerResumeInstall_Just.job</div>

<div>- c:\documents and settings\Just\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-30 22:23]</div>

<div>.</div>

<div>.</div>

<div>------- Supplementary Scan -------</div>

<div>.</div>

<div>uStart Page = www.yahoo.com</div>

<div>uInternet Settings,ProxyOverride = *.local</div>

<div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</div>

<div>.</div>

<div>.</div>

<div>------- File Associations -------</div>

<div>.</div>

<div>regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1</div>

<div>.txt=</div>

<div>.</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>.</div>

<div>URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)</div>

<div>WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)</div>

<div>SafeBoot-80275046.sys</div>

<div>SafeBoot-87008857.sys</div>

<div>SafeBoot-94267917.sys</div>

<div>SafeBoot-klmdb.sys</div>

<div>SafeBoot-WinDefend</div>

<div>.</div>

<div>.</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div>

<div>Rootkit scan 2012-11-30 19:53</div>

<div>Windows 5.1.2600 Service Pack 3 NTFS</div>

<div>.</div>

<div>scanning hidden processes ...  </div>

<div>.</div>

<div>scanning hidden autostart entries ... </div>

<div>.</div>

<div>scanning hidden files ...  </div>

<div>.</div>

<div>scan completed successfully</div>

<div>hidden files: 0</div>

<div>.</div>

<div>**************************************************************************</div>

<div>.</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>.</div>

<div>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]</div>

<div>@Denied: (2) (LocalSystem)</div>

<div>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div>

<div>   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,e9,5f,1e,c4,4b,1b,4f,b8,4d,8f,\</div>

<div>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div>

<div>   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,e9,5f,1e,c4,4b,1b,4f,b8,4d,8f,\</div>

<div>.</div>

<div>--------------------- DLLs Loaded Under Running Processes ---------------------</div>

<div>.</div>

<div>- - - - - - - > 'winlogon.exe'(1068)</div>

<div>c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll</div>

<div>.</div>

<div>Completion time: 2012-11-30  19:59:06</div>

<div>ComboFix-quarantined-files.txt  2012-12-01 01:59</div>

<div>.</div>

<div>Pre-Run: 8,098,377,728 bytes free</div>

<div>Post-Run: 9,064,124,416 bytes free</div>

<div>.</div>

<div>- - End Of File - - B73DAE9CCAA09511CAC0233572641D04</div>

<div> </div>

Link to post
Share on other sites

  • Staff

Hello

I want you to reset the DMA you can do this by this script here - Reset DMA

If you have problems when you click on the link try to right click on the link and select "Save Target As" and then save to your desktop.

Once it is on your desktop right click on the file and select "Run"

If you still can't run it then you can go here "Reset DMA" to see what I want to do

Gringo

Link to post
Share on other sites

  • Staff

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

<p>OTL Report:</p>

<p> </p>

<p> </p>

<div>OTL logfile created on: 11/30/2012 11:44:17 PM - Run 2</div>

<div>OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Just\Desktop</div>

<div>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</div>

<div>Internet Explorer (Version = 8.0.6001.18702)</div>

<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>

<div> </div>

<div>1.37 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 66.22% Memory free</div>

<div>1.89 Gb Paging File | 1.46 Gb Available in Paging File | 77.48% Paging File free</div>

<div>Paging file location(s): C:\pagefile.sys 672 1344 [binary data]</div>

<div> </div>

<div>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</div>

<div>Drive C: | 55.89 Gb Total Space | 8.48 Gb Free Space | 15.17% Space Free | Partition Type: NTFS</div>

<div> </div>

<div>Computer Name: TOSHIBA-USER | User Name: Just | Logged in as Administrator.</div>

<div>Boot Mode: Normal | Scan Mode: All users</div>

<div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div>

<div> </div>

<div>========== Processes (SafeList) ==========</div>

<div> </div>

<div>PRC - C:\Documents and Settings\Just\Desktop\OTL.exe (OldTimer Tools)</div>

<div>PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div>

<div>PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div>

<div>PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div>

<div>PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div>

<div>PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div>

<div>PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>

<div>PRC - C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div>

<div>PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div>

<div>PRC - C:\WINDOWS\system32\acs.exe ()</div>

<div>PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div>

<div>PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)</div>

<div>PRC - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div>

<div>PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div>

<div>PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div>

<div> </div>

<div> </div>

<div>========== Modules (No Company Name) ==========</div>

<div> </div>

<div>MOD - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div>

<div>MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()</div>

<div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()</div>

<div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div>

<div>MOD - C:\WINDOWS\system32\acs.exe ()</div>

<div> </div>

<div> </div>

<div>========== Services (SafeList) ==========</div>

<div> </div>

<div>SRV - (relational) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div>

<div>SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found</div>

<div>SRV - (mnsframework) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div>

<div>SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found</div>

<div>SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div>

<div>SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div>

<div>SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div>

<div>SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</div>

<div>SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div>

<div>SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)</div>

<div>SRV - (UDisk Monitor) -- C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe ()</div>

<div>SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div>

<div>SRV - (VRAID Log Service) -- C:\Program Files\VIA\RAID\vialogsv.exe ()</div>

<div>SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)</div>

<div>SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)</div>

<div>SRV - (Swupdtmr) -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ()</div>

<div>SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()</div>

<div>SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div>

<div>SRV - (CeEPwrSvc) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div>

<div>SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div>

<div> </div>

<div> </div>

<div>========== Driver Services (SafeList) ==========</div>

<div> </div>

<div>DRV - (wanatw) -- System32\DRIVERS\wanatw4.sys File not found</div>

<div>DRV - (PCIDump) --  File not found</div>

<div>DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found</div>

<div>DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found</div>

<div>DRV - (MR97310_USB_DUAL_CAMERA) -- system32\DRIVERS\mr97310c.sys File not found</div>

<div>DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found</div>

<div>DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found</div>

<div>DRV - (catchme) -- C:\DOCUME~1\Just\LOCALS~1\Temp\catchme.sys File not found</div>

<div>DRV - (18059) -- globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found</div>

<div>DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )</div>

<div>DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )</div>

<div>DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)</div>

<div>DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )</div>

<div>DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)</div>

<div>DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)</div>

<div>DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)</div>

<div>DRV - (SRS_AE_Service) -- C:\WINDOWS\system32\drivers\SRS_AE_i386.sys ()</div>

<div>DRV - (Generalusbserialser20675) -- C:\WINDOWS\system32\drivers\CT_U_USBSER.sys (Incorporated)</div>

<div>DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)</div>

<div>DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)</div>

<div>DRV - (qrkis) -- C:\WINDOWS\system32\drivers\qrkis.sys (Tether)</div>

<div>DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()</div>

<div>DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)</div>

<div>DRV - (SRS_SSCFilter) -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys ()</div>

<div>DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)</div>

<div>DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )</div>

<div>DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div>

<div>DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div>

<div>DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)</div>

<div>DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)</div>

<div>DRV - (RsFx0102) -- C:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation)</div>

<div>DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))</div>

<div>DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)</div>

<div>DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)</div>

<div>DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)</div>

<div>DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)</div>

<div>DRV - (EPOWER) -- C:\WINDOWS\system32\drivers\hkdrv.sys (Compal Electronic Inc.)</div>

<div>DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)</div>

<div>DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)</div>

<div>DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)</div>

<div>DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)</div>

<div>DRV - (ECioctl) -- C:\WINDOWS\system32\drivers\ECioctl.sys (TOSHIBA )</div>

<div>DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)</div>

<div>DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.)</div>

<div>DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)</div>

<div>DRV - (SrvcEPIOMngr) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)</div>

<div>DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)</div>

<div>DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)</div>

<div>DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)</div>

<div>DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)</div>

<div>DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)</div>

<div>DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)</div>

<div>DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)</div>

<div>DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation                           )</div>

<div>DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()</div>

<div>DRV - (caboagp) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS (ATI Technologies Inc.)</div>

<div>DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)</div>

<div>DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)</div>

<div>DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)</div>

<div>DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\SMCIRDA.SYS (SMC)</div>

<div> </div>

<div> </div>

<div>========== Standard Registry (SafeList) ==========</div>

<div> </div>

<div> </div>

<div>========== Internet Explorer ==========</div>

<div> </div>

<div>IE - HKLM\..\SearchScopes,DefaultScope = </div>

<div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div>

<div> </div>

<div> </div>

<div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div>

<div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div>

<div>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = </div>

<div>IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div>

<div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div>

<div>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = </div>

<div>IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes,DefaultScope = </div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201202189F814AE5A53F23152857BD60&q={searchTerms}</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4192031A-6069-4FCE-96EB-85CAB8FF0237}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4B42AEAD-4FCA-4A4A-8971-5F67DF6CD34D}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={25330A0F-1AFF-40EB-9CDD-7C39B26B1797}&mid=b11d2286b1c447d0a80dd1d9d053aeab-eb14df7d87ec26bb2309bd26fddc922cfb7869fd&lang=en&ds=dw011&pr=sa&d=2012-04-06 02:54:53&v=10.2.0.3&sap=dsp&q={searchTerms}</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</div>

<div> </div>

<div>========== FireFox ==========</div>

<div> </div>

<div>FF - prefs.js..browser.search.defaultenginename: "bing"</div>

<div>FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"</div>

<div>FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"</div>

<div>FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"</div>

<div>FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"</div>

<div>FF - prefs.js..browser.search.useDBForOrder: true</div>

<div>FF - prefs.js..browser.startup.homepage: "www.yahoo.com"</div>

<div>FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1</div>

<div>FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704</div>

<div>FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0</div>

<div>FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5</div>

<div>FF - prefs.js..extensions.enabledAddons: webrank-toolbar@probcomp.com:4.0</div>

<div>FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.6.0.10</div>

<div>FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div>

<div>FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6</div>

<div>FF - prefs.js..extensions.enabledItems: killjasmin@pierros14.com:2.3</div>

<div>FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323</div>

<div>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0</div>

<div>FF - prefs.js..extensions.enabledItems: amin.eft_PhProxy@gmail.com:4.0.1C</div>

<div>FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1</div>

<div>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24</div>

<div>FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div>

<div>FF - prefs.js..network.proxy.ftp: "84.25.123.69"</div>

<div>FF - prefs.js..network.proxy.ftp_port: 8080</div>

<div>FF - prefs.js..network.proxy.gopher: "84.25.123.69"</div>

<div>FF - prefs.js..network.proxy.gopher_port: 8080</div>

<div>FF - prefs.js..network.proxy.socks: "84.25.123.69"</div>

<div>FF - prefs.js..network.proxy.socks_port: 8080</div>

<div>FF - prefs.js..network.proxy.ssl: "84.25.123.69"</div>

<div>FF - prefs.js..network.proxy.ssl_port: 8080</div>

<div>FF - prefs.js..network.proxy.http: "127.0.0.1"</div>

<div>FF - prefs.js..network.proxy.http_port: 61333</div>

<div>FF - prefs.js..network.proxy.type: 1</div>

<div> </div>

<div> </div>

<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()</div>

<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter:  File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0:  File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1:  File not found</div>

<div>FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3:  File not found</div>

<div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div>

<div> </div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div>

<div> </div>

<div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions</div>

<div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\home2@tomtom.com</div>

<div>[2010/02/22 23:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\mozswing@mozswing.org</div>

<div>[2012/04/20 02:35:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions</div>

<div>[2010/05/13 04:55:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div>

<div>[2012/04/20 02:35:42 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}</div>

<div>[2011/07/09 04:15:10 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}</div>

<div>[2011/08/19 06:59:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}</div>

<div>[2011/09/18 03:33:10 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}</div>

<div>[2012/11/13 00:54:46 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com</div>

<div>[2011/10/22 11:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com</div>

<div>[2011/02/27 16:12:01 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\tineye@ideeinc.com</div>

<div>[2012/11/13 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode</div>

<div>[2011/08/27 21:57:12 | 000,045,689 | ---- | M] () (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\webrank-toolbar@probcomp.com.xpi</div>

<div>[2010/06/20 22:25:45 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\bing.xml</div>

<div>[2010/01/20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml</div>

<div>[2012/11/22 08:04:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT</div>

<div>[2011/04/18 21:04:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF</div>

<div> </div>

<div>========== Chrome  ==========</div>

<div> </div>

<div>CHR - default_search_provider: Google (Enabled)</div>

<div>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</div>

<div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}</div>

<div>CHR - plugin: Remoting Viewer (Disabled) = internal-remoting-viewer</div>

<div>CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll</div>

<div>CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll</div>

<div>CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll</div>

<div>CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll</div>

<div>CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll</div>

<div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</div>

<div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll</div>

<div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll</div>

<div>CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll</div>

<div>CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll</div>

<div>CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll</div>

<div>CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll</div>

<div>CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll</div>

<div>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll</div>

<div>CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll</div>

<div>CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll</div>

<div>CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll</div>

<div>CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</div>

<div>CHR - plugin: Shockwave for Director (Disabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll</div>

<div>CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll</div>

<div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll</div>

<div>CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll</div>

<div>CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\</div>

<div>CHR - Extension: AdBlock = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.48_0\</div>

<div> </div>

<div>O1 HOSTS File: ([2012/11/30 19:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</div>

<div>O1 - Hosts: 127.0.0.1       localhost</div>

<div>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)</div>

<div>O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)</div>

<div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</div>

<div>O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div>

<div>O3 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.</div>

<div>O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div>

<div>O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div>

<div>O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div>

<div>O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)</div>

<div>O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)</div>

<div>O4 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div>

<div>O4 - Startup: C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div>

<div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</div>

<div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>

<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>

<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div>

<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>

<div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>

<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>

<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div>

<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>

<div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>

<div>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>

<div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>

<div>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>

<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>

<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>

<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>

<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>

<div>O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab (Support.com Configuration Class)</div>

<div>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)</div>

<div>O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)</div>

<div>O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)</div>

<div>O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)</div>

<div>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)</div>

<div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)</div>

<div>O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)</div>

<div>O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div>

<div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div>

<div>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</div>

<div>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</div>

<div>O24 - Desktop Components:0 () - </div>

<div>O24 - Desktop WallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div>

<div>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div>

<div>O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)</div>

<div>O32 - HKLM CDRom: AutoRun - 1</div>

<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>

<div>O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)</div>

<div>O35 - HKLM\..comfile [open] -- "%1" %*</div>

<div>O35 - HKLM\..exefile [open] -- "%1" %*</div>

<div>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</div>

<div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div>

<div> </div>

<div>========== Files/Folders - Created Within 30 Days ==========</div>

<div> </div>

<div>[2012/11/30 23:40:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div>

<div>[2012/11/30 16:26:17 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div>

<div>[2012/11/30 16:25:01 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div>

<div>[2012/11/29 14:05:03 | 005,009,014 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div>

<div>[2012/11/28 22:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\RK_Quarantine</div>

<div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro</div>

<div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Start Menu\Programs\HiJackThis</div>

<div>[2012/11/27 19:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PdaNet for Android</div>

<div>[2012/11/27 12:32:35 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div>

<div>[2012/11/27 12:32:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div>

<div>[2012/11/27 12:31:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div>

<div>[2012/11/27 12:31:55 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div>

<div>[2012/11/27 12:31:54 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div>

<div>[2012/11/25 14:08:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div>

<div>[2012/11/25 14:07:02 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div>

<div>[2012/11/24 23:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97</div>

<div>[2012/11/24 22:52:58 | 018,734,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div>

<div>[2012/11/22 08:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared</div>

<div>[2012/11/22 08:03:27 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div>

<div>[2012/11/22 08:02:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div>

<div>[2012/11/22 08:02:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div>

<div>[2012/11/22 08:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks</div>

<div>[2012/11/22 08:02:34 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div>

<div>[2012/11/17 06:09:07 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe</div>

<div>[2012/11/17 06:09:07 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe</div>

<div>[2012/11/15 12:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\Safer Networking</div>

<div>[2012/11/15 12:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safer Networking</div>

<div>[2012/11/15 12:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking</div>

<div>[2012/11/14 18:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\AVG2013</div>

<div>[2012/11/14 15:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG</div>

<div>[2012/11/14 15:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG</div>

<div>[2012/11/13 06:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Local Settings\Application Data\Avg2013</div>

<div>[2012/11/13 04:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner</div>

<div>[2012/11/13 03:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\New Folder</div>

<div>[2012/11/11 05:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy</div>

<div>[2012/11/01 11:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\Justin</div>

<div>[2008/03/18 05:07:50 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll</div>

<div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div>

<div> </div>

<div>========== Files - Modified Within 30 Days ==========</div>

<div> </div>

<div>[2012/11/30 23:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div>

<div>[2012/11/30 23:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div>

<div>[2012/11/30 21:59:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</div>

<div>[2012/11/30 21:57:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div>

<div>[2012/11/30 21:57:26 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>

<div>[2012/11/30 21:57:25 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>

<div>[2012/11/30 21:56:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</div>

<div>[2012/11/30 21:56:53 | 1475,399,680 | -HS- | M] () -- C:\hiberfil.sys</div>

<div>[2012/11/30 21:53:57 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div>

<div>[2012/11/30 19:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts</div>

<div>[2012/11/30 19:05:22 | 000,005,525 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div>

<div>[2012/11/30 18:18:57 | 000,033,244 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div>

<div>[2012/11/30 18:04:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div>

<div>[2012/11/30 16:32:06 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Google Chrome.lnk</div>

<div>[2012/11/30 16:27:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div>

<div>[2012/11/30 16:25:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div>

<div>[2012/11/30 15:36:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>

<div>[2012/11/30 14:44:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div>

<div>[2012/11/30 14:25:14 | 044,431,717 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div>

<div>[2012/11/29 23:11:06 | 000,101,455 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div>

<div>[2012/11/29 14:53:17 | 005,009,014 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div>

<div>[2012/11/29 02:11:50 | 030,479,732 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001.flv</div>

<div>[2012/11/28 21:52:32 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div>

<div>[2012/11/28 21:52:12 | 000,480,125 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div>

<div>[2012/11/28 21:51:19 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div>

<div>[2012/11/28 21:42:52 | 000,002,162 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div>

<div>[2012/11/28 17:55:46 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div>

<div>[2012/11/27 19:31:38 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div>

<div>[2012/11/27 16:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>

<div>[2012/11/27 12:30:48 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div>

<div>[2012/11/27 12:30:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div>

<div>[2012/11/27 12:30:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div>

<div>[2012/11/27 12:30:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div>

<div>[2012/11/27 12:30:32 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div>

<div>[2012/11/27 12:30:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll</div>

<div>[2012/11/27 12:30:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll</div>

<div>[2012/11/25 14:10:00 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div>

<div>[2012/11/25 14:08:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div>

<div>[2012/11/24 23:00:13 | 018,734,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div>

<div>[2012/11/22 21:30:06 | 000,083,710 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div>

<div>[2012/11/22 09:46:02 | 002,296,926 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div>

<div>[2012/11/22 09:43:21 | 000,668,484 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div>

<div>[2012/11/22 09:34:17 | 004,560,896 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div>

<div>[2012/11/22 08:05:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div>

<div>[2012/11/22 08:03:27 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div>

<div>[2012/11/22 08:02:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div>

<div>[2012/11/22 08:02:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div>

<div>[2012/11/22 08:02:34 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div>

<div>[2012/11/20 14:51:26 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div>

<div>[2012/11/17 04:38:07 | 000,095,719 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div>

<div>[2012/11/14 15:52:11 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div>

<div>[2012/11/13 19:22:31 | 002,423,582 | ---- | M] () -- C:\Documents and Settings\Just\My Documents\AutoRuns.arn</div>

<div>[2012/11/11 18:44:27 | 000,000,354 | RHS- | M] () -- C:\boot.ini</div>

<div>[2012/11/11 02:41:31 | 000,529,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</div>

<div>[2012/11/11 02:41:30 | 000,103,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</div>

<div>[2012/11/06 00:16:31 | 249,116,964 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div>

<div>[2012/11/04 16:05:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div>

<div>[2012/11/03 14:47:12 | 000,132,737 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div>

<div>[2012/11/03 14:40:39 | 000,350,297 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div>

<div>[2012/11/01 15:40:08 | 000,030,954 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div>

<div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div>

<div> </div>

<div>========== Files Created - No Company Name ==========</div>

<div> </div>

<div>[2012/11/30 21:54:00 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div>

<div>[2012/11/30 19:05:42 | 000,005,525 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div>

<div>[2012/11/30 18:19:12 | 000,033,244 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div>

<div>[2012/11/30 14:39:08 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div>

<div>[2012/11/30 14:09:30 | 044,431,717 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div>

<div>[2012/11/29 23:11:15 | 000,101,455 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div>

<div>[2012/11/29 01:57:06 | 030,479,732 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001.flv</div>

<div>[2012/11/28 21:52:21 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div>

<div>[2012/11/28 21:52:02 | 000,480,125 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div>

<div>[2012/11/28 21:51:00 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div>

<div>[2012/11/28 21:42:55 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div>

<div>[2012/11/28 20:17:16 | 1475,399,680 | -HS- | C] () -- C:\hiberfil.sys</div>

<div>[2012/11/28 17:54:04 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div>

<div>[2012/11/27 19:31:38 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div>

<div>[2012/11/25 16:00:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div>

<div>[2012/11/22 21:29:56 | 000,083,710 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div>

<div>[2012/11/22 09:45:04 | 002,296,926 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div>

<div>[2012/11/22 09:42:46 | 000,668,484 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div>

<div>[2012/11/22 09:33:09 | 004,560,896 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div>

<div>[2012/11/22 08:05:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div>

<div>[2012/11/17 04:38:20 | 000,095,719 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div>

<div>[2012/11/14 15:52:11 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div>

<div>[2012/11/13 04:20:48 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div>

<div>[2012/11/05 22:09:22 | 249,116,964 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div>

<div>[2012/11/04 16:05:04 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div>

<div>[2012/11/04 16:04:49 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk</div>

<div>[2012/11/04 16:04:47 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk</div>

<div>[2012/11/04 16:04:46 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk</div>

<div>[2012/11/03 15:33:30 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk</div>

<div>[2012/11/03 14:47:03 | 000,132,737 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div>

<div>[2012/11/03 14:40:39 | 000,350,297 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div>

<div>[2012/11/01 15:40:06 | 000,030,954 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div>

<div>[2012/10/29 14:03:54 | 053,863,379 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload</div>

<div>[2012/10/29 14:03:54 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload.aamd</div>

<div>[2012/03/29 15:01:02 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\WebpageIcons.db</div>

<div>[2012/02/14 17:12:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</div>

<div>[2011/12/07 00:04:27 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll</div>

<div>[2011/12/06 23:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat</div>

<div>[2011/11/02 07:58:48 | 000,404,256 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys</div>

<div>[2011/10/30 06:13:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe</div>

<div>[2011/07/21 16:23:16 | 000,081,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat</div>

<div>[2011/06/18 17:14:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll</div>

<div>[2011/06/18 17:14:34 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys</div>

<div>[2011/06/18 17:13:18 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\$_hpcst$.hpc</div>

<div>[2011/06/08 22:01:38 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\fusioncache.dat</div>

<div>[2011/05/25 02:45:29 | 000,000,393 | ---- | C] () -- C:\WINDOWS\AITOOLS.INI</div>

<div>[2011/04/29 22:46:25 | 000,000,456 | ---- | C] () -- C:\Program Files\0429201123462546.bat</div>

<div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68</div>

<div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ci256wkm68</div>

<div>[2011/04/02 12:24:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzugogevu.dat</div>

<div>[2011/04/02 12:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bzacujekafiyaci.bin</div>

<div>[2010/12/11 19:51:44 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll</div>

<div>[2010/12/11 19:51:44 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll</div>

<div>[2010/12/11 19:51:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll</div>

<div>[2010/12/11 19:51:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll</div>

<div>[2010/12/11 19:51:43 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll</div>

<div>[2010/12/11 19:51:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll</div>

<div>[2010/12/11 19:51:39 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll</div>

<div>[2010/12/11 19:36:34 | 000,762,368 | ---- | C] () -- C:\WINDOWS\System32\kcpp.dll</div>

<div>[2010/12/09 15:23:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe</div>

<div>[2010/12/09 15:23:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe</div>

<div>[2010/12/09 15:23:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe</div>

<div>[2010/12/09 15:23:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe</div>

<div>[2010/12/09 15:23:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe</div>

<div>[2010/11/18 19:37:53 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\start</div>

<div>[2010/09/18 12:00:24 | 002,638,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-342708476-2127193123-2648729015-1316-0.dat</div>

<div>[2010/09/18 12:00:22 | 000,385,146 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat</div>

<div>[2010/01/31 06:11:24 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div>

<div>[2009/05/19 17:26:10 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat</div>

<div> </div>

<div>========== ZeroAccess Check ==========</div>

<div> </div>

<div>[2003/12/02 15:15:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini</div>

<div> </div>

<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>

<div> </div>

<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>

<div>"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Apartment</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</div>

<div>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Free</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</div>

<div>"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Both</div>

<div> </div>

<div>< End of report ></div>

<div> </div>

Link to post
Share on other sites

<p> </p>

<div>Sorry.  I really don't know what happened in my last post.</div>

<div>Here is the OTL Report:</div>

<div> </div>

<div>OTL logfile created on: 11/30/2012 11:44:17 PM - Run 2</div>

<div>OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Just\Desktop</div>

<div>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</div>

<div>Internet Explorer (Version = 8.0.6001.18702)</div>

<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>

<div> </div>

<div>1.37 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 66.22% Memory free</div>

<div>1.89 Gb Paging File | 1.46 Gb Available in Paging File | 77.48% Paging File free</div>

<div>Paging file location(s): C:\pagefile.sys 672 1344 [binary data]</div>

<div> </div>

<div>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</div>

<div>Drive C: | 55.89 Gb Total Space | 8.48 Gb Free Space | 15.17% Space Free | Partition Type: NTFS</div>

<div> </div>

<div>Computer Name: TOSHIBA-USER | User Name: Just | Logged in as Administrator.</div>

<div>Boot Mode: Normal | Scan Mode: All users</div>

<div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div>

<div> </div>

<div>========== Processes (SafeList) ==========</div>

<div> </div>

<div>PRC - C:\Documents and Settings\Just\Desktop\OTL.exe (OldTimer Tools)</div>

<div>PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div>

<div>PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)</div>

<div>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div>

<div>PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div>

<div>PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div>

<div>PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div>

<div>PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>

<div>PRC - C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div>

<div>PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div>

<div>PRC - C:\WINDOWS\system32\acs.exe ()</div>

<div>PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div>

<div>PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)</div>

<div>PRC - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div>

<div>PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div>

<div>PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div>

<div> </div>

<div> </div>

<div>========== Modules (No Company Name) ==========</div>

<div> </div>

<div>MOD - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div>

<div>MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()</div>

<div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()</div>

<div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div>

<div>MOD - C:\WINDOWS\system32\acs.exe ()</div>

<div> </div>

<div> </div>

<div>========== Services (SafeList) ==========</div>

<div> </div>

<div>SRV - (relational) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div>

<div>SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found</div>

<div>SRV - (mnsframework) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div>

<div>SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found</div>

<div>SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div>

<div>SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div>

<div>SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div>

<div>SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</div>

<div>SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div>

<div>SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)</div>

<div>SRV - (UDisk Monitor) -- C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe ()</div>

<div>SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div>

<div>SRV - (VRAID Log Service) -- C:\Program Files\VIA\RAID\vialogsv.exe ()</div>

<div>SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)</div>

<div>SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)</div>

<div>SRV - (Swupdtmr) -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ()</div>

<div>SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()</div>

<div>SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div>

<div>SRV - (CeEPwrSvc) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div>

<div>SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div>

<div> </div>

<div> </div>

<div>========== Driver Services (SafeList) ==========</div>

<div> </div>

<div>DRV - (wanatw) -- System32\DRIVERS\wanatw4.sys File not found</div>

<div>DRV - (PCIDump) --  File not found</div>

<div>DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found</div>

<div>DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found</div>

<div>DRV - (MR97310_USB_DUAL_CAMERA) -- system32\DRIVERS\mr97310c.sys File not found</div>

<div>DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found</div>

<div>DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found</div>

<div>DRV - (catchme) -- C:\DOCUME~1\Just\LOCALS~1\Temp\catchme.sys File not found</div>

<div>DRV - (18059) -- globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found</div>

<div>DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )</div>

<div>DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )</div>

<div>DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)</div>

<div>DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )</div>

<div>DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)</div>

<div>DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)</div>

<div>DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)</div>

<div>DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)</div>

<div>DRV - (SRS_AE_Service) -- C:\WINDOWS\system32\drivers\SRS_AE_i386.sys ()</div>

<div>DRV - (Generalusbserialser20675) -- C:\WINDOWS\system32\drivers\CT_U_USBSER.sys (Incorporated)</div>

<div>DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)</div>

<div>DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)</div>

<div>DRV - (qrkis) -- C:\WINDOWS\system32\drivers\qrkis.sys (Tether)</div>

<div>DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()</div>

<div>DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)</div>

<div>DRV - (SRS_SSCFilter) -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys ()</div>

<div>DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)</div>

<div>DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )</div>

<div>DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div>

<div>DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div>

<div>DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)</div>

<div>DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)</div>

<div>DRV - (RsFx0102) -- C:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation)</div>

<div>DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))</div>

<div>DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)</div>

<div>DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)</div>

<div>DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)</div>

<div>DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)</div>

<div>DRV - (EPOWER) -- C:\WINDOWS\system32\drivers\hkdrv.sys (Compal Electronic Inc.)</div>

<div>DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)</div>

<div>DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)</div>

<div>DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)</div>

<div>DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)</div>

<div>DRV - (ECioctl) -- C:\WINDOWS\system32\drivers\ECioctl.sys (TOSHIBA )</div>

<div>DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)</div>

<div>DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.)</div>

<div>DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)</div>

<div>DRV - (SrvcEPIOMngr) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)</div>

<div>DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)</div>

<div>DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)</div>

<div>DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)</div>

<div>DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)</div>

<div>DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)</div>

<div>DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)</div>

<div>DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)</div>

<div>DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation                           )</div>

<div>DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()</div>

<div>DRV - (caboagp) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS (ATI Technologies Inc.)</div>

<div>DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)</div>

<div>DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)</div>

<div>DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)</div>

<div>DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\SMCIRDA.SYS (SMC)</div>

<div> </div>

<div> </div>

<div>========== Standard Registry (SafeList) ==========</div>

<div> </div>

<div> </div>

<div>========== Internet Explorer ==========</div>

<div> </div>

<div>IE - HKLM\..\SearchScopes,DefaultScope = </div>

<div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div>

<div> </div>

<div> </div>

<div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div>

<div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div>

<div>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = </div>

<div>IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div>

<div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div>

<div>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = </div>

<div>IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes,DefaultScope = </div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201202189F814AE5A53F23152857BD60&q={searchTerms}</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4192031A-6069-4FCE-96EB-85CAB8FF0237}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4B42AEAD-4FCA-4A4A-8971-5F67DF6CD34D}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={25330A0F-1AFF-40EB-9CDD-7C39B26B1797}&mid=b11d2286b1c447d0a80dd1d9d053aeab-eb14df7d87ec26bb2309bd26fddc922cfb7869fd&lang=en&ds=dw011&pr=sa&d=2012-04-06 02:54:53&v=10.2.0.3&sap=dsp&q={searchTerms}</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>

<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</div>

<div> </div>

<div>========== FireFox ==========</div>

<div> </div>

<div>FF - prefs.js..browser.search.defaultenginename: "bing"</div>

<div>FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"</div>

<div>FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"</div>

<div>FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"</div>

<div>FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"</div>

<div>FF - prefs.js..browser.search.useDBForOrder: true</div>

<div>FF - prefs.js..browser.startup.homepage: "www.yahoo.com"</div>

<div>FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1</div>

<div>FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704</div>

<div>FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0</div>

<div>FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5</div>

<div>FF - prefs.js..extensions.enabledAddons: webrank-toolbar@probcomp.com:4.0</div>

<div>FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.6.0.10</div>

<div>FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div>

<div>FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6</div>

<div>FF - prefs.js..extensions.enabledItems: killjasmin@pierros14.com:2.3</div>

<div>FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323</div>

<div>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0</div>

<div>FF - prefs.js..extensions.enabledItems: amin.eft_PhProxy@gmail.com:4.0.1C</div>

<div>FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1</div>

<div>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24</div>

<div>FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div>

<div>FF - prefs.js..network.proxy.ftp: "84.25.123.69"</div>

<div>FF - prefs.js..network.proxy.ftp_port: 8080</div>

<div>FF - prefs.js..network.proxy.gopher: "84.25.123.69"</div>

<div>FF - prefs.js..network.proxy.gopher_port: 8080</div>

<div>FF - prefs.js..network.proxy.socks: "84.25.123.69"</div>

<div>FF - prefs.js..network.proxy.socks_port: 8080</div>

<div>FF - prefs.js..network.proxy.ssl: "84.25.123.69"</div>

<div>FF - prefs.js..network.proxy.ssl_port: 8080</div>

<div>FF - prefs.js..network.proxy.http: "127.0.0.1"</div>

<div>FF - prefs.js..network.proxy.http_port: 61333</div>

<div>FF - prefs.js..network.proxy.type: 1</div>

<div> </div>

<div> </div>

<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()</div>

<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div>

<div>FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter:  File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</div>

<div>FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0:  File not found</div>

<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div>

<div>FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1:  File not found</div>

<div>FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3:  File not found</div>

<div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div>

<div> </div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div>

<div> </div>

<div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions</div>

<div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\home2@tomtom.com</div>

<div>[2010/02/22 23:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\mozswing@mozswing.org</div>

<div>[2012/04/20 02:35:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions</div>

<div>[2010/05/13 04:55:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div>

<div>[2012/04/20 02:35:42 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}</div>

<div>[2011/07/09 04:15:10 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}</div>

<div>[2011/08/19 06:59:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}</div>

<div>[2011/09/18 03:33:10 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}</div>

<div>[2012/11/13 00:54:46 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com</div>

<div>[2011/10/22 11:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com</div>

<div>[2011/02/27 16:12:01 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\tineye@ideeinc.com</div>

<div>[2012/11/13 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode</div>

<div>[2011/08/27 21:57:12 | 000,045,689 | ---- | M] () (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\webrank-toolbar@probcomp.com.xpi</div>

<div>[2010/06/20 22:25:45 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\bing.xml</div>

<div>[2010/01/20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml</div>

<div>[2012/11/22 08:04:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT</div>

<div>[2011/04/18 21:04:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF</div>

<div> </div>

<div>========== Chrome  ==========</div>

<div> </div>

<div>CHR - default_search_provider: Google (Enabled)</div>

<div>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</div>

<div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}</div>

<div>CHR - plugin: Remoting Viewer (Disabled) = internal-remoting-viewer</div>

<div>CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll</div>

<div>CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll</div>

<div>CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll</div>

<div>CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll</div>

<div>CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll</div>

<div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</div>

<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</div>

<div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll</div>

<div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll</div>

<div>CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll</div>

<div>CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll</div>

<div>CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll</div>

<div>CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll</div>

<div>CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll</div>

<div>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll</div>

<div>CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll</div>

<div>CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll</div>

<div>CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll</div>

<div>CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</div>

<div>CHR - plugin: Shockwave for Director (Disabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll</div>

<div>CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll</div>

<div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll</div>

<div>CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll</div>

<div>CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\</div>

<div>CHR - Extension: AdBlock = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.48_0\</div>

<div> </div>

<div>O1 HOSTS File: ([2012/11/30 19:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</div>

<div>O1 - Hosts: 127.0.0.1       localhost</div>

<div>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)</div>

<div>O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)</div>

<div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</div>

<div>O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div>

<div>O3 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.</div>

<div>O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div>

<div>O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div>

<div>O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div>

<div>O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)</div>

<div>O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)</div>

<div>O4 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div>

<div>O4 - Startup: C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div>

<div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>

<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</div>

<div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>

<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>

<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div>

<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>

<div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>

<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>

<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div>

<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>

<div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>

<div>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>

<div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>

<div>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>

<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>

<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>

<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>

<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>

<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>

<div>O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab (Support.com Configuration Class)</div>

<div>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)</div>

<div>O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)</div>

<div>O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)</div>

<div>O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)</div>

<div>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)</div>

<div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)</div>

<div>O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)</div>

<div>O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div>

<div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div>

<div>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</div>

<div>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</div>

<div>O24 - Desktop Components:0 () - </div>

<div>O24 - Desktop WallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div>

<div>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div>

<div>O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)</div>

<div>O32 - HKLM CDRom: AutoRun - 1</div>

<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>

<div>O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)</div>

<div>O35 - HKLM\..comfile [open] -- "%1" %*</div>

<div>O35 - HKLM\..exefile [open] -- "%1" %*</div>

<div>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</div>

<div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div>

<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div>

<div> </div>

<div>========== Files/Folders - Created Within 30 Days ==========</div>

<div> </div>

<div>[2012/11/30 23:40:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div>

<div>[2012/11/30 16:26:17 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div>

<div>[2012/11/30 16:25:01 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div>

<div>[2012/11/29 14:05:03 | 005,009,014 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div>

<div>[2012/11/28 22:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\RK_Quarantine</div>

<div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro</div>

<div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Start Menu\Programs\HiJackThis</div>

<div>[2012/11/27 19:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PdaNet for Android</div>

<div>[2012/11/27 12:32:35 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div>

<div>[2012/11/27 12:32:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div>

<div>[2012/11/27 12:31:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div>

<div>[2012/11/27 12:31:55 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div>

<div>[2012/11/27 12:31:54 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div>

<div>[2012/11/25 14:08:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div>

<div>[2012/11/25 14:07:02 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div>

<div>[2012/11/24 23:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97</div>

<div>[2012/11/24 22:52:58 | 018,734,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div>

<div>[2012/11/22 08:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared</div>

<div>[2012/11/22 08:03:27 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div>

<div>[2012/11/22 08:02:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div>

<div>[2012/11/22 08:02:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div>

<div>[2012/11/22 08:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks</div>

<div>[2012/11/22 08:02:34 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div>

<div>[2012/11/17 06:09:07 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe</div>

<div>[2012/11/17 06:09:07 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe</div>

<div>[2012/11/15 12:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\Safer Networking</div>

<div>[2012/11/15 12:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safer Networking</div>

<div>[2012/11/15 12:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking</div>

<div>[2012/11/14 18:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\AVG2013</div>

<div>[2012/11/14 15:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG</div>

<div>[2012/11/14 15:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG</div>

<div>[2012/11/13 06:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Local Settings\Application Data\Avg2013</div>

<div>[2012/11/13 04:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner</div>

<div>[2012/11/13 03:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\New Folder</div>

<div>[2012/11/11 05:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy</div>

<div>[2012/11/01 11:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\Justin</div>

<div>[2008/03/18 05:07:50 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll</div>

<div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div>

<div> </div>

<div>========== Files - Modified Within 30 Days ==========</div>

<div> </div>

<div>[2012/11/30 23:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div>

<div>[2012/11/30 23:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div>

<div>[2012/11/30 21:59:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</div>

<div>[2012/11/30 21:57:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div>

<div>[2012/11/30 21:57:26 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>

<div>[2012/11/30 21:57:25 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>

<div>[2012/11/30 21:56:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</div>

<div>[2012/11/30 21:56:53 | 1475,399,680 | -HS- | M] () -- C:\hiberfil.sys</div>

<div>[2012/11/30 21:53:57 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div>

<div>[2012/11/30 19:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts</div>

<div>[2012/11/30 19:05:22 | 000,005,525 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div>

<div>[2012/11/30 18:18:57 | 000,033,244 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div>

<div>[2012/11/30 18:04:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div>

<div>[2012/11/30 16:32:06 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Google Chrome.lnk</div>

<div>[2012/11/30 16:27:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div>

<div>[2012/11/30 16:25:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div>

<div>[2012/11/30 15:36:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>

<div>[2012/11/30 14:44:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div>

<div>[2012/11/30 14:25:14 | 044,431,717 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div>

<div>[2012/11/29 23:11:06 | 000,101,455 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div>

<div>[2012/11/29 14:53:17 | 005,009,014 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div>

<div>[2012/11/29 02:11:50 | 030,479,732 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001.flv</div>

<div>[2012/11/28 21:52:32 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div>

<div>[2012/11/28 21:52:12 | 000,480,125 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div>

<div>[2012/11/28 21:51:19 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div>

<div>[2012/11/28 21:42:52 | 000,002,162 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div>

<div>[2012/11/28 17:55:46 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div>

<div>[2012/11/27 19:31:38 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div>

<div>[2012/11/27 16:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>

<div>[2012/11/27 12:30:48 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div>

<div>[2012/11/27 12:30:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div>

<div>[2012/11/27 12:30:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div>

<div>[2012/11/27 12:30:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div>

<div>[2012/11/27 12:30:32 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div>

<div>[2012/11/27 12:30:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll</div>

<div>[2012/11/27 12:30:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll</div>

<div>[2012/11/25 14:10:00 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div>

<div>[2012/11/25 14:08:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div>

<div>[2012/11/24 23:00:13 | 018,734,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div>

<div>[2012/11/22 21:30:06 | 000,083,710 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div>

<div>[2012/11/22 09:46:02 | 002,296,926 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div>

<div>[2012/11/22 09:43:21 | 000,668,484 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div>

<div>[2012/11/22 09:34:17 | 004,560,896 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div>

<div>[2012/11/22 08:05:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div>

<div>[2012/11/22 08:03:27 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div>

<div>[2012/11/22 08:02:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div>

<div>[2012/11/22 08:02:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div>

<div>[2012/11/22 08:02:34 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div>

<div>[2012/11/20 14:51:26 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div>

<div>[2012/11/17 04:38:07 | 000,095,719 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div>

<div>[2012/11/14 15:52:11 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div>

<div>[2012/11/13 19:22:31 | 002,423,582 | ---- | M] () -- C:\Documents and Settings\Just\My Documents\AutoRuns.arn</div>

<div>[2012/11/11 18:44:27 | 000,000,354 | RHS- | M] () -- C:\boot.ini</div>

<div>[2012/11/11 02:41:31 | 000,529,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</div>

<div>[2012/11/11 02:41:30 | 000,103,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</div>

<div>[2012/11/06 00:16:31 | 249,116,964 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div>

<div>[2012/11/04 16:05:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div>

<div>[2012/11/03 14:47:12 | 000,132,737 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div>

<div>[2012/11/03 14:40:39 | 000,350,297 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div>

<div>[2012/11/01 15:40:08 | 000,030,954 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div>

<div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div>

<div> </div>

<div>========== Files Created - No Company Name ==========</div>

<div> </div>

<div>[2012/11/30 21:54:00 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div>

<div>[2012/11/30 19:05:42 | 000,005,525 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div>

<div>[2012/11/30 18:19:12 | 000,033,244 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div>

<div>[2012/11/30 14:39:08 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div>

<div>[2012/11/30 14:09:30 | 044,431,717 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div>

<div>[2012/11/29 23:11:15 | 000,101,455 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div>

<div>[2012/11/29 01:57:06 | 030,479,732 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001.flv</div>

<div>[2012/11/28 21:52:21 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div>

<div>[2012/11/28 21:52:02 | 000,480,125 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div>

<div>[2012/11/28 21:51:00 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div>

<div>[2012/11/28 21:42:55 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div>

<div>[2012/11/28 20:17:16 | 1475,399,680 | -HS- | C] () -- C:\hiberfil.sys</div>

<div>[2012/11/28 17:54:04 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div>

<div>[2012/11/27 19:31:38 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div>

<div>[2012/11/25 16:00:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div>

<div>[2012/11/22 21:29:56 | 000,083,710 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div>

<div>[2012/11/22 09:45:04 | 002,296,926 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div>

<div>[2012/11/22 09:42:46 | 000,668,484 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div>

<div>[2012/11/22 09:33:09 | 004,560,896 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div>

<div>[2012/11/22 08:05:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div>

<div>[2012/11/17 04:38:20 | 000,095,719 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div>

<div>[2012/11/14 15:52:11 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div>

<div>[2012/11/13 04:20:48 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div>

<div>[2012/11/05 22:09:22 | 249,116,964 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div>

<div>[2012/11/04 16:05:04 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div>

<div>[2012/11/04 16:04:49 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk</div>

<div>[2012/11/04 16:04:47 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk</div>

<div>[2012/11/04 16:04:46 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk</div>

<div>[2012/11/03 15:33:30 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk</div>

<div>[2012/11/03 14:47:03 | 000,132,737 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div>

<div>[2012/11/03 14:40:39 | 000,350,297 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div>

<div>[2012/11/01 15:40:06 | 000,030,954 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div>

<div>[2012/10/29 14:03:54 | 053,863,379 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload</div>

<div>[2012/10/29 14:03:54 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload.aamd</div>

<div>[2012/03/29 15:01:02 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\WebpageIcons.db</div>

<div>[2012/02/14 17:12:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</div>

<div>[2011/12/07 00:04:27 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll</div>

<div>[2011/12/06 23:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat</div>

<div>[2011/11/02 07:58:48 | 000,404,256 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys</div>

<div>[2011/10/30 06:13:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe</div>

<div>[2011/07/21 16:23:16 | 000,081,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat</div>

<div>[2011/06/18 17:14:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll</div>

<div>[2011/06/18 17:14:34 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys</div>

<div>[2011/06/18 17:13:18 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\$_hpcst$.hpc</div>

<div>[2011/06/08 22:01:38 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\fusioncache.dat</div>

<div>[2011/05/25 02:45:29 | 000,000,393 | ---- | C] () -- C:\WINDOWS\AITOOLS.INI</div>

<div>[2011/04/29 22:46:25 | 000,000,456 | ---- | C] () -- C:\Program Files\0429201123462546.bat</div>

<div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68</div>

<div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ci256wkm68</div>

<div>[2011/04/02 12:24:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzugogevu.dat</div>

<div>[2011/04/02 12:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bzacujekafiyaci.bin</div>

<div>[2010/12/11 19:51:44 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll</div>

<div>[2010/12/11 19:51:44 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll</div>

<div>[2010/12/11 19:51:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll</div>

<div>[2010/12/11 19:51:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll</div>

<div>[2010/12/11 19:51:43 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll</div>

<div>[2010/12/11 19:51:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll</div>

<div>[2010/12/11 19:51:39 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll</div>

<div>[2010/12/11 19:36:34 | 000,762,368 | ---- | C] () -- C:\WINDOWS\System32\kcpp.dll</div>

<div>[2010/12/09 15:23:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe</div>

<div>[2010/12/09 15:23:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe</div>

<div>[2010/12/09 15:23:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe</div>

<div>[2010/12/09 15:23:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe</div>

<div>[2010/12/09 15:23:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe</div>

<div>[2010/11/18 19:37:53 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\start</div>

<div>[2010/09/18 12:00:24 | 002,638,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-342708476-2127193123-2648729015-1316-0.dat</div>

<div>[2010/09/18 12:00:22 | 000,385,146 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat</div>

<div>[2010/01/31 06:11:24 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div>

<div>[2009/05/19 17:26:10 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat</div>

<div> </div>

<div>========== ZeroAccess Check ==========</div>

<div> </div>

<div>[2003/12/02 15:15:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini</div>

<div> </div>

<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>

<div> </div>

<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>

<div>"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Apartment</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</div>

<div>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Free</div>

<div> </div>

<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</div>

<div>"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)</div>

<div>"ThreadingModel" = Both</div>

<div> </div>

<div>< End of report ></div>

Link to post
Share on other sites

  • Staff

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code

    :OTL
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found
    O3 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    SRV - (relational) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
    DRV - (18059) -- globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found
    SRV - (mnsframework) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
    IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201202189F814AE5A53F23152857BD60&q={searchTerms}
    IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"
    [2012/11/13 00:54:46 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com
    [2011/10/22 11:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com
    [2012/11/13 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode
    [2010/01/20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml
    [2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68
    [2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ci256wkm68
    [2011/04/02 12:24:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzugogevu.dat
    [2011/04/02 12:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bzacujekafiyaci.bin

    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Link to post
Share on other sites

OK,

The boot up was a bit faster. The browser in Chrome looks different. Audio and Video are playing back fine.

My anti-virus, AVG, popped up saying it detected a threat called ACS.EXE. I did not take any action.

Justin

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}

C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\WINDOWS\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Service relational stopped successfully!

Service relational deleted successfully!

File \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found not found.

Error: No service named 18059 was found to stop!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\18059 deleted successfully.

File globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found not found.

Service mnsframework stopped successfully!

Service mnsframework deleted successfully!

File \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found not found.

Registry key HKEY_USERS\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.

Registry key HKEY_USERS\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Prefs.js: "free-downloads.net Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "free-downloads.net Customized Web Search" removed from browser.search.selectedEngine

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\skin folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\locale\en-US folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\locale folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\defaults\preferences folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\defaults folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\lib folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.

Folder C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode\ not found.

C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml moved successfully.

C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68 moved successfully.

C:\Documents and Settings\All Users\Application Data\ci256wkm68 moved successfully.

C:\WINDOWS\Lzugogevu.dat moved successfully.

C:\WINDOWS\Bzacujekafiyaci.bin moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Just\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Just\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Just

->Java cache emptied: 1505574 bytes

User: LocalService

User: NetworkService

User: Owner

Total Java Files Cleaned = 1.00 mb

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 760 bytes

User: All Users

User: Default User

User: Just

->Flash cache emptied: 9523 bytes

User: LocalService

->Flash cache emptied: 343 bytes

User: NetworkService

->Flash cache emptied: 29349 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12012012_151716

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

  • Staff

Hello

I have changed the script

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache::

NoMBR::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.