Jump to content

My HJT Log I have a Trojan ?


darkeyes
 Share

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:01:51 AM, on 12/5/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdateMgr.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\DISC\DiscGui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files\SFT\GuardedID\gidd.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Constant Guard Protection Suite\IDVault.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\HP_Administrator\My Documents\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe

O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe /s

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265758861390

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll

O18 - Filter hijack: text/html - {78b94abc-e273-4e5c-8ded-b492000e063d} - (no file)

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SuperAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: GIDLogonXP - GIDLogonXP.dll (file missing)

O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 16061 bytes

Link to comment
Share on other sites

  • Replies 78
  • Created
  • Last Reply

Top Posters In This Topic

Hello darkeyes and :wp:

 

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.
Lets take a closer look at your system with the following scans:

  • Download and run OTL by Oldtimer

  • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
  • Close all open windows on your computer then Double click on the OTL.exe icon to run the program.
  • Check the boxes beside "LOP Check" and "Purity Check".
  • Under Custom Scan paste this in:

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\Fonts\*.com

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\Fonts\*.exe

%systemroot%\system32\spool\prtprocs\w32x86\*.*

%systemroot%\REPAIR\*.bak1

%systemroot%\REPAIR\*.ini

%systemroot%\system32\*.jpg

%systemroot%\*.jpg

%systemroot%\*.png

%systemroot%\*.scr

%systemroot%\*._sy

%APPDATA%\Adobe\Update\*.*

%ALLUSERSPROFILE%\Favorites\*.*

%APPDATA%\Microsoft\*.*

%PROGRAMFILES%\*.*

%APPDATA%\Update\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\bak. /s

%systemroot%\system32\bak. /s

%ALLUSERSPROFILE%\Start Menu\*.lîk /x

%systemroot%\system32\config\systemprofile\*.dat /x

%systemroot%\*.config

%systemroot%\system32\*.db

%PROGRAMFILES%\Internet Explorer\*.dat

%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x

%USERPROFILE%\Deskuop\*.exe

%PROGRAMFILES%\Common Files\*.*

%systemroot%\*.src

%systemroot%\install\*.*

%systemroot%\system32\DLL\*.*

%systemroot%\system32\HelpFiles\*.*

%systemroot%\system32\rundll\*.*

%systemroot%\winn32\*.*

%systemroot%\Java\*.*

%systemroot%\system32\test\*.*

%systemroot%\system32\Rundll32\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

/md5start

iexplore.*

explorer.*

winlogon.*

dll

zx.dll

hlp.dat

/md5stop

  • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
  • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
  • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.
  • Please scan your system with GMER

     

     

    Posted Image

    Download GMER Rootkit Scanner from here or here.

    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...

    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your reply.
**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries

 

Please post the OTL logs and the GMER log in your next reply.

 

You may need to make more than one post to fit all of the information in.

 

If you encounter any problems with the scans just come back and let me know.

 

Link to comment
Share on other sites

OTL Extras logfile created on: 12/5/2011 7:15:20 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsHP_AdministratorMy DocumentsDownloads

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

959.36 Mb Total Physical Memory | 341.54 Mb Available Physical Memory | 35.60% Memory free

2.26 Gb Paging File | 1.20 Gb Available in Paging File | 53.04% Paging File free

Paging file location(s): C:pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 221.12 Gb Total Space | 198.10 Gb Free Space | 89.59% Space Free | Partition Type: NTFS

Drive D: | 11.74 Gb Total Space | 4.79 Gb Free Space | 40.81% Space Free | Partition Type: FAT32

 

Computer Name: MYCOMPUTER | User Name: HP_Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USERSOFTWAREClasses<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSr]

"Start" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

"C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe" = C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]

"C:Program FilesHPDigital Imagingbinhpofxm08.exe" = C:Program FilesHPDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhposfx08.exe" = C:Program FilesHPDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhposid01.exe" = C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital ImagingbinhpqCopy.exe" = C:Program FilesHPDigital ImagingbinhpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital Imagingbinhpfccopy.exe" = C:Program FilesHPDigital Imagingbinhpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:Program FilesHPDigital Imagingbinhpzwiz01.exe" = C:Program FilesHPDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:Program FilesHPDigital ImagingUnloadHpqPhUnl.exe" = C:Program FilesHPDigital ImagingUnloadHpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:Program FilesHPDigital ImagingUnloadHpqDIA.exe" = C:Program FilesHPDigital ImagingUnloadHpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:Program FilesHPDigital Imagingbinhpoews01.exe" = C:Program FilesHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:Program FilesDISCDISCover.exe" = C:Program FilesDISCDISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)

"C:Program FilesDISCDiscStreamHub.exe" = C:Program FilesDISCDiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)

"C:Program FilesDISCmyFTP.exe" = C:Program FilesDISCmyFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)

"C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe" = C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

"C:Program FilesEarthLink TotalAccessTaskPanl.exe" = C:Program FilesEarthLink TotalAccessTaskPanl.exe:*:Enabled:Earthlink

"C:Program FilesKodakAiOCenterAiOHomeCenter.exe" = C:Program FilesKodakAiOCenterAiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)

"C:Program FilesKodakAiOCenterKodak.Statistics.exe" = C:Program FilesKodakAiOCenterKodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)

"C:Program FilesKodakAiOCenterNetworkPrinterDiscovery.exe" = C:Program FilesKodakAiOCenterNetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)

"C:Program FilesKodakAiOFirmwareKodakAiOUpdater.exe" = C:Program FilesKodakAiOFirmwareKodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)

"C:Documents and SettingsAll UsersApplication DataKodakInstallerSetup.exe" = C:Documents and SettingsAll UsersApplication DataKodakInstallerSetup.exe:*:Enabled:Kodak.AiO.Installer -- (KODAK)

"C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe" = C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)

"C:Program FilesYahoo!MessengerYahooMessenger.exe" = C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:Program FilesAVGAVG10avgmfapx.exe" = C:Program FilesAVGAVG10avgmfapx.exe:*:Enabled:AVG Installer

"C:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe" = C:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:Program FilesAVGAVG2012avgmfapx.exe" = C:Program FilesAVGAVG2012avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:Program FilesadawaretbdtUser.exe" = C:Program FilesadawaretbdtUser.exe:*:Enabled:Ad-Aware Security Toolbar DTX Broker -- (Visicom Media Inc.)

"C:Program FilesAVGAVG2012avgnsx.exe" = C:Program FilesAVGAVG2012avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:Program FilesAVGAVG2012avgdiagex.exe" = C:Program FilesAVGAVG2012avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)

"C:Program FilesAVGAVG2012avgemcx.exe" = C:Program FilesAVGAVG2012avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card

"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt

"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK

"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 29

"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5

"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices

"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig

"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player

"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer

"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{533A6E40-A0D5-4643-B9CE-9B03989EF159}" = Ad-Aware

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book

"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA

"{56BA241F-580C-43D2-8403-947241AAE633}" = center

"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}" = InstallIQ Updater

"{5F1ECD36-0DFA-4C58-830B-0F089083407F}" = AVG 2012

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1

"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin

"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config

"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012

"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91477C6F-EC7C-4BFC-BBE1-E45908019DED}" = LightScribe 1.4.52.1

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player

"{9191979D-821C-4EA8-B021-2DA1D859A7C5}" = GuardedID

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = Microsoft Office 2003 Edition 60 Days Trial Welcome Tour

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers

"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone

"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA

"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar

"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers

"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw

"{DFB0FED6-0010-4E9B-A402-E513F2459161}" = muvee autoProducer unPlugged 1.2

"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center

"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page

"{E7137AFD-4E43-47A6-BDC7-533808F72B36}" = muvee autoProducer 4.5

"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager

"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status

"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr

"038D56DF-B15D-47F7-959F-59FA1FBB63FC" = Snowboard SuperJam from HP Media Center (remove only)

"049D60AF-B425-4F8A-BD66-9D8C1B519D59" = Barnyard Invasion from HP Media Center (remove only)

"0814ADC6-5B36-4144-A8EA-439C36B1BB11" = Puzzle Express from HP Media Center (remove only)

"0AA27562-3C4E-4860-8742-7ADEBE2EFC43" = Ricochet Lost Worlds from HP Media Center (remove only)

"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)

"0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)

"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic

"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)

"3320769C-062B-4670-BD6B-AA4B3D0E9903" = FATE from HP Media Center (remove only)

"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)

"413773DA-62DE-4C4C-A0F9-10EFB9317DE5" = Family Feud

"47D5A62B-1B41-4DB1-8267-ADA434FA782B" = Bejeweled 2 Deluxe from HP Media Center (remove only)

"538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)

"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)

"581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)

"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)

"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)

"901E0096-B2AC-469E-A99E-2725A39C0B47" = Zuma Deluxe from HP Media Center (remove only)

"90EA5584-4290-407B-B8F2-D6E6D65A4796" = Boggle Supreme from HP Media Center (remove only)

"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)

"A09026AE-8F16-4929-B4E6-1825535844DB" = Insaniquarium Deluxe from HP Media Center (remove only)

"adawaretb" = Ad-Aware Security Toolbar

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F" = 5 Card Slingo from HP Media Center (remove only)

"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem

"ATI Display Driver" = ATI Display Driver

"AVG" = AVG 2012

"AwayMode160" = Microsoft Away Mode

"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)

"B7217206-A362-446B-A0F7-A2622B82F821" = SCRABBLE from HP Media Center (remove only)

"BA42B721-D70B-4412-ABA6-057B5823FDE9" = Chuzzle Deluxe from HP Media Center (remove only)

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)

"DISCover" = DISCover

"E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)

"E44A47AF-C94B-4E3F-81A0-979FBA9DAC57" = AstroPop Deluxe from HP Media Center (remove only)

"E59F75D0-A38B-40F4-ABA2-CA35A7735473" = Bookworm Deluxe from HP Media Center (remove only)

"EPSON Scanner" = EPSON Scan

"F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E" = Lemonade Tycoon 2 from HP Media Center (remove only)

"Google Chrome" = Google Chrome

"HP Document Viewer" = HP Document Viewer 5.3

"HP Game Console" = HP Game Console and games

"HP Image Zone for Media Center PC" = HP Image Zone for Media Center PC

"HP Imaging Device Functions" = HP Imaging Device Functions 5.3

"HP Photo & Imaging" = HP Image Zone 5.3

"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3

"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)

"ID Vault" = Constant Guard Protection Suite

"ie8" = Windows Internet Explorer 8

"InfraRecorder" = InfraRecorder

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo

"iPhoto Plus 4" = iPhoto Plus 4

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Money2005b" = Microsoft Money 2005

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Netscape Browser" = Netscape Browser (remove only)

"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows

"Presto! PageManager" = Presto! PageManager

"PS2" = PS2

"Python 2.2.3" = Python 2.2.3

"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)

"RealPlayer 12.0" = RealPlayer

"Revo Uninstaller" = Revo Uninstaller 1.92

"SCANPORT ScanModule V2.40" = SCANPORT ScanModule V2.40

"Silent Package Run-Time Sample" = EPSON Perf 4490P Guide

"Uninstall Presto! BizCard 4.1 Eng" = Presto! BizCard 4.1 Eng

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 6/11/2011 6:33:12 AM | Computer Name = MYCOMPUTER | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 6/11/2011 6:48:12 AM | Computer Name = MYCOMPUTER | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 6/11/2011 7:04:12 AM | Computer Name = MYCOMPUTER | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The server name or address could not be resolved

 

Error - 6/11/2011 7:19:12 AM | Computer Name = MYCOMPUTER | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 6/11/2011 7:49:12 AM | Computer Name = MYCOMPUTER | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The server name or address could not be resolved

 

Error - 6/11/2011 8:04:12 AM | Computer Name = MYCOMPUTER | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 6/11/2011 8:34:12 AM | Computer Name = MYCOMPUTER | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The server name or address could not be resolved

 

Error - 6/11/2011 8:49:12 AM | Computer Name = MYCOMPUTER | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 6/11/2011 8:58:43 AM | Computer Name = MYCOMPUTER | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 6/11/2011 9:04:12 AM | Computer Name = MYCOMPUTER | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

[ System Events ]

Error - 12/4/2011 4:01:12 PM | Computer Name = MYCOMPUTER | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 12/4/2011 4:39:20 PM | Computer Name = MYCOMPUTER | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 12/4/2011 4:40:57 PM | Computer Name = MYCOMPUTER | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.100 for the Network Card with network

address 00142ABA9C8C has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

 

Error - 12/4/2011 4:54:16 PM | Computer Name = MYCOMPUTER | Source = MRxSmb | ID = 8003

Description = The master browser has received a server announcement from the computer

FAMILY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{10C638EA-26D8-4B3F-B5.

The

master browser is stopping or an election is being forced.

 

Error - 12/4/2011 5:15:22 PM | Computer Name = MYCOMPUTER | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the N360 service.

 

Error - 12/4/2011 5:17:20 PM | Computer Name = MYCOMPUTER | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the N360 service.

 

Error - 12/4/2011 5:17:50 PM | Computer Name = MYCOMPUTER | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the N360 service.

 

Error - 12/4/2011 5:18:30 PM | Computer Name = MYCOMPUTER | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the N360 service.

 

Error - 12/5/2011 3:30:30 PM | Computer Name = MYCOMPUTER | Source = NetBT | ID = 4321

Description = The name "MSHOME :1d" could not be registered on the Interface

with IP address 192.168.1.100. The machine with the IP address 192.168.1.101 did

not allow the name to be claimed by this machine.

 

Error - 12/5/2011 6:51:27 PM | Computer Name = MYCOMPUTER | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the ARSVC service.

 

 

< End of report >

Link to comment
Share on other sites

OTL logfile created on: 12/5/2011 7:15:20 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsHP_AdministratorMy DocumentsDownloads

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

959.36 Mb Total Physical Memory | 341.54 Mb Available Physical Memory | 35.60% Memory free

2.26 Gb Paging File | 1.20 Gb Available in Paging File | 53.04% Paging File free

Paging file location(s): C:pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 221.12 Gb Total Space | 198.10 Gb Free Space | 89.59% Space Free | Partition Type: NTFS

Drive D: | 11.74 Gb Total Space | 4.79 Gb Free Space | 40.81% Space Free | Partition Type: FAT32

 

Computer Name: MYCOMPUTER | User Name: HP_Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/12/05 19:14:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsHP_AdministratorMy DocumentsDownloadsOTL (2).exe

PRC - [2011/12/04 09:29:49 | 000,855,904 | ---- | M] () -- C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe

PRC - [2011/12/04 09:29:44 | 000,827,232 | ---- | M] () -- C:Program FilesAVG Secure Searchvprot.exe

PRC - [2011/11/18 16:37:05 | 000,063,048 | ---- | M] (White Sky, Inc.) -- C:Program FilesConstant Guard Protection SuiteIDVaultSvc.exe

PRC - [2011/11/18 16:37:01 | 004,680,264 | ---- | M] (White Sky, Inc.) -- C:Program FilesConstant Guard Protection SuiteIDVault.exe

PRC - [2011/10/28 16:52:02 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:Program FilesLavasoftAd-AwareAAWService.exe

PRC - [2011/10/28 16:52:02 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:Program FilesLavasoftAd-AwareAAWTray.exe

PRC - [2011/10/24 19:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgtray.exe

PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:Documents and SettingsAll UsersApplication DataAd-Aware Browsing Protectionadawarebp.exe

PRC - [2011/10/18 05:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgnsx.exe

PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012AVGIDSAgent.exe

PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgrsx.exe

PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgcsrvx.exe

PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:Program FilesMcAfeeSiteAdvisorMcSACore.exe

PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgwdsvc.exe

PRC - [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:Program FilesSFTGuardedIDGIDD.exe

PRC - [2011/01/21 11:16:19 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:Program FilesSuperAntiSpywareSUPERANTISPYWARE.EXE

PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe

PRC - [2010/02/05 00:15:33 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe

PRC - [2010/01/27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe

PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:Program FilesMcAfee Security Scan2.0.181SSScheduler.exe

PRC - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:Program FilesKodakAiOCenterekdiscovery.exe

PRC - [2009/08/03 09:33:06 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:WINDOWSsystem32spooldriversw32x863EKIJ5000MUI.exe

PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:Program FilesSpybot - Search & DestroyTeaTimer.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe

PRC - [2005/09/26 19:43:29 | 001,060,864 | ---- | M] (Digital Interactive Systems Corporation) -- C:Program FilesDISCDISCover.exe

PRC - [2005/09/26 19:42:32 | 000,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:Program FilesDISCDiscGui.exe

PRC - [2005/09/26 19:42:26 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:Program FilesDISCDISCUpdateMgr.exe

PRC - [2005/09/26 19:42:26 | 000,045,056 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:Program FilesDISCDiscStreamHub.exe

PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:WINDOWSarservice.exe

PRC - [2005/04/08 14:09:42 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:Program FilesepsonCreativity SuiteEvent ManagerEEventManager.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/12/05 09:12:42 | 000,052,736 | ---- | M] () -- C:Documents and SettingsHP_AdministratorApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10007.dll

MOD - [2011/12/04 09:29:49 | 000,855,904 | ---- | M] () -- C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe

MOD - [2011/12/04 09:29:44 | 000,827,232 | ---- | M] () -- C:Program FilesAVG Secure Searchvprot.exe

MOD - [2011/12/04 09:29:43 | 000,692,224 | ---- | M] () -- C:Program FilesAVG Secure SearchiGearedHelper.dll

MOD - [2011/11/18 16:37:04 | 000,091,720 | ---- | M] () -- C:Program FilesConstant Guard Protection SuiteIdVaultCore.XmlSerializers.dll

MOD - [2011/10/29 17:21:47 | 000,508,776 | ---- | M] () -- C:Documents and SettingsAll UsersApplication DataLavasoftAd-AwareDefsthorax.aaw

MOD - [2011/10/28 16:52:04 | 000,591,232 | ---- | M] () -- C:Program FilesLavasoftAd-AwareRPAPI.dll

MOD - [2011/10/28 16:52:04 | 000,430,568 | ---- | M] () -- C:Program FilesLavasoftAd-AwareViprebridge.dll

MOD - [2011/10/28 16:52:04 | 000,308,560 | ---- | M] () -- C:Program FilesLavasoftAd-AwareVipre.dll

MOD - [2011/10/19 22:48:54 | 000,063,488 | ---- | M] () -- C:Documents and SettingsHP_AdministratorApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10006.dll

MOD - [2011/10/19 22:48:49 | 000,117,760 | ---- | M] () -- C:Documents and SettingsHP_AdministratorApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSUIREPAIR.DLL

MOD - [2011/10/14 14:16:35 | 001,356,288 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.WorkflowServ#17902fdb0e0d3bc8b49bce693415fe7eSystem.WorkflowServices.ni.dll

MOD - [2011/10/14 14:13:18 | 001,840,640 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Web.Services6303e256d2ac0843c3e4c24172c90544System.Web.Services.ni.dll

MOD - [2011/10/14 14:10:59 | 011,800,576 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Web60df958ca96c9b8945f836759b6abd34System.Web.ni.dll

MOD - [2011/10/14 14:10:23 | 000,627,200 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Transactions8efcd633af87989355382b5039f1b7dfSystem.Transactions.ni.dll

MOD - [2011/10/14 14:10:18 | 000,212,992 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.ServiceProce#abef85f2fb8ba830eda73e2d12e8d41eSystem.ServiceProcess.ni.dll

MOD - [2011/10/14 14:10:11 | 001,706,496 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.ServiceModel#9ec7da53380a754b4ad97709df0dd7e7System.ServiceModel.Web.ni.dll

MOD - [2011/10/14 14:09:46 | 000,998,400 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Management90b90e700e59d73d6d692cf74e1ba16eSystem.Management.ni.dll

MOD - [2011/10/14 14:09:44 | 000,141,312 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Configuratio#29d7091f6eab0ec61c4eb625ed221b73System.Configuration.Install.ni.dll

MOD - [2011/10/14 13:48:52 | 001,801,216 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Deploymentcc5ac99e8af2738e85cda5525fdd944fSystem.Deployment.ni.dll

MOD - [2011/10/14 13:48:23 | 000,679,936 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Security36c12de583ee81e9c99acb72b09d77acSystem.Security.ni.dll

MOD - [2011/10/14 13:48:11 | 000,971,264 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Configurationbce0720436dc6cb76006377f295ea365System.Configuration.ni.dll

MOD - [2011/10/14 13:47:46 | 000,256,000 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32SMDiagnostics474a341340f687bcbd7777f2820a8c7aSMDiagnostics.ni.dll

MOD - [2011/10/14 13:46:14 | 017,403,904 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.ServiceModelceadaf3b3d017c7a1ef10a06f8009f6fSystem.ServiceModel.ni.dll

MOD - [2011/10/14 13:34:20 | 002,345,472 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Runtime.Seri#afd6134c090faf8c29cd64d4835142b2System.Runtime.Serialization.ni.dll

MOD - [2011/10/14 13:33:17 | 001,070,080 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.IdentityModeld14065ede44df8e9b5d6b60c5ddccc69System.IdentityModel.ni.dll

MOD - [2011/10/14 13:29:01 | 000,240,128 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32WindowsFormsIntegra#a2c1bb3c5b1447b398e72c56091ca571WindowsFormsIntegration.ni.dll

MOD - [2011/10/14 13:28:55 | 000,187,904 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32UIAutomationTypesf102afdffdbe2565bcedb7fa0626b865UIAutomationTypes.ni.dll

MOD - [2011/10/14 13:28:53 | 000,060,928 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32UIAutomationProvider888b745ca99d39692c2e9af222e5eae8UIAutomationProvider.ni.dll

MOD - [2011/10/14 13:28:41 | 005,450,752 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Xml70cacc44f0b4257f6037eda7a59a0aebSystem.Xml.ni.dll

MOD - [2011/10/14 13:27:53 | 012,430,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Windows.Forms71a2ae9ad561a62181cbd9fb11e9de7aSystem.Windows.Forms.ni.dll

MOD - [2011/10/14 13:25:58 | 001,587,200 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Drawingc10bea3c4bb7ef654651141bf9419090System.Drawing.ni.dll

MOD - [2011/10/14 13:24:08 | 006,616,576 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Dataec323cf1df697cc0a45f67de685db90cSystem.Data.ni.dll

MOD - [2011/10/14 13:22:37 | 000,258,048 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32PresentationFramewo#23c5852ff8ed973ff9b63ce9ba7f91f0PresentationFramework.Royale.ni.dll

MOD - [2011/10/14 13:20:43 | 012,215,808 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32PresentationCoreb2f0318713eca304eaa9d86fc17edb96PresentationCore.ni.dll

MOD - [2011/10/14 13:20:07 | 003,325,440 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32WindowsBase1adc4ae51a5ac63e896a1402749ca495WindowsBase.ni.dll

MOD - [2011/10/14 13:19:33 | 007,950,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32Systemaf39f6e644af02873b9bae319f2bfb13System.ni.dll

MOD - [2011/10/14 13:18:58 | 011,490,816 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlibca87ba84221991839abbe7d4bc9c6721mscorlib.ni.dll

MOD - [2011/10/14 13:17:07 | 002,933,248 | ---- | M] () -- C:WINDOWSassemblyGAC_32System.Data2.0.0.0__b77a5c561934e089System.Data.dll

MOD - [2011/10/14 13:16:51 | 000,261,632 | ---- | M] () -- C:WINDOWSassemblyGAC_32System.Transactions2.0.0.0__b77a5c561934e089System.Transactions.dll

MOD - [2011/10/14 13:03:38 | 003,391,488 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322mscorlib1.0.5000.0__b77a5c561934e089_f2284ea2mscorlib.dll

MOD - [2011/10/14 13:03:33 | 000,835,584 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322system.drawing1.0.5000.0__b03f5f7f11d50a3a_e4f639adsystem.drawing.dll

MOD - [2011/10/14 13:03:24 | 002,088,960 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322system.xml1.0.5000.0__b77a5c561934e089_fc944c99system.xml.dll

MOD - [2011/10/14 13:03:13 | 003,018,752 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322system.windows.forms1.0.5000.0__b77a5c561934e089_b3b16b18system.windows.forms.dll

MOD - [2011/10/14 13:02:51 | 001,966,080 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322system1.0.5000.0__b77a5c561934e089_b7665b43system.dll

MOD - [2011/10/14 13:02:35 | 001,232,896 | ---- | M] () -- c:windowsassemblygacsystem1.0.5000.0__b77a5c561934e089system.dll

MOD - [2011/10/14 13:02:34 | 001,265,664 | ---- | M] () -- c:windowsassemblygacsystem.web1.0.5000.0__b03f5f7f11d50a3asystem.web.dll

MOD - [2011/10/11 13:50:10 | 000,193,904 | ---- | M] () -- C:Documents and SettingsAll UsersApplication DataLavasoftAd-AwareDefsExtendedlibMachoUniv.dll

MOD - [2011/10/11 13:50:08 | 000,210,288 | ---- | M] () -- C:Documents and SettingsAll UsersApplication DataLavasoftAd-AwareDefsExtendedlibBase64.dll

MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:WINDOWSsystem32sbe.dll

MOD - [2010/06/23 23:09:32 | 005,279,744 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILPresentationFramework3.0.0.0__31bf3856ad364e35PresentationFramework.dll

MOD - [2010/03/03 11:08:41 | 002,236,416 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxCmpV.dll

MOD - [2010/03/03 11:08:41 | 001,396,736 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxCommonV.dll

MOD - [2010/03/03 11:08:41 | 000,868,352 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxBaseV.dll

MOD - [2010/03/03 11:08:41 | 000,847,872 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxXML2V.dll

MOD - [2010/03/03 11:08:41 | 000,782,336 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxImV.dll

MOD - [2010/03/03 11:08:41 | 000,688,128 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVPrintOnline.dll

MOD - [2010/03/03 11:08:41 | 000,528,384 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxProcV.dll

MOD - [2010/03/03 11:08:41 | 000,462,848 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxFFV.dll

MOD - [2010/03/03 11:08:41 | 000,237,568 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSpiffyExt.dll

MOD - [2010/03/03 11:08:41 | 000,155,648 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxZipV.dll

MOD - [2010/03/03 11:08:41 | 000,143,360 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVPrintOnlineHelper40.dll

MOD - [2010/03/03 11:08:40 | 011,503,616 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinESSkin.esx

MOD - [2010/03/03 11:08:40 | 001,564,672 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinareaifdll.dll

MOD - [2010/03/03 11:08:40 | 000,761,856 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinESCliWicMDRW.esx

MOD - [2010/03/03 11:08:40 | 000,684,032 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinESEmail.esx

MOD - [2010/03/03 11:08:40 | 000,471,040 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinESCom.dll

MOD - [2010/03/03 11:08:40 | 000,406,016 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinKFx.dll

MOD - [2010/03/03 11:08:40 | 000,356,352 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinAtlas.dll

MOD - [2010/03/03 11:08:40 | 000,339,968 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVistaAdapter.esx

MOD - [2010/03/03 11:08:40 | 000,315,392 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVistaPrintOnline.esx

MOD - [2010/03/03 11:08:40 | 000,264,192 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinAppCore.dll

MOD - [2010/03/03 11:08:40 | 000,233,984 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVistaControls.esx

MOD - [2010/03/03 11:08:40 | 000,171,520 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinPcd.esx

MOD - [2010/03/03 11:08:40 | 000,152,576 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinIStorageMediaStore.esx

MOD - [2010/03/03 11:08:40 | 000,129,536 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinkpries40.dll

MOD - [2010/03/03 11:08:40 | 000,098,304 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVistaCDBackup.esx

MOD - [2010/03/03 11:08:40 | 000,090,112 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinLocAcqMod.dll

MOD - [2010/03/03 11:08:40 | 000,084,480 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinUpdateChecker.esx

MOD - [2010/03/03 11:08:40 | 000,084,480 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinkeml40.dll

MOD - [2010/03/03 11:08:40 | 000,078,848 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinDXRawFormatHandler.esx

MOD - [2010/03/03 11:08:40 | 000,062,464 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinDibLibIP.dll

MOD - [2010/03/03 11:08:40 | 000,052,224 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinKPCDInterface.dll

MOD - [2010/03/03 11:08:40 | 000,044,544 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinLocCamBack.dll

MOD - [2010/03/03 11:08:40 | 000,010,240 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinLocUpdateCheck.dll

MOD - [2010/02/09 17:35:19 | 000,052,224 | ---- | M] () -- C:Documents and SettingsHP_AdministratorApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10005.dll

MOD - [2010/02/07 12:57:38 | 000,053,248 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILInkjet.Diagnostics4.2.7.7__5cc7ad8abd921325Inkjet.Diagnostics.dll

MOD - [2010/02/07 12:57:38 | 000,012,288 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILInkjet.Automation4.2.7.7__5cc7ad8abd921325Inkjet.Automation.dll

MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:WINDOWSsystem32quartz.dll

MOD - [2010/02/05 00:15:30 | 000,098,339 | ---- | M] () -- C:Program FilesUpdates from HP99723226.3.2.116-9972322ProgramFrExt.dll

MOD - [2010/02/05 00:15:29 | 000,151,589 | ---- | M] () -- C:Program FilesUpdates from HP99723226.3.2.116-9972322Programbwfiles.dll

MOD - [2010/02/05 00:15:28 | 000,061,496 | ---- | M] () -- C:Program FilesUpdates from HP99723226.3.2.116-9972322Programclntutil.dll

MOD - [2010/02/05 00:15:27 | 000,126,976 | ---- | M] () -- C:Program FilesUpdates from HP9972322ProgramHPClientExt.dll

MOD - [2010/02/04 23:47:37 | 008,007,680 | ---- | M] () -- C:WINDOWSassemblyGACMicrosoft.mshtml7.0.3300.0__b03f5f7f11d50a3aMicrosoft.mshtml.dll

MOD - [2010/02/04 23:24:29 | 001,339,392 | ---- | M] () -- c:windowsassemblygacsystem.xml1.0.5000.0__b77a5c561934e089system.xml.dll

MOD - [2010/02/04 23:24:28 | 002,052,096 | ---- | M] () -- c:windowsassemblygacsystem.windows.forms1.0.5000.0__b77a5c561934e089system.windows.forms.dll

MOD - [2010/02/04 23:24:28 | 000,466,944 | ---- | M] () -- c:windowsassemblygacsystem.drawing1.0.5000.0__b03f5f7f11d50a3asystem.drawing.dll

MOD - [2010/02/04 23:24:26 | 000,573,440 | ---- | M] () -- c:windowsassemblygacsystem.web.services1.0.5000.0__b03f5f7f11d50a3asystem.web.services.dll

MOD - [2009/06/29 15:14:36 | 000,012,288 | ---- | M] () -- C:Program FilesKodakAiOCenterLogger.dll

MOD - [2009/06/12 16:32:16 | 000,104,456 | ---- | M] () -- C:WINDOWSsystem32EasyHook32.dll

MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:WINDOWSsystem32msdmo.dll

MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:WINDOWSsystem32devenum.dll

MOD - [2005/08/02 19:19:16 | 000,050,176 | ---- | M] () -- C:WINDOWSarmcex.dll

MOD - [2005/03/15 18:17:28 | 000,204,800 | ---- | M] () -- c:Program FilesHPDigital ImagingbinHpqUtil.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2011/12/04 09:29:49 | 000,855,904 | ---- | M] () [Auto | Running] -- C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe -- (vToolbarUpdater)

SRV - [2011/11/18 16:37:05 | 000,063,048 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:Program FilesConstant Guard Protection SuiteIDVaultSvc.exe -- (IDVaultSvc)

SRV - [2011/10/28 16:52:02 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:Program FilesLavasoftAd-AwareAAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:Program FilesAVGAVG2012AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/09/01 08:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesAVGAVG10ToolbarToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:Program FilesMcAfeeSiteAdvisorMcSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:Program FilesAVGAVG2012avgwdsvc.exe -- (avgwd)

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe -- (ACDaemon)

SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:Program FilesMcAfee Security Scan2.0.181McCHSvc.exe -- (McComponentHostService)

SRV - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:Program FilesKodakAiOCenterekdiscovery.exe -- (Kodak AiO Network Discovery Service)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe -- (YahooAUService)

SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:WINDOWSarservice.exe -- (ARSVC)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/10/28 16:52:04 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:WINDOWSsystem32DRIVERSLbd.sys -- (Lbd)

DRV - [2011/10/28 16:52:02 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:Program FilesLavasoftAd-Awarekernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WINDOWSsystem32driversavgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:WINDOWSsystem32DRIVERSavgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:WINDOWSsystem32driversavgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WINDOWSsystem32driversavgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:WINDOWSsystem32DRIVERSAVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/07/05 10:24:24 | 000,025,232 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:WINDOWSSystem32driversgidv2.sys -- (GIDv2)

DRV - [2010/05/25 17:08:39 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSuperAntiSpywareSASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/20 11:21:17 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSuperAntiSpywareSASDIFSV.SYS -- (SASDIFSV)

DRV - [2010/02/20 11:21:17 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:Program FilesSuperAntiSpywareSASENUM.SYS -- (SASENUM)

DRV - [2005/10/18 15:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005/09/23 15:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAGRSM.sys -- (AgereSoftModem)

DRV - [2005/08/14 00:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversati2mtag.sys -- (ati2mtag)

DRV - [2005/07/04 02:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversPS2.sys -- (Ps2)

DRV - [2005/06/30 03:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:WINDOWSsystem32DRIVERSftsata2.sys -- (ftsata2)

DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtlnicxp.sys -- (RTL8023xp)

DRV - [2004/08/04 08:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverssisnic.sys -- (SISNIC)

DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversRTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/11/05 17:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:WINDOWSsystem32DRIVERSbb-run.sys -- (bb-run)

DRV - [1997/07/08 00:54:00 | 000,199,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversONSIO.SYS -- (ONSIO)

DRV - [1997/06/27 18:01:44 | 000,044,032 | ---- | M] (OnSpec Electronic, Inc.) [Kernel | Boot | Stopped] -- C:WINDOWSSystem32driversSMPLSCSI.SYS -- (SMPLSCSI)

DRV - [1995/07/10 02:30:00 | 000,014,592 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:WINDOWSSystem32driversASPI32.SYS -- (ASPI32)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE - HKLMSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/

IE - HKCU..URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF - HKLMSoftwareMozillaPlugins@mcafee.com/SAFFPlugin: C:Program FilesMcAfeeSiteAdvisornpmcffplg32.dll (McAfee, Inc.)

FF - HKLMSoftwareMozillaPlugins@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:Program FilesYahoo!SharednpYState.dll (Yahoo! Inc.)

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=12.0.1.669: c:program filesrealrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=12.0.1.669: c:program filesrealrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprphtml5videoshim;version=12.0.1.669: C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=12.0.1.669: c:program filesrealrealplayerNetscape6nprpjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKCUSoftwareMozillaPlugins@yahoo.com/BrowserPlus,version=2.9.8: C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataYahoo!BrowserPlus2.9.8Pluginsnpybrowserplus_2.9.8.dll (Yahoo! Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program FilesAVGAVG2012Firefox4 [2011/11/22 08:18:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginFirefoxExt [2011/10/14 09:14:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:Program FilesMcAfeeSiteAdvisor [2011/11/12 12:48:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsavg@toolbar: C:Documents and SettingsAll UsersApplication DataAVG Secure Search9.0.0.18 [2011/12/04 09:30:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaNetscape Browser 8.0.3.4ExtensionsComponents: C:Program FilesNetscapeNetscape BrowserComponents [2011/10/01 10:26:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaNetscape Browser 8.0.3.4ExtensionsPlugins: C:Program FilesNetscapeNetscape BrowserPlugins [2011/10/01 10:26:03 | 000,000,000 | ---D | M]

 

 

========== Chrome ==========

 

CHR - default_search_provider: Yahoo! Search (Enabled)

CHR - default_search_provider: search_url = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:Program FilesGoogleChromeApplication15.0.874.121gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:Program FilesJavajre6binnew_pluginnpdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:Program FilesJavajre6binnew_pluginnpjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:Program FilesMicrosoft Silverlight4.0.60531.0npctrl.dll

CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:program filesrealrealplayerNetscape6nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = c:program filesrealrealplayerNetscape6nprpjplug.dll

CHR - plugin: Microsoftu00AE Windows Media Player Firefox Plugin (Enabled) = C:PFilesPluginsnp-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:Program FilesGoogleChromeApplication15.0.874.121ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program FilesGoogleChromeApplication15.0.874.121pdf.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfheoggkfdfchfphceeifdbepaooicaho3.40.135.1_0McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:Program FilesMcAfeeSiteAdvisornpmcffplg32.dll

CHR - plugin: AVG Internet Security (Enabled) = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla10.0.0.1409_0plugins/avgnpss.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataYahoo!BrowserPlus2.9.8Pluginsnpybrowserplus_2.9.8.dll

CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.69npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = c:program filesrealrealplayerNetscape6nprjplug.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Entanglement = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsaciahcmjmecflokailenpkdchphgkefd2.5.7_0

CHR - Extension: SiteAdvisor = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfheoggkfdfchfphceeifdbepaooicaho3.40.135.1_0

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_0

CHR - Extension: AVG Safe Search = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.1857_0

CHR - Extension: Poppit = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsmcbkbpnkkkipelfledbfocopglifcfmi2.2_0

 

O1 HOSTS File: ([2011/12/05 09:04:39 | 000,000,021 | RHS- | M]) - C:WINDOWSsystem32driversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:Program FilesadawaretbadawareDx.dll ()

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program FilesAVG Secure Search9.0.0.18AVG Secure Search_toolbar.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:Program FilesConstant Guard Protection SuiteNativeBHO.dll (WhiteSky)

O3 - HKLM..Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O3 - HKLM..Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O3 - HKLM..Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:Program FilesadawaretbadawareDx.dll ()

O3 - HKLM..Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program FilesAVG Secure Search9.0.0.18AVG Secure Search_toolbar.dll ()

O3 - HKLM..Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU..ToolbarShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O3 - HKCU..ToolbarWebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O4 - HKLM..Run: [] File not found

O4 - HKLM..Run: [Ad-Aware Browsing Protection] C:Documents and SettingsAll UsersApplication DataAd-Aware Browsing Protectionadawarebp.exe (Lavasoft)

O4 - HKLM..Run: [AlwaysReady Power Message APP] C:WINDOWSarpwrmsg.exe (Microsoft)

O4 - HKLM..Run: [ArcSoft Connection Service] C:Program FilesCommon FilesArcSoftConnection ServiceBinACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..Run: [AVG_TRAY] C:Program FilesAVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..Run: [DISCover] C:Program FilesDISCDISCover.exe (Digital Interactive Systems Corporation)

O4 - HKLM..Run: [DiscUpdateManager] C:Program FilesDISCDISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)

O4 - HKLM..Run: [EEventManager] C:Program FilesepsonCreativity SuiteEvent ManagerEEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..Run: [EKIJ5000StatusMonitor] C:WINDOWSsystem32spooldriversw32x863EKIJ5000MUI.exe (Eastman Kodak Company)

O4 - HKLM..Run: [GIDDesktop] C:Program FilesSFTGuardedIDgidd.exe (StrikeForce Technologies Inc.)

O4 - HKLM..Run: [HPBootOp] C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe (Hewlett-Packard Company)

O4 - HKLM..Run: [HPHUPD08] c:Program FilesHPDigital Imaging{33D6CC28-9F75-4d1b-A11D-98895B3A3729}hphupd08.exe (Hewlett-Packard)

O4 - HKLM..Run: [PCDrProfiler] File not found

O4 - HKLM..Run: [vProt] C:Program FilesAVG Secure Searchvprot.exe ()

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSuperAntiSpywareSUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupConstant Guard.lnk = C:Program FilesConstant Guard Protection SuiteIDVault.exe (White Sky, Inc.)

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupKodak EasyShare software.lnk = C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupMcAfee Security Scan Plus.lnk = C:Program FilesMcAfee Security Scan2.0.181SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupUpdates from HP.lnk = C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe (Hewlett-Packard)

O6 - HKLMSoftwarePoliciesMicrosoftInternet Explorercontrol panel present

O6 - HKLMSoftwarePoliciesMicrosoftInternet Explorerrestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoCDBurning = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: InstallVisualStyle = C:WINDOWSResourcesThemesRoyaleRoyale.msstyles (Microsoft)

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: InstallTheme = C:WINDOWSResourcesThemesRoyale.theme ()

O7 - HKCUSoftwarePoliciesMicrosoftInternet Explorercontrol panel present

O7 - HKCUSoftwarePoliciesMicrosoftInternet Explorerrestrictions present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Google Search - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: &Translate English Word - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Backward Links - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Cached Snapshot of Page - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Similar Pages - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Translate Page into English - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:Program FilesBonjourExplorerPlugin.dll (Apple Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSpchealthhelpctrVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm ()

O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSpchealthhelpctrVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm ()

O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O15 - HKLM..Trusted Domains: trymedia.com ([]http in Trusted sites)

O15 - HKLM..Trusted Domains: trymedia.com ([]https in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265758861390 (MUWebControl Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 68.87.71.230 68.87.73.246

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{10C638EA-26D8-4B3F-B541-D0F8EEDBE59F}: DhcpNameServer = 68.87.71.230 68.87.73.246

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{D1981F4D-17A3-4E2A-9253-27159CB8DDC0}: DhcpNameServer = 192.168.0.1

O18 - ProtocolHandlerdssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - ProtocolHandlersacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O18 - ProtocolHandlerviprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program FilesCommon FilesAVG Secure SearchViProtocolInstaller9.0.1ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSsystem32userinit.exe (Microsoft Corporation)

O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program FilesSuperAntiSpywareSASWINLO.dll) - C:Program FilesSuperAntiSpywareSASWINLO.dll (SUPERAntiSpyware.com)

O20 - WinlogonNotifyAtiExtEvent: DllName - (Ati2evxx.dll) - C:WINDOWSSystem32ati2evxx.dll (ATI Technologies Inc.)

O20 - WinlogonNotifyGIDLogonXP: DllName - (GIDLogonXP.dll) - C:WINDOWSSystem32GIDLogonXP.dll (StrikeForce Technologies Inc)

O20 - WinlogonNotifyTPSvc: DllName - (TPSvc.dll) - File not found

O24 - Desktop WallPaper: C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O24 - Desktop BackupWallPaper: C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program FilesSuperAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/02/06 13:05:52 | 000,000,125 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/04/30 13:01:14 | 000,000,053 | -HS- | M] () - D:Autorun.inf -- [ FAT32 ]

O33 - MountPoints2{a6421446-611f-11e0-b4fd-00142aba9c8c}Shell - "" = AutoRun

O33 - MountPoints2{a6421446-611f-11e0-b4fd-00142aba9c8c}ShellAutoRun - "" = Auto&Play

O33 - MountPoints2{a6421446-611f-11e0-b4fd-00142aba9c8c}ShellAutoRuncommand - "" = K:ToolLauncher-Bootstrap.exe

O33 - MountPoints2{ba9bfa3e-53e6-11da-9f04-806d6172696f}Shell - "" = AutoRun

O33 - MountPoints2{ba9bfa3e-53e6-11da-9f04-806d6172696f}ShellAutoRun - "" = Auto&Play

O33 - MountPoints2{ba9bfa3e-53e6-11da-9f04-806d6172696f}ShellAutoRuncommand - "" = C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:PROGRA~1AVGAVG2012avgrsx.exe /sync /restart)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKCU...exe [@ = exefile] -- Reg Error: Key error. File not found

 

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/12/05 19:09:04 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorDesktopOTL.exe

[2011/12/04 16:56:08 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorApplication DataAVG Secure Search

[2011/12/04 09:29:55 | 000,000,000 | ---D | C] -- C:WINDOWSSystem32cache

[2011/12/04 09:29:53 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataAVG Secure Search

[2011/12/03 21:17:02 | 000,000,000 | ---D | C] -- C:N360_BACKUP

[2011/12/03 16:46:18 | 000,000,000 | ---D | C] -- C:Program FilesWindows Sidebar

[2011/12/03 16:45:36 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataNortonInstaller

[2011/12/03 16:45:34 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorMy DocumentsSymantec

[2011/12/03 16:40:33 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersDocumentsNorton

[2011/12/03 16:40:28 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataNorton

[2011/12/03 16:24:12 | 000,000,000 | ---D | C] -- C:Documents and SettingsLocalServiceLocal SettingsApplication DataID Vault

[2011/12/03 16:24:05 | 000,000,000 | ---D | C] -- C:Documents and SettingsLocalServiceApplication DataID Vault

[2011/12/03 16:11:20 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataIsolatedStorage

[2011/12/03 16:09:46 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataID Vault

[2011/12/03 16:08:17 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorApplication DataID Vault

[2011/12/03 16:07:49 | 000,025,232 | ---- | C] (StrikeForce Technologies, Inc.) -- C:WINDOWSSystem32driversgidv2.sys

[2011/12/03 16:07:36 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersGID

[2011/12/03 16:07:18 | 000,000,000 | ---D | C] -- C:Program FilesSFT

[2011/12/03 16:05:34 | 000,000,000 | ---D | C] -- C:Program FilesConstant Guard Protection Suite

[2011/12/03 16:03:05 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataWhite Sky, Inc

[2011/11/25 13:28:38 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorApplication DataHewlett-Packard

[2011/11/15 14:43:41 | 000,000,000 | ---D | C] -- C:WINDOWSMinidump

[3 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]

[1 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/12/05 19:11:01 | 000,000,906 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job

[2011/12/05 17:16:01 | 111,469,982 | ---- | M] () -- C:WINDOWSSystem32driversAVGincavi.avm

[2011/12/05 17:15:10 | 000,263,952 | ---- | M] () -- C:WINDOWSSystem32driversAVGiavichjg.avm

[2011/12/05 16:50:01 | 000,000,444 | -H-- | M] () -- C:WINDOWStasksUser_Feed_Synchronization-{14113E78-B761-4450-824B-C213608E3C5F}.job

[2011/12/05 13:11:01 | 000,000,902 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job

[2011/12/05 09:37:25 | 000,000,300 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2169891929-1308194038-3238692466-1008.job

[2011/12/05 09:37:23 | 000,000,308 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2169891929-1308194038-3238692466-1008.job

[2011/12/05 09:36:30 | 000,000,186 | ---- | M] () -- C:WINDOWSSystemhpsysdrv.DAT

[2011/12/05 09:11:55 | 000,000,486 | ---- | M] () -- C:WINDOWStasksAd-Aware Update (Weekly).job

[2011/12/05 09:09:00 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat

[2011/12/05 09:08:57 | 1006,030,848 | -HS- | M] () -- C:hiberfil.sys

[2011/12/05 09:05:56 | 000,001,190 | ---- | M] () -- C:Documents and SettingsHP_AdministratorDesktopall

[2011/12/03 16:41:30 | 000,000,836 | ---- | M] () -- C:Documents and SettingsHP_AdministratorDesktopNorton Installation Files.lnk

[2011/12/03 16:05:50 | 000,001,973 | ---- | M] () -- C:Documents and SettingsAll UsersStart MenuProgramsStartupConstant Guard.lnk

[2011/12/03 16:05:50 | 000,001,961 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopConstant Guard.lnk

[2011/12/03 15:40:37 | 000,000,856 | ---- | M] () -- C:WINDOWSSystem32driverskgpcpy.cfg

[2011/12/03 14:06:01 | 000,000,943 | ---- | M] () -- C:WINDOWSWININIT.INI

[2011/12/02 18:56:37 | 000,000,064 | ---- | M] () -- C:WINDOWSSystem32rp_stats.dat

[2011/12/02 18:56:37 | 000,000,044 | ---- | M] () -- C:WINDOWSSystem32rp_rules.dat

[2011/12/02 11:23:13 | 000,000,494 | ---- | M] () -- C:Program FilesShortcut to STOPzilla!.lnk

[2011/12/01 07:21:03 | 000,000,284 | ---- | M] () -- C:WINDOWStasksAppleSoftwareUpdate.job

[2011/11/25 13:41:42 | 000,004,608 | ---- | M] () -- C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/23 10:37:06 | 000,000,458 | ---- | M] () -- C:WINDOWStasksEasyShare Registration Task.job

[2011/11/22 08:18:08 | 000,000,713 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAVG 2012.lnk

[2011/11/20 15:47:31 | 000,000,851 | ---- | M] () -- C:WINDOWSUlead32.ini

[2011/11/18 19:13:43 | 000,001,824 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopGoogle Chrome.lnk

[2011/11/15 13:35:27 | 000,000,795 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopMalwarebytes' Anti-Malware.lnk

[2011/11/09 14:06:39 | 000,001,374 | ---- | M] () -- C:WINDOWSimsins.BAK

[2011/11/06 16:09:04 | 000,443,232 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat

[2011/11/06 16:09:03 | 000,072,372 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat

[3 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]

[1 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/12/05 09:05:56 | 000,001,190 | ---- | C] () -- C:Documents and SettingsHP_AdministratorDesktopall

[2011/12/04 15:40:50 | 1006,030,848 | -HS- | C] () -- C:hiberfil.sys

[2011/12/03 16:41:30 | 000,000,836 | ---- | C] () -- C:Documents and SettingsHP_AdministratorDesktopNorton Installation Files.lnk

[2011/12/03 16:16:51 | 000,139,208 | ---- | C] () -- C:Documents and SettingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat

[2011/12/03 16:05:51 | 000,001,967 | ---- | C] () -- C:Documents and SettingsAll UsersStart MenuProgramsConstant Guard.lnk

[2011/12/03 16:05:50 | 000,001,973 | ---- | C] () -- C:Documents and SettingsAll UsersStart MenuProgramsStartupConstant Guard.lnk

[2011/12/03 16:05:50 | 000,001,961 | ---- | C] () -- C:Documents and SettingsAll UsersDesktopConstant Guard.lnk

[2011/12/03 14:17:31 | 000,000,856 | ---- | C] () -- C:WINDOWSSystem32driverskgpcpy.cfg

[2011/12/02 11:23:13 | 000,000,494 | ---- | C] () -- C:Program FilesShortcut to STOPzilla!.lnk

[2011/04/28 22:41:52 | 000,000,064 | ---- | C] () -- C:WINDOWSSystem32rp_stats.dat

[2011/04/28 22:41:52 | 000,000,044 | ---- | C] () -- C:WINDOWSSystem32rp_rules.dat

[2010/07/22 16:20:03 | 000,000,029 | ---- | C] () -- C:WINDOWSDEBUGSM.INI

[2010/02/16 17:13:50 | 000,000,686 | ---- | C] () -- C:Documents and SettingsHP_AdministratorApplication Datawklnhst.dat

[2010/02/06 14:07:57 | 000,049,152 | ---- | C] () -- C:WINDOWSStiRegstEng.dll

[2010/02/06 13:36:35 | 000,073,220 | ---- | C] () -- C:WINDOWSSystem32EPPICPrinterDB.dat

[2010/02/06 13:36:35 | 000,001,137 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_ES.dat

[2010/02/06 13:36:35 | 000,001,130 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_FR.dat

[2010/02/06 13:36:35 | 000,001,130 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_CF.dat

[2010/02/06 13:36:35 | 000,001,104 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_EN.dat

[2010/02/06 13:36:35 | 000,000,097 | ---- | C] () -- C:WINDOWSSystem32PICSDK.ini

[2010/02/06 13:36:34 | 000,031,053 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern131.dat

[2010/02/06 13:36:34 | 000,029,114 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern1.dat

[2010/02/06 13:36:34 | 000,027,417 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern121.dat

[2010/02/06 13:36:34 | 000,021,021 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern3.dat

[2010/02/06 13:36:34 | 000,015,670 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern5.dat

[2010/02/06 13:36:34 | 000,013,280 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern2.dat

[2010/02/06 13:36:34 | 000,010,673 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern4.dat

[2010/02/06 13:36:34 | 000,004,943 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern6.dat

[2010/02/06 13:36:34 | 000,001,140 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_PT.dat

[2010/02/06 13:36:34 | 000,001,140 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_BP.dat

[2010/02/06 13:33:36 | 000,065,793 | ---- | C] () -- C:WINDOWSSystem32esfw54.bin

[2010/02/06 13:33:10 | 000,000,044 | ---- | C] () -- C:WINDOWSPERF4490.ini

[2010/02/06 13:06:08 | 000,001,877 | ---- | C] () -- C:WINDOWSPRESTO!.INI

[2010/02/06 13:06:00 | 000,001,241 | ---- | C] () -- C:WINDOWSIMGFOLIO.INI

[2010/02/06 13:04:22 | 000,009,584 | ---- | C] () -- C:WINDOWSWINSIZE2.DLL

[2010/02/06 13:04:21 | 000,000,192 | ---- | C] () -- C:WINDOWSUMXADDIN.INI

[2010/02/06 13:03:44 | 000,000,137 | ---- | C] () -- C:WINDOWSSWISNIFE.INI

[2010/02/06 13:03:39 | 000,007,680 | ---- | C] () -- C:WINDOWSSystem32driversONSREGED.SYS

[2010/02/06 13:03:38 | 000,199,776 | ---- | C] () -- C:WINDOWSSystem32driversONSIO.SYS

[2010/02/06 13:03:38 | 000,013,312 | ---- | C] () -- C:WINDOWSSystem32DEVLOAD.EXE

[2010/02/06 13:01:30 | 000,000,120 | ---- | C] () -- C:WINDOWSACROREAD.INI

[2010/02/06 13:01:30 | 000,000,027 | ---- | C] () -- C:WINDOWSACROGRAF.INI

[2010/02/06 12:49:27 | 000,000,851 | ---- | C] () -- C:WINDOWSUlead32.ini

[2010/02/06 12:42:30 | 000,005,632 | ---- | C] () -- C:WINDOWSSystem32CNMVS4b.DLL

[2010/02/05 23:33:24 | 000,000,214 | ---- | C] () -- C:WINDOWSHP_InstantSHareJPG.ini

[2010/02/05 23:31:52 | 000,000,227 | ---- | C] () -- C:WINDOWSHP_CounterReport_Update_HPSU.ini

[2010/02/05 23:31:33 | 000,000,214 | ---- | C] () -- C:WINDOWSHP_48BitScanUpdatePatch.ini

[2010/02/05 23:25:39 | 000,000,221 | ---- | C] () -- C:WINDOWSHP_RedboxHprblog_HPSU.ini

[2010/02/05 21:47:30 | 000,004,608 | ---- | C] () -- C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/05 00:38:39 | 000,000,061 | ---- | C] () -- C:WINDOWSsmscfg.ini

[2010/02/05 00:18:21 | 000,022,396 | ---- | C] () -- C:WINDOWSSystem32driversUSBkey.sys

[2010/02/05 00:15:30 | 000,118,842 | R--- | C] () -- C:WINDOWSHPCPCUninstaller-6.3.2.116-9972322.exe

[2010/02/05 00:14:41 | 000,014,316 | ---- | C] () -- C:WINDOWSSystem32CHODDI.SYS

[2010/02/05 00:14:35 | 000,045,056 | ---- | C] () -- C:WINDOWSSystem32hpreg.dll

[2010/02/05 00:11:58 | 000,000,054 | ---- | C] () -- C:WINDOWSQuicken.ini

[2010/02/05 00:08:20 | 000,000,376 | ---- | C] () -- C:WINDOWSODBC.INI

[2010/02/05 00:03:34 | 000,204,800 | ---- | C] () -- C:WINDOWSSystem32IVIresizeW7.dll

[2010/02/05 00:03:34 | 000,200,704 | ---- | C] () -- C:WINDOWSSystem32IVIresizeA6.dll

[2010/02/05 00:03:34 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeP6.dll

[2010/02/05 00:03:34 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeM6.dll

[2010/02/05 00:03:34 | 000,188,416 | ---- | C] () -- C:WINDOWSSystem32IVIresizePX.dll

[2010/02/05 00:03:34 | 000,020,480 | ---- | C] () -- C:WINDOWSSystem32IVIresize.dll

[2010/02/04 23:57:52 | 000,000,943 | ---- | C] () -- C:WINDOWSWININIT.INI

[2010/02/04 23:56:55 | 000,045,929 | ---- | C] () -- C:WINDOWSNSSetDefaultBrowser.EXE

[2010/02/04 23:56:55 | 000,000,698 | ---- | C] () -- C:WINDOWSNSSetDefaultBrowser.ini

[2010/02/04 23:51:24 | 000,080,417 | ---- | C] () -- C:WINDOWSHPHins08.dat

[2010/02/04 23:51:24 | 000,004,011 | ---- | C] () -- C:WINDOWShphmdl08.dat

[2010/02/04 23:50:21 | 000,072,881 | ---- | C] () -- C:WINDOWShpiins01.dat

[2010/02/04 23:50:21 | 000,000,000 | ---- | C] () -- C:WINDOWShpimdl01.dat

[2010/02/04 23:48:50 | 000,112,873 | ---- | C] () -- C:WINDOWShpoins07.dat

[2010/02/04 23:48:50 | 000,021,124 | ---- | C] () -- C:WINDOWShpomdl07.dat

[2010/02/04 23:45:24 | 000,088,403 | ---- | C] () -- C:WINDOWShpoins06.dat

[2010/02/04 23:45:24 | 000,005,389 | ---- | C] () -- C:WINDOWShpomdl06.dat

[2010/02/04 23:44:22 | 000,001,793 | ---- | C] () -- C:WINDOWSSystem32fxsperf.ini

[2010/02/04 23:40:20 | 000,104,361 | ---- | C] () -- C:WINDOWSSystem32atiicdxx.dat

[2010/02/04 23:28:53 | 000,000,791 | ---- | C] () -- C:WINDOWSorun32.ini

[2010/02/04 22:44:59 | 000,000,139 | ---- | C] () -- C:Documents and SettingsHP_AdministratorLocal SettingsApplication Datafusioncache.dat

[2010/02/04 18:59:33 | 000,272,128 | ---- | C] () -- C:WINDOWSSystem32perfi009.dat

[2010/02/04 18:59:33 | 000,028,626 | ---

Link to comment
Share on other sites

JonTom need some help here please.......was running the Gmer scan and thought it was finished scanning so tried to SAVE it as a txt file, but I can type the file name ok, but cannot get the "file type" to change to txt....also noticed at the bottom of my screen a small box showing the Gmer txt icon with in parenthesis as (Not Responding), so I am not sure if the scan finished or not? What should I do? Thank you.

 

Carline

 

 

JonTom......I am going to rerun this scan from the beginning and see if it goes all the way this time.

Edited by darkeyes
Link to comment
Share on other sites

Hellodarkeyes

 

That GMER log looks a little strange..... lets try this scan instead:

  • aswMBR

  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the "Scan" button to start scan.

Posted Image

 

  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Posted Image

 

Post the log in your next reply.

 

If there are any problems just let me know.

Link to comment
Share on other sites

Hi again JonTom ....here is the aswMBR scan. Thank you!

 

 

 

 

 

 

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-12-06 11:45:01

-----------------------------

11:45:01.019 OS Version: Windows 5.1.2600 Service Pack 3

11:45:01.019 Number of processors: 2 586 0x403

11:45:01.019 ComputerName: MYCOMPUTER UserName:

11:45:14.706 Initialize success

11:55:03.556 AVAST engine defs: 11120602

11:56:01.008 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP2T0L0-7

11:56:01.008 Disk 0 Vendor: Size: 0MB BusType: 0

11:56:01.008 Disk 1 DeviceHarddisk1DR3 -> Device00000079

11:56:01.024 Disk 1 Vendor: Size: 0MB BusType: 0

11:56:03.086 Disk 0 MBR read successfully

11:56:03.086 Disk 0 MBR scan

11:56:03.180 Disk 0 unknown MBR code

11:56:03.180 Disk 0 MBR hidden

11:56:03.305 Disk 0 scanning C:WINDOWSsystem32drivers

11:56:54.460 Service scanning

11:56:56.492 Modules scanning

11:58:20.537 Disk 0 trace - called modules:

11:58:20.584 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

11:58:20.584 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x86317ab8]

11:58:20.600 3 CLASSPNP.SYS[f75abfd7] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP2T0L0-7[0x86389b00]

11:58:23.959 AVAST engine scan C:WINDOWS

12:00:12.708 AVAST engine scan C:WINDOWSsystem32

12:06:52.937 AVAST engine scan C:WINDOWSsystem32drivers

12:08:08.702 AVAST engine scan C:Documents and SettingsHP_Administrator

12:22:40.816 AVAST engine scan C:Documents and SettingsAll Users

12:28:29.967 Scan finished successfully

12:44:35.878 Disk 0 MBR has been saved successfully to "C:Documents and SettingsHP_AdministratorDesktopMBR.dat"

12:44:35.878 The log file has been saved successfully to "C:Documents and SettingsHP_AdministratorDesktopaswMBR.txt"

Link to comment
Share on other sites

Hello darkeyes

 

Thank you for the log.

 

When you ran aswMBR, a file called MBR.dat would have been created and placed on the desktop of your machine.

 

I would like you to attach the MBR.dat file to your reply and post it back here.

 

Once you have done that, please work your way through the instructions below:

  • TDSS Killer

  • Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and double click on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please post the TDSSKiller log in your next reply.

Link to comment
Share on other sites

Hello darkeyes

 

this is what opened in the MBR.bat file saved on my desktop. Did I do something wrong?

No need to worry :)

 

Lets try it this way:

  • At the bottom of this thread you will see the "Reply to this topic" Window.
  • Click on "More reply options".
  • Under the response window that appears, you will see a picture of a paperclip and a section called "Attach Files".
  • Click on the "Browse" button.
  • Once you have done that, navigate to C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat
  • Double click on the MBR.dat file.
  • You should see the full file path to the file appear in the text box.
  • Click on the "Attach this file" button.
  • The file will be added as an attachment to your reply.
  • Click on "Add Reply".
  • Your reply will be added (containing the attached file).
Once you see the attachment in your reply continue with TDSSKiller.

 

If you run into any problems attaching the file come back and let me know :)

Link to comment
Share on other sites

22:23:40.0390 4116 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

22:23:40.0687 4116 ============================================================

22:23:40.0687 4116 Current date / time: 2011/12/06 22:23:40.0687

22:23:40.0687 4116 SystemInfo:

22:23:40.0687 4116

22:23:40.0687 4116 OS Version: 5.1.2600 ServicePack: 3.0

22:23:40.0687 4116 Product type: Workstation

22:23:40.0687 4116 ComputerName: MYCOMPUTER

22:23:40.0687 4116 UserName: HP_Administrator

22:23:40.0687 4116 Windows directory: C:WINDOWS

22:23:40.0687 4116 System windows directory: C:WINDOWS

22:23:40.0687 4116 Processor architecture: Intel x86

22:23:40.0687 4116 Number of processors: 2

22:23:40.0687 4116 Page size: 0x1000

22:23:40.0687 4116 Boot type: Normal boot

22:23:40.0687 4116 ============================================================

22:23:45.0468 4116 Initialize success

22:23:51.0890 1332 ============================================================

22:23:51.0890 1332 Scan started

22:23:51.0890 1332 Mode: Manual;

22:23:51.0890 1332 ============================================================

22:23:53.0750 1332 Abiosdsk - ok

22:23:53.0781 1332 abp480n5 - ok

22:23:53.0875 1332 ACPI (8fd99680a539792a30e97944fdaecf17) C:WINDOWSsystem32DRIVERSACPI.sys

22:23:53.0875 1332 ACPI - ok

22:23:53.0937 1332 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:WINDOWSsystem32driversACPIEC.sys

22:23:53.0937 1332 ACPIEC - ok

22:23:53.0953 1332 adpu160m - ok

22:23:54.0015 1332 aec (8bed39e3c35d6a489438b8141717a557) C:WINDOWSsystem32driversaec.sys

22:23:54.0015 1332 aec - ok

22:23:54.0109 1332 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:WINDOWSSystem32driversafd.sys

22:23:54.0140 1332 AFD - ok

22:23:54.0296 1332 AgereSoftModem (b7d2103eb2ecb765b2b7106bad089ab1) C:WINDOWSsystem32DRIVERSAGRSM.sys

22:23:54.0390 1332 AgereSoftModem - ok

22:23:54.0406 1332 Aha154x - ok

22:23:54.0421 1332 aic78u2 - ok

22:23:54.0453 1332 aic78xx - ok

22:23:54.0468 1332 AliIde - ok

22:23:54.0484 1332 amsint - ok

22:23:54.0546 1332 aracpi (00523019e3579c8f8a94457fe25f0f24) C:WINDOWSsystem32DRIVERSaracpi.sys

22:23:54.0546 1332 aracpi - ok

22:23:54.0609 1332 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:WINDOWSsystem32DRIVERSarhidfltr.sys

22:23:54.0625 1332 arhidfltr - ok

22:23:54.0640 1332 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:WINDOWSsystem32DRIVERSarkbcfltr.sys

22:23:54.0640 1332 arkbcfltr - ok

22:23:54.0656 1332 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:WINDOWSsystem32DRIVERSarmoucfltr.sys

22:23:54.0656 1332 armoucfltr - ok

22:23:54.0734 1332 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:WINDOWSsystem32DRIVERSarp1394.sys

22:23:54.0734 1332 Arp1394 - ok

22:23:54.0750 1332 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:WINDOWSsystem32DRIVERSarpolicy.sys

22:23:54.0750 1332 ARPolicy - ok

22:23:54.0781 1332 asc - ok

22:23:54.0796 1332 asc3350p - ok

22:23:54.0812 1332 asc3550 - ok

22:23:54.0906 1332 ASPI32 (144fa0451138bedd54931aa84a32983b) C:WINDOWSsystem32driversASPI32.sys

22:23:54.0921 1332 ASPI32 - ok

22:23:54.0953 1332 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:WINDOWSsystem32DRIVERSasyncmac.sys

22:23:54.0953 1332 AsyncMac - ok

22:23:55.0015 1332 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:WINDOWSsystem32DRIVERSatapi.sys

22:23:55.0015 1332 atapi - ok

22:23:55.0125 1332 Atdisk - ok

22:23:55.0250 1332 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:WINDOWSsystem32DRIVERSati2mtag.sys

22:23:55.0343 1332 ati2mtag - ok

22:23:55.0468 1332 Atmarpc (9916c1225104ba14794209cfa8012159) C:WINDOWSsystem32DRIVERSatmarpc.sys

22:23:55.0468 1332 Atmarpc - ok

22:23:55.0562 1332 audstub (d9f724aa26c010a217c97606b160ed68) C:WINDOWSsystem32DRIVERSaudstub.sys

22:23:55.0578 1332 audstub - ok

22:23:55.0687 1332 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:WINDOWSsystem32DRIVERSAVGIDSDriver.Sys

22:23:55.0703 1332 AVGIDSDriver - ok

22:23:55.0734 1332 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:WINDOWSsystem32DRIVERSAVGIDSEH.Sys

22:23:55.0734 1332 AVGIDSEH - ok

22:23:55.0781 1332 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:WINDOWSsystem32DRIVERSAVGIDSFilter.Sys

22:23:55.0781 1332 AVGIDSFilter - ok

22:23:55.0828 1332 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:WINDOWSsystem32DRIVERSAVGIDSShim.Sys

22:23:55.0828 1332 AVGIDSShim - ok

22:23:55.0890 1332 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:WINDOWSsystem32DRIVERSavgldx86.sys

22:23:55.0921 1332 Avgldx86 - ok

22:23:55.0953 1332 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:WINDOWSsystem32DRIVERSavgmfx86.sys

22:23:55.0953 1332 Avgmfx86 - ok

22:23:55.0984 1332 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:WINDOWSsystem32DRIVERSavgrkx86.sys

22:23:55.0984 1332 Avgrkx86 - ok

22:23:56.0078 1332 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:WINDOWSsystem32DRIVERSavgtdix.sys

22:23:56.0078 1332 Avgtdix - ok

22:23:56.0109 1332 bb-run (7270d070173b20ac9487ea16bb08b45f) C:WINDOWSsystem32DRIVERSbb-run.sys

22:23:56.0109 1332 bb-run - ok

22:23:56.0171 1332 Beep (da1f27d85e0d1525f6621372e7b685e9) C:WINDOWSsystem32driversBeep.sys

22:23:56.0171 1332 Beep - ok

22:23:56.0218 1332 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:WINDOWSsystem32driverscbidf2k.sys

22:23:56.0218 1332 cbidf2k - ok

22:23:56.0234 1332 cd20xrnt - ok

22:23:56.0281 1332 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:WINDOWSsystem32driversCdaudio.sys

22:23:56.0281 1332 Cdaudio - ok

22:23:56.0296 1332 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:WINDOWSsystem32driversCdfs.sys

22:23:56.0312 1332 Cdfs - ok

22:23:56.0359 1332 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:WINDOWSsystem32DRIVERScdrom.sys

22:23:56.0359 1332 Cdrom - ok

22:23:56.0375 1332 Changer - ok

22:23:56.0406 1332 CmdIde - ok

22:23:56.0421 1332 Cpqarray - ok

22:23:56.0453 1332 dac2w2k - ok

22:23:56.0468 1332 dac960nt - ok

22:23:56.0500 1332 Disk (044452051f3e02e7963599fc8f4f3e25) C:WINDOWSsystem32DRIVERSdisk.sys

22:23:56.0500 1332 Disk - ok

22:23:56.0578 1332 dmboot (d992fe1274bde0f84ad826acae022a41) C:WINDOWSsystem32driversdmboot.sys

22:23:56.0609 1332 dmboot - ok

22:23:56.0640 1332 dmio (7c824cf7bbde77d95c08005717a95f6f) C:WINDOWSsystem32driversdmio.sys

22:23:56.0640 1332 dmio - ok

22:23:56.0671 1332 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:WINDOWSsystem32driversdmload.sys

22:23:56.0671 1332 dmload - ok

22:23:56.0687 1332 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:WINDOWSsystem32driversDMusic.sys

22:23:56.0703 1332 DMusic - ok

22:23:56.0718 1332 dpti2o - ok

22:23:56.0734 1332 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:WINDOWSsystem32driversdrmkaud.sys

22:23:56.0734 1332 drmkaud - ok

22:23:56.0890 1332 Fastfat (38d332a6d56af32635675f132548343e) C:WINDOWSsystem32driversFastfat.sys

22:23:56.0890 1332 Fastfat - ok

22:23:56.0921 1332 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:WINDOWSsystem32DRIVERSfdc.sys

22:23:56.0921 1332 Fdc - ok

22:23:56.0953 1332 Fips (d45926117eb9fa946a6af572fbe1caa3) C:WINDOWSsystem32driversFips.sys

22:23:56.0953 1332 Fips - ok

22:23:57.0078 1332 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:WINDOWSsystem32DRIVERSflpydisk.sys

22:23:57.0078 1332 Flpydisk - ok

22:23:57.0171 1332 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:WINDOWSsystem32driversfltmgr.sys

22:23:57.0171 1332 FltMgr - ok

22:23:57.0203 1332 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:WINDOWSsystem32driversFs_Rec.sys

22:23:57.0203 1332 Fs_Rec - ok

22:23:57.0265 1332 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:WINDOWSsystem32DRIVERSftdisk.sys

22:23:57.0265 1332 Ftdisk - ok

22:23:57.0312 1332 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:WINDOWSsystem32DRIVERSftsata2.sys

22:23:57.0328 1332 ftsata2 - ok

22:23:57.0343 1332 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:WINDOWSsystem32DRIVERSgagp30kx.sys

22:23:57.0343 1332 gagp30kx - ok

22:23:57.0375 1332 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:WINDOWSsystem32driversGIDv2.sys

22:23:57.0375 1332 GIDv2 - ok

22:23:57.0421 1332 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:WINDOWSsystem32DRIVERSmsgpc.sys

22:23:57.0421 1332 Gpc - ok

22:23:57.0500 1332 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:WINDOWSsystem32DRIVERSHDAudBus.sys

22:23:57.0500 1332 HDAudBus - ok

22:23:57.0562 1332 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:WINDOWSsystem32DRIVERShidusb.sys

22:23:57.0562 1332 HidUsb - ok

22:23:57.0578 1332 hpn - ok

22:23:57.0640 1332 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:WINDOWSsystem32DriversHTTP.sys

22:23:57.0656 1332 HTTP - ok

22:23:57.0671 1332 i2omgmt - ok

22:23:57.0703 1332 i2omp - ok

22:23:57.0718 1332 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:WINDOWSsystem32DRIVERSi8042prt.sys

22:23:57.0718 1332 i8042prt - ok

22:23:57.0796 1332 iaStor (9a65e42664d1534b68512caad0efe963) C:WINDOWSsystem32DRIVERSiaStor.sys

22:23:57.0828 1332 iaStor - ok

22:23:57.0906 1332 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:WINDOWSsystem32DRIVERSimapi.sys

22:23:57.0921 1332 Imapi - ok

22:23:57.0937 1332 ini910u - ok

22:23:58.0015 1332 IntcAzAudAddService (4f106bde28f41351081a7dfd2bd0f2a0) C:WINDOWSsystem32driversRtkHDAud.sys

22:23:58.0156 1332 Suspicious file (Forged): C:WINDOWSsystem32driversRtkHDAud.sys. Real md5: 4f106bde28f41351081a7dfd2bd0f2a0, Fake md5: 27b220620a480e54bf57e4750ca9b65f

22:23:58.0187 1332 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning

22:23:58.0187 1332 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)

22:23:58.0281 1332 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:WINDOWSsystem32DRIVERSintelide.sys

22:23:58.0296 1332 IntelIde - ok

22:23:58.0343 1332 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:WINDOWSsystem32DRIVERSintelppm.sys

22:23:58.0343 1332 intelppm - ok

22:23:58.0375 1332 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:WINDOWSsystem32driversip6fw.sys

22:23:58.0390 1332 Ip6Fw - ok

22:23:58.0453 1332 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:WINDOWSsystem32DRIVERSipfltdrv.sys

22:23:58.0453 1332 IpFilterDriver - ok

22:23:58.0578 1332 IpInIp (b87ab476dcf76e72010632b5550955f5) C:WINDOWSsystem32DRIVERSipinip.sys

22:23:58.0578 1332 IpInIp - ok

22:23:58.0640 1332 IpNat (cc748ea12c6effde940ee98098bf96bb) C:WINDOWSsystem32DRIVERSipnat.sys

22:23:58.0640 1332 IpNat - ok

22:23:58.0671 1332 IPSec (23c74d75e36e7158768dd63d92789a91) C:WINDOWSsystem32DRIVERSipsec.sys

22:23:58.0671 1332 IPSec - ok

22:23:58.0718 1332 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:WINDOWSsystem32DRIVERSirenum.sys

22:23:58.0718 1332 IRENUM - ok

22:23:58.0734 1332 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:WINDOWSsystem32DRIVERSisapnp.sys

22:23:58.0734 1332 isapnp - ok

22:23:58.0781 1332 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:WINDOWSsystem32DRIVERSkbdclass.sys

22:23:58.0796 1332 Kbdclass - ok

22:23:58.0812 1332 kmixer (692bcf44383d056aed41b045a323d378) C:WINDOWSsystem32driverskmixer.sys

22:23:58.0812 1332 kmixer - ok

22:23:58.0843 1332 KSecDD (b467646c54cc746128904e1654c750c1) C:WINDOWSsystem32driversKSecDD.sys

22:23:58.0843 1332 KSecDD - ok

22:23:58.0906 1332 Lbd (336abe8721cbc3110f1c6426da633417) C:WINDOWSsystem32DRIVERSLbd.sys

22:23:58.0906 1332 Lbd - ok

22:23:58.0921 1332 lbrtfdc - ok

22:23:59.0015 1332 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:WINDOWSsystem32DRIVERSmhndrv.sys

22:23:59.0015 1332 MHNDRV - ok

22:23:59.0031 1332 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:WINDOWSsystem32driversmnmdd.sys

22:23:59.0046 1332 mnmdd - ok

22:23:59.0093 1332 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:WINDOWSsystem32driversModem.sys

22:23:59.0093 1332 Modem - ok

22:23:59.0109 1332 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:WINDOWSsystem32DRIVERSmouclass.sys

22:23:59.0125 1332 Mouclass - ok

22:23:59.0187 1332 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:WINDOWSsystem32DRIVERSmouhid.sys

22:23:59.0187 1332 mouhid - ok

22:23:59.0218 1332 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:WINDOWSsystem32driversMountMgr.sys

22:23:59.0218 1332 MountMgr - ok

22:23:59.0234 1332 mraid35x - ok

22:23:59.0265 1332 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:WINDOWSsystem32DRIVERSmrxdav.sys

22:23:59.0281 1332 MRxDAV - ok

22:23:59.0359 1332 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:WINDOWSsystem32DRIVERSmrxsmb.sys

22:23:59.0375 1332 MRxSmb - ok

22:23:59.0484 1332 Msfs (c941ea2454ba8350021d774daf0f1027) C:WINDOWSsystem32driversMsfs.sys

22:23:59.0484 1332 Msfs - ok

22:23:59.0515 1332 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:WINDOWSsystem32driversMSKSSRV.sys

22:23:59.0531 1332 MSKSSRV - ok

22:23:59.0546 1332 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:WINDOWSsystem32driversMSPCLOCK.sys

22:23:59.0546 1332 MSPCLOCK - ok

22:23:59.0609 1332 MSPQM (bad59648ba099da4a17680b39730cb3d) C:WINDOWSsystem32driversMSPQM.sys

22:23:59.0625 1332 MSPQM - ok

22:23:59.0718 1332 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:WINDOWSsystem32DRIVERSmssmbios.sys

22:23:59.0718 1332 mssmbios - ok

22:23:59.0796 1332 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:WINDOWSsystem32driversMup.sys

22:23:59.0812 1332 Mup - ok

22:23:59.0828 1332 NDIS (1df7f42665c94b825322fae71721130d) C:WINDOWSsystem32driversNDIS.sys

22:23:59.0828 1332 NDIS - ok

22:23:59.0875 1332 NdisTapi (0109c4f3850dfbab279542515386ae22) C:WINDOWSsystem32DRIVERSndistapi.sys

22:23:59.0875 1332 NdisTapi - ok

22:23:59.0921 1332 Ndisuio (f927a4434c5028758a842943ef1a3849) C:WINDOWSsystem32DRIVERSndisuio.sys

22:23:59.0921 1332 Ndisuio - ok

22:23:59.0953 1332 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:WINDOWSsystem32DRIVERSndiswan.sys

22:23:59.0953 1332 NdisWan - ok

22:24:00.0062 1332 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:WINDOWSsystem32driversNDProxy.sys

22:24:00.0078 1332 NDProxy - ok

22:24:00.0093 1332 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:WINDOWSsystem32DRIVERSnetbios.sys

22:24:00.0093 1332 NetBIOS - ok

22:24:00.0140 1332 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:WINDOWSsystem32DRIVERSnetbt.sys

22:24:00.0140 1332 NetBT - ok

22:24:00.0187 1332 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:WINDOWSsystem32DRIVERSnic1394.sys

22:24:00.0187 1332 NIC1394 - ok

22:24:00.0218 1332 Npfs (3182d64ae053d6fb034f44b6def8034a) C:WINDOWSsystem32driversNpfs.sys

22:24:00.0218 1332 Npfs - ok

22:24:00.0250 1332 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:WINDOWSsystem32driversNtfs.sys

22:24:00.0265 1332 Ntfs - ok

22:24:00.0343 1332 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:WINDOWSsystem32driversNull.sys

22:24:00.0343 1332 Null - ok

22:24:00.0390 1332 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:WINDOWSsystem32DRIVERSnwlnkflt.sys

22:24:00.0390 1332 NwlnkFlt - ok

22:24:00.0406 1332 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:WINDOWSsystem32DRIVERSnwlnkfwd.sys

22:24:00.0406 1332 NwlnkFwd - ok

22:24:00.0421 1332 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:WINDOWSsystem32DRIVERSohci1394.sys

22:24:00.0421 1332 ohci1394 - ok

22:24:00.0484 1332 ONSIO (5728b613f132df531f7c3510358e6212) C:WINDOWSSYSTEM32DRIVERSONSIO.SYS

22:24:00.0484 1332 ONSIO - ok

22:24:00.0531 1332 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:WINDOWSsystem32DRIVERSparport.sys

22:24:00.0531 1332 Parport - ok

22:24:00.0546 1332 PartMgr (beb3ba25197665d82ec7065b724171c6) C:WINDOWSsystem32driversPartMgr.sys

22:24:00.0562 1332 PartMgr - ok

22:24:00.0578 1332 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:WINDOWSsystem32driversParVdm.sys

22:24:00.0593 1332 ParVdm - ok

22:24:00.0609 1332 PCI (a219903ccf74233761d92bef471a07b1) C:WINDOWSsystem32DRIVERSpci.sys

22:24:00.0609 1332 PCI - ok

22:24:00.0625 1332 PCIDump - ok

22:24:00.0640 1332 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:WINDOWSsystem32DRIVERSpciide.sys

22:24:00.0656 1332 PCIIde - ok

22:24:00.0671 1332 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:WINDOWSsystem32driversPcmcia.sys

22:24:00.0687 1332 Pcmcia - ok

22:24:00.0765 1332 PDCOMP - ok

22:24:00.0781 1332 PDFRAME - ok

22:24:00.0796 1332 PDRELI - ok

22:24:00.0812 1332 PDRFRAME - ok

22:24:00.0828 1332 perc2 - ok

22:24:00.0859 1332 perc2hib - ok

22:24:00.0906 1332 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:WINDOWSsystem32DRIVERSraspptp.sys

22:24:00.0906 1332 PptpMiniport - ok

22:24:00.0953 1332 Processor (a32bebaf723557681bfc6bd93e98bd26) C:WINDOWSsystem32DRIVERSprocessr.sys

22:24:00.0953 1332 Processor - ok

22:24:01.0046 1332 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:WINDOWSsystem32DRIVERSPS2.sys

22:24:01.0046 1332 Ps2 - ok

22:24:01.0109 1332 PSched (09298ec810b07e5d582cb3a3f9255424) C:WINDOWSsystem32DRIVERSpsched.sys

22:24:01.0109 1332 PSched - ok

22:24:01.0125 1332 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:WINDOWSsystem32DRIVERSptilink.sys

22:24:01.0125 1332 Ptilink - ok

22:24:01.0171 1332 PxHelp20 (86724469cd077901706854974cd13c3e) C:WINDOWSsystem32DriversPxHelp20.sys

22:24:01.0171 1332 PxHelp20 - ok

22:24:01.0187 1332 ql1080 - ok

22:24:01.0234 1332 Ql10wnt - ok

22:24:01.0250 1332 ql12160 - ok

22:24:01.0265 1332 ql1240 - ok

22:24:01.0281 1332 ql1280 - ok

22:24:01.0312 1332 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:WINDOWSsystem32DRIVERSrasacd.sys

22:24:01.0312 1332 RasAcd - ok

22:24:01.0343 1332 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:WINDOWSsystem32DRIVERSrasl2tp.sys

22:24:01.0343 1332 Rasl2tp - ok

22:24:01.0375 1332 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:WINDOWSsystem32DRIVERSraspppoe.sys

22:24:01.0375 1332 RasPppoe - ok

22:24:01.0390 1332 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:WINDOWSsystem32DRIVERSraspti.sys

22:24:01.0390 1332 Raspti - ok

22:24:01.0421 1332 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:WINDOWSsystem32DRIVERSrdbss.sys

22:24:01.0421 1332 Rdbss - ok

22:24:01.0437 1332 RDPCDD (4912d5b403614ce99c28420f75353332) C:WINDOWSsystem32DRIVERSRDPCDD.sys

22:24:01.0453 1332 RDPCDD - ok

22:24:01.0468 1332 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:WINDOWSsystem32DRIVERSrdpdr.sys

22:24:01.0484 1332 rdpdr - ok

22:24:01.0531 1332 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:WINDOWSsystem32driversRDPWD.sys

22:24:01.0546 1332 RDPWD - ok

22:24:01.0593 1332 redbook (f828dd7e1419b6653894a8f97a0094c5) C:WINDOWSsystem32DRIVERSredbook.sys

22:24:01.0593 1332 redbook - ok

22:24:01.0625 1332 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:WINDOWSsystem32DRIVERSRtlnicxp.sys

22:24:01.0640 1332 RTL8023xp - ok

22:24:01.0671 1332 rtl8139 (d507c1400284176573224903819ffda3) C:WINDOWSsystem32DRIVERSRTL8139.SYS

22:24:01.0671 1332 rtl8139 - ok

22:24:01.0828 1332 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:Program FilesSuperAntiSpywareSASDIFSV.SYS

22:24:01.0828 1332 SASDIFSV - ok

22:24:01.0843 1332 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:Program FilesSuperAntiSpywareSASENUM.SYS

22:24:01.0843 1332 SASENUM - ok

22:24:01.0906 1332 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:Program FilesSuperAntiSpywareSASKUTIL.sys

22:24:01.0906 1332 SASKUTIL - ok

22:24:01.0968 1332 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:WINDOWSsystem32DRIVERSsecdrv.sys

22:24:01.0968 1332 Secdrv - ok

22:24:02.0031 1332 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:WINDOWSsystem32DRIVERSserenum.sys

22:24:02.0031 1332 Serenum - ok

22:24:02.0078 1332 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:WINDOWSsystem32DRIVERSserial.sys

22:24:02.0078 1332 Serial - ok

22:24:02.0125 1332 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:WINDOWSsystem32DRIVERSsfloppy.sys

22:24:02.0125 1332 Sfloppy - ok

22:24:02.0156 1332 Simbad - ok

22:24:02.0187 1332 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:WINDOWSsystem32DRIVERSsisnic.sys

22:24:02.0187 1332 SISNIC - ok

22:24:02.0234 1332 SMPLSCSI (fd5f05994d0dc3feb78f696f2980dd55) C:WINDOWSsystem32driversSMPLSCSI.SYS

22:24:02.0234 1332 SMPLSCSI - ok

22:24:02.0250 1332 Sparrow - ok

22:24:02.0296 1332 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:WINDOWSsystem32driverssplitter.sys

22:24:02.0296 1332 splitter - ok

22:24:02.0328 1332 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:WINDOWSsystem32DRIVERSsr.sys

22:24:02.0328 1332 sr - ok

22:24:02.0406 1332 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:WINDOWSsystem32DRIVERSsrv.sys

22:24:02.0421 1332 Srv - ok

22:24:02.0593 1332 swenum (3941d127aef12e93addf6fe6ee027e0f) C:WINDOWSsystem32DRIVERSswenum.sys

22:24:02.0593 1332 swenum - ok

22:24:02.0640 1332 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:WINDOWSsystem32driversswmidi.sys

22:24:02.0656 1332 swmidi - ok

22:24:02.0687 1332 symc810 - ok

22:24:02.0703 1332 symc8xx - ok

22:24:02.0718 1332 sym_hi - ok

22:24:02.0734 1332 sym_u3 - ok

22:24:02.0765 1332 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:WINDOWSsystem32driverssysaudio.sys

22:24:02.0781 1332 sysaudio - ok

22:24:02.0890 1332 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:WINDOWSsystem32DRIVERStcpip.sys

22:24:02.0906 1332 Tcpip - ok

22:24:02.0937 1332 TDPIPE (6471a66807f5e104e4885f5b67349397) C:WINDOWSsystem32driversTDPIPE.sys

22:24:02.0937 1332 TDPIPE - ok

22:24:02.0984 1332 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:WINDOWSsystem32driversTDTCP.sys

22:24:02.0984 1332 TDTCP - ok

22:24:03.0062 1332 TermDD (88155247177638048422893737429d9e) C:WINDOWSsystem32DRIVERStermdd.sys

22:24:03.0062 1332 TermDD - ok

22:24:03.0093 1332 TosIde - ok

22:24:03.0156 1332 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:WINDOWSsystem32driversUdfs.sys

22:24:03.0156 1332 Udfs - ok

22:24:03.0171 1332 ultra - ok

22:24:03.0218 1332 Update (402ddc88356b1bac0ee3dd1580c76a31) C:WINDOWSsystem32DRIVERSupdate.sys

22:24:03.0234 1332 Update - ok

22:24:03.0296 1332 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:WINDOWSsystem32DRIVERSusbccgp.sys

22:24:03.0328 1332 usbccgp - ok

22:24:03.0375 1332 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:WINDOWSsystem32DRIVERSusbehci.sys

22:24:03.0375 1332 usbehci - ok

22:24:03.0390 1332 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:WINDOWSsystem32DRIVERSusbhub.sys

22:24:03.0390 1332 usbhub - ok

22:24:03.0406 1332 usbohci (0daecce65366ea32b162f85f07c6753b) C:WINDOWSsystem32DRIVERSusbohci.sys

22:24:03.0421 1332 usbohci - ok

22:24:03.0437 1332 usbprint (a717c8721046828520c9edf31288fc00) C:WINDOWSsystem32DRIVERSusbprint.sys

22:24:03.0453 1332 usbprint - ok

22:24:03.0484 1332 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:WINDOWSsystem32DRIVERSusbscan.sys

22:24:03.0484 1332 usbscan - ok

22:24:03.0500 1332 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:WINDOWSsystem32DRIVERSUSBSTOR.SYS

22:24:03.0500 1332 usbstor - ok

22:24:03.0546 1332 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:WINDOWSsystem32DRIVERSusbuhci.sys

22:24:03.0546 1332 usbuhci - ok

22:24:03.0593 1332 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:WINDOWSSystem32driversvga.sys

22:24:03.0593 1332 VgaSave - ok

22:24:03.0609 1332 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:WINDOWSsystem32DRIVERSviaide.sys

22:24:03.0625 1332 ViaIde - ok

22:24:03.0640 1332 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:WINDOWSsystem32driversVolSnap.sys

22:24:03.0640 1332 VolSnap - ok

22:24:03.0687 1332 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:WINDOWSsystem32DRIVERSwanarp.sys

22:24:03.0687 1332 Wanarp - ok

22:24:03.0703 1332 WDICA - ok

22:24:03.0734 1332 wdmaud (6768acf64b18196494413695f0c3a00f) C:WINDOWSsystem32driverswdmaud.sys

22:24:03.0734 1332 wdmaud - ok

22:24:03.0843 1332 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:WINDOWSsystem32DRIVERSWudfPf.sys

22:24:03.0859 1332 WudfPf - ok

22:24:03.0875 1332 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:WINDOWSsystem32DRIVERSwudfrd.sys

22:24:03.0890 1332 WudfRd - ok

22:24:03.0937 1332 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) DeviceHarddisk0DR0

22:24:03.0953 1332 DeviceHarddisk0DR0 - ok

22:24:03.0968 1332 Boot (0x1200) (a0fb9317f940b90b9bc5529ad29bbf87) DeviceHarddisk0DR0Partition0

22:24:03.0968 1332 DeviceHarddisk0DR0Partition0 - ok

22:24:03.0968 1332 Boot (0x1200) (0584005be89f98011b0f374d7e7c1a31) DeviceHarddisk0DR0Partition1

22:24:03.0968 1332 DeviceHarddisk0DR0Partition1 - ok

22:24:03.0984 1332 ============================================================

22:24:03.0984 1332 Scan finished

22:24:03.0984 1332 ============================================================

22:24:04.0000 5520 Detected object count: 1

22:24:04.0000 5520 Actual detected object count: 1

22:24:09.0890 5520 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped by user

22:24:09.0890 5520 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User select action: Skip

22:24:46.0703 6068 Deinitialize success

Link to comment
Share on other sites

Hello darkeyes

 

I keep getting a "No File Chosen"

Okay. Forget about the upload for now.

 

I would like you to run TDSSKiller again but this time, allow it to cure what it detects.

 

Please post the new TDSSKiller log in your next reply.

Link to comment
Share on other sites

10:19:25.0062 0172 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

10:19:27.0062 0172 ============================================================

10:19:27.0062 0172 Current date / time: 2011/12/07 10:19:27.0062

10:19:27.0062 0172 SystemInfo:

10:19:27.0062 0172

10:19:27.0062 0172 OS Version: 5.1.2600 ServicePack: 3.0

10:19:27.0062 0172 Product type: Workstation

10:19:27.0359 0172 ComputerName: MYCOMPUTER

10:19:27.0359 0172 UserName: HP_Administrator

10:19:27.0359 0172 Windows directory: C:WINDOWS

10:19:27.0359 0172 System windows directory: C:WINDOWS

10:19:27.0359 0172 Processor architecture: Intel x86

10:19:27.0359 0172 Number of processors: 2

10:19:27.0359 0172 Page size: 0x1000

10:19:27.0359 0172 Boot type: Normal boot

10:19:27.0359 0172 ============================================================

10:20:04.0078 0172 Initialize success

10:20:32.0078 2436 ============================================================

10:20:32.0078 2436 Scan started

10:20:32.0078 2436 Mode: Manual;

10:20:32.0078 2436 ============================================================

10:21:32.0500 2436 Abiosdsk - ok

10:21:34.0750 2436 abp480n5 - ok

10:21:38.0328 2436 ACPI (8fd99680a539792a30e97944fdaecf17) C:WINDOWSsystem32DRIVERSACPI.sys

10:21:39.0265 2436 ACPI - ok

10:21:42.0640 2436 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:WINDOWSsystem32driversACPIEC.sys

10:21:43.0156 2436 ACPIEC - ok

10:21:45.0937 2436 adpu160m - ok

10:21:48.0703 2436 aec (8bed39e3c35d6a489438b8141717a557) C:WINDOWSsystem32driversaec.sys

10:21:49.0859 2436 aec - ok

10:21:52.0703 2436 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:WINDOWSSystem32driversafd.sys

10:21:53.0453 2436 AFD - ok

10:21:59.0015 2436 AgereSoftModem (b7d2103eb2ecb765b2b7106bad089ab1) C:WINDOWSsystem32DRIVERSAGRSM.sys

10:22:02.0046 2436 AgereSoftModem - ok

10:22:04.0312 2436 Aha154x - ok

10:22:05.0906 2436 aic78u2 - ok

10:22:08.0250 2436 aic78xx - ok

10:22:10.0921 2436 AliIde - ok

10:22:14.0125 2436 amsint - ok

10:22:17.0890 2436 aracpi (00523019e3579c8f8a94457fe25f0f24) C:WINDOWSsystem32DRIVERSaracpi.sys

10:22:18.0281 2436 aracpi - ok

10:22:20.0187 2436 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:WINDOWSsystem32DRIVERSarhidfltr.sys

10:22:30.0937 2436 arhidfltr - ok

10:22:33.0375 2436 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:WINDOWSsystem32DRIVERSarkbcfltr.sys

10:22:33.0484 2436 arkbcfltr - ok

10:22:35.0703 2436 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:WINDOWSsystem32DRIVERSarmoucfltr.sys

10:22:35.0781 2436 armoucfltr - ok

10:22:38.0984 2436 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:WINDOWSsystem32DRIVERSarp1394.sys

10:22:39.0062 2436 Arp1394 - ok

10:22:41.0234 2436 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:WINDOWSsystem32DRIVERSarpolicy.sys

10:22:41.0375 2436 ARPolicy - ok

10:22:45.0625 2436 asc - ok

10:22:49.0187 2436 asc3350p - ok

10:22:53.0328 2436 asc3550 - ok

10:22:55.0703 2436 ASPI32 (144fa0451138bedd54931aa84a32983b) C:WINDOWSsystem32driversASPI32.sys

10:22:57.0031 2436 ASPI32 - ok

10:22:59.0500 2436 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:WINDOWSsystem32DRIVERSasyncmac.sys

10:23:02.0265 2436 AsyncMac - ok

10:23:05.0609 2436 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:WINDOWSsystem32DRIVERSatapi.sys

10:23:08.0015 2436 atapi - ok

10:23:10.0546 2436 Atdisk - ok

10:23:17.0171 2436 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:WINDOWSsystem32DRIVERSati2mtag.sys

10:23:22.0906 2436 ati2mtag - ok

10:23:25.0218 2436 Atmarpc (9916c1225104ba14794209cfa8012159) C:WINDOWSsystem32DRIVERSatmarpc.sys

10:23:25.0515 2436 Atmarpc - ok

10:23:27.0843 2436 audstub (d9f724aa26c010a217c97606b160ed68) C:WINDOWSsystem32DRIVERSaudstub.sys

10:23:28.0031 2436 audstub - ok

10:23:30.0750 2436 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:WINDOWSsystem32DRIVERSAVGIDSDriver.Sys

10:23:34.0812 2436 AVGIDSDriver - ok

10:23:36.0953 2436 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:WINDOWSsystem32DRIVERSAVGIDSEH.Sys

10:23:37.0750 2436 AVGIDSEH - ok

10:23:41.0093 2436 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:WINDOWSsystem32DRIVERSAVGIDSFilter.Sys

10:23:41.0171 2436 AVGIDSFilter - ok

10:23:43.0296 2436 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:WINDOWSsystem32DRIVERSAVGIDSShim.Sys

10:23:45.0359 2436 AVGIDSShim - ok

10:23:47.0750 2436 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:WINDOWSsystem32DRIVERSavgldx86.sys

10:23:48.0390 2436 Avgldx86 - ok

10:23:51.0250 2436 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:WINDOWSsystem32DRIVERSavgmfx86.sys

10:23:51.0390 2436 Avgmfx86 - ok

10:23:53.0765 2436 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:WINDOWSsystem32DRIVERSavgrkx86.sys

10:23:53.0875 2436 Avgrkx86 - ok

10:23:56.0859 2436 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:WINDOWSsystem32DRIVERSavgtdix.sys

10:23:57.0500 2436 Avgtdix - ok

10:23:59.0625 2436 bb-run (7270d070173b20ac9487ea16bb08b45f) C:WINDOWSsystem32DRIVERSbb-run.sys

10:23:59.0671 2436 bb-run - ok

10:24:02.0109 2436 Beep (da1f27d85e0d1525f6621372e7b685e9) C:WINDOWSsystem32driversBeep.sys

10:24:02.0234 2436 Beep - ok

10:24:04.0109 2436 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:WINDOWSsystem32driverscbidf2k.sys

10:24:04.0281 2436 cbidf2k - ok

10:24:05.0656 2436 cd20xrnt - ok

10:24:07.0734 2436 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:WINDOWSsystem32driversCdaudio.sys

10:24:08.0375 2436 Cdaudio - ok

10:24:10.0125 2436 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:WINDOWSsystem32driversCdfs.sys

10:24:10.0218 2436 Cdfs - ok

10:24:12.0031 2436 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:WINDOWSsystem32DRIVERScdrom.sys

10:24:12.0343 2436 Cdrom - ok

10:24:14.0093 2436 Changer - ok

10:24:15.0484 2436 CmdIde - ok

10:24:17.0000 2436 Cpqarray - ok

10:24:18.0312 2436 dac2w2k - ok

10:24:20.0421 2436 dac960nt - ok

10:24:23.0203 2436 Disk (044452051f3e02e7963599fc8f4f3e25) C:WINDOWSsystem32DRIVERSdisk.sys

10:24:23.0265 2436 Disk - ok

10:24:27.0890 2436 dmboot (d992fe1274bde0f84ad826acae022a41) C:WINDOWSsystem32driversdmboot.sys

10:24:29.0687 2436 dmboot - ok

10:24:31.0984 2436 dmio (7c824cf7bbde77d95c08005717a95f6f) C:WINDOWSsystem32driversdmio.sys

10:24:32.0328 2436 dmio - ok

10:24:33.0890 2436 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:WINDOWSsystem32driversdmload.sys

10:24:34.0046 2436 dmload - ok

10:24:36.0968 2436 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:WINDOWSsystem32driversDMusic.sys

10:24:37.0109 2436 DMusic - ok

10:24:39.0953 2436 dpti2o - ok

10:24:43.0281 2436 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:WINDOWSsystem32driversdrmkaud.sys

10:24:43.0390 2436 drmkaud - ok

10:24:45.0734 2436 Fastfat (38d332a6d56af32635675f132548343e) C:WINDOWSsystem32driversFastfat.sys

10:24:46.0000 2436 Fastfat - ok

10:24:48.0875 2436 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:WINDOWSsystem32DRIVERSfdc.sys

10:24:49.0390 2436 Fdc - ok

10:24:52.0546 2436 Fips (d45926117eb9fa946a6af572fbe1caa3) C:WINDOWSsystem32driversFips.sys

10:24:52.0625 2436 Fips - ok

10:24:54.0718 2436 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:WINDOWSsystem32DRIVERSflpydisk.sys

10:24:54.0812 2436 Flpydisk - ok

10:24:57.0234 2436 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:WINDOWSsystem32driversfltmgr.sys

10:24:57.0500 2436 FltMgr - ok

10:24:59.0718 2436 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:WINDOWSsystem32driversFs_Rec.sys

10:24:59.0906 2436 Fs_Rec - ok

10:25:02.0421 2436 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:WINDOWSsystem32DRIVERSftdisk.sys

10:25:02.0796 2436 Ftdisk - ok

10:25:05.0265 2436 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:WINDOWSsystem32DRIVERSftsata2.sys

10:25:05.0734 2436 ftsata2 - ok

10:25:07.0218 2436 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:WINDOWSsystem32DRIVERSgagp30kx.sys

10:25:07.0281 2436 gagp30kx - ok

10:25:09.0312 2436 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:WINDOWSsystem32driversGIDv2.sys

10:25:09.0421 2436 GIDv2 - ok

10:25:11.0875 2436 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:WINDOWSsystem32DRIVERSmsgpc.sys

10:25:11.0953 2436 Gpc - ok

10:25:13.0718 2436 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:WINDOWSsystem32DRIVERSHDAudBus.sys

10:25:14.0437 2436 HDAudBus - ok

10:25:16.0093 2436 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:WINDOWSsystem32DRIVERShidusb.sys

10:25:16.0156 2436 HidUsb - ok

10:25:18.0468 2436 hpn - ok

10:25:20.0859 2436 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:WINDOWSsystem32DriversHTTP.sys

10:25:21.0687 2436 HTTP - ok

10:25:23.0781 2436 i2omgmt - ok

10:25:25.0359 2436 i2omp - ok

10:25:29.0437 2436 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:WINDOWSsystem32DRIVERSi8042prt.sys

10:25:29.0578 2436 i8042prt - ok

10:25:33.0640 2436 iaStor (9a65e42664d1534b68512caad0efe963) C:WINDOWSsystem32DRIVERSiaStor.sys

10:25:35.0796 2436 iaStor - ok

10:25:38.0046 2436 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:WINDOWSsystem32DRIVERSimapi.sys

10:25:38.0140 2436 Imapi - ok

10:25:40.0140 2436 ini910u - ok

10:25:51.0359 2436 IntcAzAudAddService (27b220620a480e54bf57e4750ca9b65f) C:WINDOWSsystem32driversRtkHDAud.sys

10:26:01.0703 2436 IntcAzAudAddService - ok

10:26:04.0171 2436 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:WINDOWSsystem32DRIVERSintelide.sys

10:26:04.0234 2436 IntelIde - ok

10:26:06.0218 2436 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:WINDOWSsystem32DRIVERSintelppm.sys

10:26:06.0609 2436 intelppm - ok

10:26:09.0359 2436 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:WINDOWSsystem32driversip6fw.sys

10:26:09.0437 2436 Ip6Fw - ok

10:26:11.0906 2436 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:WINDOWSsystem32DRIVERSipfltdrv.sys

10:26:12.0109 2436 IpFilterDriver - ok

10:26:14.0171 2436 IpInIp (b87ab476dcf76e72010632b5550955f5) C:WINDOWSsystem32DRIVERSipinip.sys

10:26:14.0296 2436 IpInIp - ok

10:26:16.0875 2436 IpNat (cc748ea12c6effde940ee98098bf96bb) C:WINDOWSsystem32DRIVERSipnat.sys

10:26:17.0265 2436 IpNat - ok

10:26:19.0890 2436 IPSec (23c74d75e36e7158768dd63d92789a91) C:WINDOWSsystem32DRIVERSipsec.sys

10:26:20.0109 2436 IPSec - ok

10:26:22.0468 2436 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:WINDOWSsystem32DRIVERSirenum.sys

10:26:22.0531 2436 IRENUM - ok

10:26:25.0078 2436 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:WINDOWSsystem32DRIVERSisapnp.sys

10:26:25.0187 2436 isapnp - ok

10:26:28.0000 2436 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:WINDOWSsystem32DRIVERSkbdclass.sys

10:26:28.0093 2436 Kbdclass - ok

10:26:30.0671 2436 kmixer (692bcf44383d056aed41b045a323d378) C:WINDOWSsystem32driverskmixer.sys

10:26:30.0984 2436 kmixer - ok

10:26:32.0953 2436 KSecDD (b467646c54cc746128904e1654c750c1) C:WINDOWSsystem32driversKSecDD.sys

10:26:33.0250 2436 KSecDD - ok

10:26:35.0406 2436 Lbd (336abe8721cbc3110f1c6426da633417) C:WINDOWSsystem32DRIVERSLbd.sys

10:26:35.0593 2436 Lbd - ok

10:26:37.0578 2436 lbrtfdc - ok

10:26:40.0531 2436 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:WINDOWSsystem32DRIVERSmhndrv.sys

10:26:40.0812 2436 MHNDRV - ok

10:26:43.0687 2436 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:WINDOWSsystem32driversmnmdd.sys

10:26:43.0765 2436 mnmdd - ok

10:26:47.0562 2436 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:WINDOWSsystem32driversModem.sys

10:26:47.0687 2436 Modem - ok

10:26:50.0546 2436 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:WINDOWSsystem32DRIVERSmouclass.sys

10:26:50.0687 2436 Mouclass - ok

10:26:53.0828 2436 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:WINDOWSsystem32DRIVERSmouhid.sys

10:26:53.0890 2436 mouhid - ok

10:26:56.0968 2436 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:WINDOWSsystem32driversMountMgr.sys

10:26:57.0078 2436 MountMgr - ok

10:26:59.0140 2436 mraid35x - ok

10:27:01.0562 2436 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:WINDOWSsystem32DRIVERSmrxdav.sys

10:27:02.0046 2436 MRxDAV - ok

10:27:05.0671 2436 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:WINDOWSsystem32DRIVERSmrxsmb.sys

10:27:06.0750 2436 MRxSmb - ok

10:27:08.0703 2436 Msfs (c941ea2454ba8350021d774daf0f1027) C:WINDOWSsystem32driversMsfs.sys

10:27:08.0734 2436 Msfs - ok

10:27:10.0453 2436 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:WINDOWSsystem32driversMSKSSRV.sys

10:27:10.0531 2436 MSKSSRV - ok

10:27:12.0515 2436 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:WINDOWSsystem32driversMSPCLOCK.sys

10:27:12.0656 2436 MSPCLOCK - ok

10:27:14.0953 2436 MSPQM (bad59648ba099da4a17680b39730cb3d) C:WINDOWSsystem32driversMSPQM.sys

10:27:15.0062 2436 MSPQM - ok

10:27:17.0171 2436 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:WINDOWSsystem32DRIVERSmssmbios.sys

10:27:17.0281 2436 mssmbios - ok

10:27:19.0531 2436 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:WINDOWSsystem32driversMup.sys

10:27:19.0859 2436 Mup - ok

10:27:21.0937 2436 NDIS (1df7f42665c94b825322fae71721130d) C:WINDOWSsystem32driversNDIS.sys

10:27:22.0468 2436 NDIS - ok

10:27:24.0359 2436 NdisTapi (0109c4f3850dfbab279542515386ae22) C:WINDOWSsystem32DRIVERSndistapi.sys

10:27:24.0453 2436 NdisTapi - ok

10:27:26.0578 2436 Ndisuio (f927a4434c5028758a842943ef1a3849) C:WINDOWSsystem32DRIVERSndisuio.sys

10:27:26.0625 2436 Ndisuio - ok

10:27:28.0671 2436 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:WINDOWSsystem32DRIVERSndiswan.sys

10:27:28.0906 2436 NdisWan - ok

10:27:31.0031 2436 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:WINDOWSsystem32driversNDProxy.sys

10:27:31.0031 2436 NDProxy - ok

10:27:32.0593 2436 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:WINDOWSsystem32DRIVERSnetbios.sys

10:27:32.0718 2436 NetBIOS - ok

10:27:34.0609 2436 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:WINDOWSsystem32DRIVERSnetbt.sys

10:27:34.0890 2436 NetBT - ok

10:27:36.0750 2436 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:WINDOWSsystem32DRIVERSnic1394.sys

10:27:36.0843 2436 NIC1394 - ok

10:27:38.0453 2436 Npfs (3182d64ae053d6fb034f44b6def8034a) C:WINDOWSsystem32driversNpfs.sys

10:27:38.0515 2436 Npfs - ok

10:27:40.0687 2436 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:WINDOWSsystem32driversNtfs.sys

10:27:41.0796 2436 Ntfs - ok

10:27:43.0656 2436 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:WINDOWSsystem32driversNull.sys

10:27:43.0906 2436 Null - ok

10:27:45.0953 2436 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:WINDOWSsystem32DRIVERSnwlnkflt.sys

10:27:46.0109 2436 NwlnkFlt - ok

10:27:48.0062 2436 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:WINDOWSsystem32DRIVERSnwlnkfwd.sys

10:27:48.0156 2436 NwlnkFwd - ok

10:27:49.0828 2436 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:WINDOWSsystem32DRIVERSohci1394.sys

10:27:49.0921 2436 ohci1394 - ok

10:27:51.0906 2436 ONSIO (5728b613f132df531f7c3510358e6212) C:WINDOWSSYSTEM32DRIVERSONSIO.SYS

10:27:52.0343 2436 ONSIO - ok

10:27:53.0937 2436 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:WINDOWSsystem32DRIVERSparport.sys

10:27:54.0093 2436 Parport - ok

10:27:56.0000 2436 PartMgr (beb3ba25197665d82ec7065b724171c6) C:WINDOWSsystem32driversPartMgr.sys

10:27:56.0046 2436 PartMgr - ok

10:27:57.0640 2436 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:WINDOWSsystem32driversParVdm.sys

10:27:57.0703 2436 ParVdm - ok

10:27:59.0359 2436 PCI (a219903ccf74233761d92bef471a07b1) C:WINDOWSsystem32DRIVERSpci.sys

10:27:59.0484 2436 PCI - ok

10:28:00.0390 2436 PCIDump - ok

10:28:01.0687 2436 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:WINDOWSsystem32DRIVERSpciide.sys

10:28:01.0765 2436 PCIIde - ok

10:28:03.0390 2436 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:WINDOWSsystem32driversPcmcia.sys

10:28:03.0578 2436 Pcmcia - ok

10:28:04.0765 2436 PDCOMP - ok

10:28:05.0984 2436 PDFRAME - ok

10:28:06.0859 2436 PDRELI - ok

10:28:07.0687 2436 PDRFRAME - ok

10:28:08.0625 2436 perc2 - ok

10:28:10.0218 2436 perc2hib - ok

10:28:11.0546 2436 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:WINDOWSsystem32DRIVERSraspptp.sys

10:28:11.0625 2436 PptpMiniport - ok

10:28:13.0390 2436 Processor (a32bebaf723557681bfc6bd93e98bd26) C:WINDOWSsystem32DRIVERSprocessr.sys

10:28:13.0453 2436 Processor - ok

10:28:14.0781 2436 Ps2 (0e2eb30605ca6ed2509d59af6a7362b4) C:WINDOWSsystem32DRIVERSPS2.sys

10:28:14.0859 2436 Ps2 - ok

10:28:16.0062 2436 PSched (09298ec810b07e5d582cb3a3f9255424) C:WINDOWSsystem32DRIVERSpsched.sys

10:28:16.0140 2436 PSched - ok

10:28:17.0093 2436 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:WINDOWSsystem32DRIVERSptilink.sys

10:28:17.0187 2436 Ptilink - ok

10:28:18.0109 2436 PxHelp20 (86724469cd077901706854974cd13c3e) C:WINDOWSsystem32DriversPxHelp20.sys

10:28:18.0171 2436 PxHelp20 - ok

10:28:19.0109 2436 ql1080 - ok

10:28:19.0953 2436 Ql10wnt - ok

10:28:20.0890 2436 ql12160 - ok

10:28:21.0953 2436 ql1240 - ok

10:28:22.0875 2436 ql1280 - ok

10:28:23.0781 2436 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:WINDOWSsystem32DRIVERSrasacd.sys

10:28:23.0812 2436 RasAcd - ok

10:28:24.0750 2436 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:WINDOWSsystem32DRIVERSrasl2tp.sys

10:28:24.0812 2436 Rasl2tp - ok

10:28:25.0953 2436 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:WINDOWSsystem32DRIVERSraspppoe.sys

10:28:26.0000 2436 RasPppoe - ok

10:28:26.0906 2436 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:WINDOWSsystem32DRIVERSraspti.sys

10:28:26.0937 2436 Raspti - ok

10:28:28.0453 2436 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:WINDOWSsystem32DRIVERSrdbss.sys

10:28:28.0734 2436 Rdbss - ok

10:28:29.0984 2436 RDPCDD (4912d5b403614ce99c28420f75353332) C:WINDOWSsystem32DRIVERSRDPCDD.sys

10:28:30.0062 2436 RDPCDD - ok

10:28:31.0609 2436 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:WINDOWSsystem32DRIVERSrdpdr.sys

10:28:31.0875 2436 rdpdr - ok

10:28:33.0859 2436 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:WINDOWSsystem32driversRDPWD.sys

10:28:34.0281 2436 RDPWD - ok

10:28:35.0437 2436 redbook (f828dd7e1419b6653894a8f97a0094c5) C:WINDOWSsystem32DRIVERSredbook.sys

10:28:35.0750 2436 redbook - ok

10:28:37.0203 2436 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:WINDOWSsystem32DRIVERSRtlnicxp.sys

10:28:37.0593 2436 RTL8023xp - ok

10:28:38.0843 2436 rtl8139 (d507c1400284176573224903819ffda3) C:WINDOWSsystem32DRIVERSRTL8139.SYS

10:28:39.0078 2436 rtl8139 - ok

10:28:40.0656 2436 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:Program FilesSuperAntiSpywareSASDIFSV.SYS

10:28:40.0671 2436 SASDIFSV - ok

10:28:40.0937 2436 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:Program FilesSuperAntiSpywareSASENUM.SYS

10:28:41.0015 2436 SASENUM - ok

10:28:41.0281 2436 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:Program FilesSuperAntiSpywareSASKUTIL.sys

10:28:41.0406 2436 SASKUTIL - ok

10:28:42.0609 2436 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:WINDOWSsystem32DRIVERSsecdrv.sys

10:28:42.0718 2436 Secdrv - ok

10:28:44.0343 2436 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:WINDOWSsystem32DRIVERSserenum.sys

10:28:44.0390 2436 Serenum - ok

10:28:45.0718 2436 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:WINDOWSsystem32DRIVERSserial.sys

10:28:45.0796 2436 Serial - ok

10:28:47.0468 2436 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:WINDOWSsystem32DRIVERSsfloppy.sys

10:28:47.0500 2436 Sfloppy - ok

10:28:48.0484 2436 Simbad - ok

10:28:49.0609 2436 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:WINDOWSsystem32DRIVERSsisnic.sys

10:28:49.0718 2436 SISNIC - ok

10:28:51.0437 2436 SMPLSCSI (fd5f05994d0dc3feb78f696f2980dd55) C:WINDOWSsystem32driversSMPLSCSI.SYS

10:28:51.0531 2436 SMPLSCSI - ok

10:28:52.0781 2436 Sparrow - ok

10:28:53.0937 2436 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:WINDOWSsystem32driverssplitter.sys

10:28:53.0984 2436 splitter - ok

10:28:55.0203 2436 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:WINDOWSsystem32DRIVERSsr.sys

10:28:55.0515 2436 sr - ok

10:28:57.0421 2436 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:WINDOWSsystem32DRIVERSsrv.sys

10:28:57.0921 2436 Srv - ok

10:28:59.0593 2436 swenum (3941d127aef12e93addf6fe6ee027e0f) C:WINDOWSsystem32DRIVERSswenum.sys

10:28:59.0640 2436 swenum - ok

10:29:00.0937 2436 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:WINDOWSsystem32driversswmidi.sys

10:29:01.0015 2436 swmidi - ok

10:29:02.0468 2436 symc810 - ok

10:29:03.0671 2436 symc8xx - ok

10:29:05.0109 2436 sym_hi - ok

10:29:06.0281 2436 sym_u3 - ok

10:29:09.0406 2436 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:WINDOWSsystem32driverssysaudio.sys

10:29:09.0500 2436 sysaudio - ok

10:29:12.0812 2436 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:WINDOWSsystem32DRIVERStcpip.sys

10:29:13.0296 2436 Tcpip - ok

10:29:14.0765 2436 TDPIPE (6471a66807f5e104e4885f5b67349397) C:WINDOWSsystem32driversTDPIPE.sys

10:29:14.0937 2436 TDPIPE - ok

10:29:17.0484 2436 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:WINDOWSsystem32driversTDTCP.sys

10:29:17.0562 2436 TDTCP - ok

10:29:19.0406 2436 TermDD (88155247177638048422893737429d9e) C:WINDOWSsystem32DRIVERStermdd.sys

10:29:19.0515 2436 TermDD - ok

10:29:20.0765 2436 TosIde - ok

10:29:22.0093 2436 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:WINDOWSsystem32driversUdfs.sys

10:29:22.0187 2436 Udfs - ok

10:29:23.0359 2436 ultra - ok

10:29:25.0437 2436 Update (402ddc88356b1bac0ee3dd1580c76a31) C:WINDOWSsystem32DRIVERSupdate.sys

10:29:26.0015 2436 Update - ok

10:29:28.0203 2436 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:WINDOWSsystem32DRIVERSusbccgp.sys

10:29:28.0468 2436 usbccgp - ok

10:29:29.0546 2436 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:WINDOWSsystem32DRIVERSusbehci.sys

10:29:29.0656 2436 usbehci - ok

10:29:31.0765 2436 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:WINDOWSsystem32DRIVERSusbhub.sys

10:29:31.0843 2436 usbhub - ok

10:29:34.0562 2436 usbohci (0daecce65366ea32b162f85f07c6753b) C:WINDOWSsystem32DRIVERSusbohci.sys

10:29:34.0593 2436 usbohci - ok

10:29:36.0250 2436 usbprint (a717c8721046828520c9edf31288fc00) C:WINDOWSsystem32DRIVERSusbprint.sys

10:29:36.0312 2436 usbprint - ok

10:29:37.0593 2436 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:WINDOWSsystem32DRIVERSusbscan.sys

10:29:37.0656 2436 usbscan - ok

10:29:38.0796 2436 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:WINDOWSsystem32DRIVERSUSBSTOR.SYS

10:29:38.0828 2436 usbstor - ok

10:29:41.0671 2436 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:WINDOWSsystem32DRIVERSusbuhci.sys

10:29:41.0734 2436 usbuhci - ok

10:29:44.0359 2436 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:WINDOWSSystem32driversvga.sys

10:29:44.0375 2436 VgaSave - ok

10:29:45.0500 2436 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:WINDOWSsystem32DRIVERSviaide.sys

10:29:45.0593 2436 ViaIde - ok

10:29:46.0593 2436 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:WINDOWSsystem32driversVolSnap.sys

10:29:46.0656 2436 VolSnap - ok

10:29:47.0781 2436 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:WINDOWSsystem32DRIVERSwanarp.sys

10:29:47.0843 2436 Wanarp - ok

10:29:48.0890 2436 WDICA - ok

10:29:50.0921 2436 wdmaud (6768acf64b18196494413695f0c3a00f) C:WINDOWSsystem32driverswdmaud.sys

10:29:51.0593 2436 wdmaud - ok

10:29:53.0968 2436 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:WINDOWSsystem32DRIVERSWudfPf.sys

10:29:54.0109 2436 WudfPf - ok

10:29:55.0406 2436 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:WINDOWSsystem32DRIVERSwudfrd.sys

10:29:55.0531 2436 WudfRd - ok

10:29:55.0671 2436 MBR (0x1B8) (0ac6d996bce152aed9600e6d6b797e2e) DeviceHarddisk0DR0

10:29:55.0781 2436 DeviceHarddisk0DR0 - ok

10:29:55.0812 2436 Boot (0x1200) (a0fb9317f940b90b9bc5529ad29bbf87) DeviceHarddisk0DR0Partition0

10:29:55.0843 2436 DeviceHarddisk0DR0Partition0 - ok

10:29:55.0859 2436 Boot (0x1200) (0584005be89f98011b0f374d7e7c1a31) DeviceHarddisk0DR0Partition1

10:29:55.0890 2436 DeviceHarddisk0DR0Partition1 - ok

10:29:55.0890 2436 ============================================================

10:29:55.0890 2436 Scan finished

10:29:55.0890 2436 ============================================================

10:29:56.0265 2760 Detected object count: 0

10:29:56.0265 2760 Actual detected object count: 0

Link to comment
Share on other sites

Hello darkeyes

 

are you seeing with these scans what my problem is?

Both GMER and TDSSK are reporting an infected Master Boot Record (MBR), although the infection does not appear to be being flagged in your latest TDSSKiller log.

 

I would like to continue with Combofix:

  • Combofix

  • Download ComboFix from one of the following locations:

     

    Link 1

    Link 2

  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image

 

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image

 

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

     

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

     

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Please post the Combofix log in your next reply.
Link to comment
Share on other sites

ComboFix 11-12-06.02 - HP_Administrator 12/07/2011 18:48:48.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.209 [GMT -5:00]

Running from: c:documents and settingsHP_AdministratorMy DocumentsDownloadsComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:docume~1HP_ADM~1LOCALS~1TempIadHide5.dll

c:documents and settingsAdministratorWINDOWS

c:documents and settingsDefault UserWINDOWS

c:documents and settingsHP_AdministratorLocal SettingsTempIadHide5.dll

c:documents and settingsHP_AdministratorWINDOWS

c:program filesShared

c:windowsdesktop

c:windowsdesktopScanport Applications.lnk

c:windowsHPCPCUninstaller-6.3.2.116-9972322.exe

c:windowskb913800.exe

c:windowssystem32Cache

c:windowssystem32Cache272512937d9e61a4.fb

c:windowssystem32Cache287204568329e189.fb

c:windowssystem32Cache28bc8f716fd76a47.fb

c:windowssystem32Cache2c53092c95605355.fb

c:windowssystem32Cache3917078cb68ec657.fb

c:windowssystem32Cache590ba23ce359fd0c.fb

c:windowssystem32Cache5a0d95c5ceab41e1.fb

c:windowssystem32Cache610289e025a3ee9a.fb

c:windowssystem32Cache651c5d3cdbfb8bd1.fb

c:windowssystem32Cache6c59ac5e7e7a3ad0.fb

c:windowssystem32Cachead10a52aff5e038d.fb

c:windowssystem32Cachec4d28dca2e7648be.fb

c:windowssystem32Cached201ef9910cd39de.fb

c:windowssystem32Cached2e94710a5708128.fb

c:windowssystem32Cached79b9dfe81484ec4.fb

c:windowssystem32Cachee0de16f883bea794.fb

c:windowssystem32configsystemprofileWINDOWS

c:windowssystem32ps2.bat

D:Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))

.

.

2011-12-04 21:56 . 2011-12-04 21:56 -------- d-----w- c:documents and settingsHP_AdministratorApplication DataAVG Secure Search

2011-12-04 14:29 . 2011-12-04 14:30 -------- d-----w- c:documents and settingsAll UsersApplication DataAVG Secure Search

2011-12-04 02:17 . 2011-12-04 02:17 -------- d-----w- C:N360_BACKUP

2011-12-03 21:46 . 2011-12-03 21:46 -------- d-----w- c:program filesWindows Sidebar

2011-12-03 21:40 . 2011-12-04 21:26 -------- d-----w- c:documents and settingsAll UsersApplication DataNorton

2011-12-03 21:24 . 2011-12-03 21:24 -------- d-----w- c:documents and settingsLocalServiceLocal SettingsApplication DataID Vault

2011-12-03 21:24 . 2011-12-03 21:24 -------- d-----w- c:documents and settingsLocalServiceApplication DataID Vault

2011-12-03 21:11 . 2011-12-03 21:11 -------- d-----w- c:documents and settingsAll UsersApplication DataIsolatedStorage

2011-12-03 21:09 . 2011-12-07 22:13 -------- d-----w- c:documents and settingsHP_AdministratorLocal SettingsApplication DataID Vault

2011-12-03 21:08 . 2011-12-07 22:13 -------- d-----w- c:documents and settingsHP_AdministratorApplication DataID Vault

2011-12-03 21:05 . 2011-12-07 22:16 -------- d-----w- c:program filesConstant Guard Protection Suite

2011-12-03 21:03 . 2011-12-03 21:03 -------- d-----w- c:documents and settingsAll UsersApplication DataWhite Sky, Inc

2011-11-25 18:28 . 2011-11-25 18:28 -------- d-----w- c:documents and settingsHP_AdministratorApplication DataHewlett-Packard

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-28 21:52 . 2010-02-05 05:20 64512 ----a-w- c:windowssystem32driversLbd.sys

2011-10-27 01:29 . 2011-06-20 22:29 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2010-02-04 23:57 692736 ----a-w- c:windowssystem32inetcomm.dll

2011-10-07 10:23 . 2011-01-07 10:41 230608 ----a-w- c:windowssystem32driversavgldx86.sys

2011-10-04 10:21 . 2011-02-10 11:53 16720 ----a-w- c:windowssystem32driversAVGIDSShim.sys

2011-10-03 09:06 . 2011-04-30 02:25 472808 ----a-w- c:windowssystem32deployJava1.dll

2011-10-03 06:37 . 2011-04-30 02:25 73728 ----a-w- c:windowssystem32javacpl.cpl

2011-09-28 07:06 . 2010-02-04 23:55 599040 ----a-w- c:windowssystem32crypt32.dll

2011-09-26 15:41 . 2010-02-04 23:59 220160 ----a-w- c:windowssystem32oleacc.dll

2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:windowssystem32uiautomationcore.dll

2011-09-26 15:41 . 2010-02-04 23:59 20480 ----a-w- c:windowssystem32oleaccrc.dll

2011-09-13 10:30 . 2011-01-19 08:32 32592 ----a-w- c:windowssystem32driversavgrkx86.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE~Browser Helper Objects{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

2011-10-21 09:10 87440 ----a-w- c:program filesadawaretbadawareDx.dll

.

[HKEY_LOCAL_MACHINE~Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-12-04 14:29 1547104 ----a-w- c:program filesAVG Secure Search9.0.0.18AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:program filesadawaretbadawareDx.dll" [2011-10-21 87440]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:program filesAVG Secure Search9.0.0.18AVG Secure Search_toolbar.dll" [2011-12-04 1547104]

.

[HKEY_CLASSES_ROOTclsid{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_CLASSES_ROOTclsid{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"SpybotSD TeaTimer"="c:program filesSpybot - Search & DestroyTeaTimer.exe" [2009-03-05 2260480]

"SUPERAntiSpyware"="c:program filesSuperAntiSpywareSUPERAntiSpyware.exe" [2011-01-21 2424560]

"ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"ehTray"="c:windowsehomeehtray.exe" [2005-08-05 64512]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"HPHUPD08"="c:program filesHPDigital Imaging{33D6CC28-9F75-4d1b-A11D-98895B3A3729}hphupd08.exe" [2005-06-02 49152]

"DISCover"="c:program filesDISCDISCover.exe" [2005-09-27 1060864]

"DiscUpdateManager"="c:program filesDISCDiscUpdateMgr.exe" [2005-09-27 61440]

"HP Software Update"="c:program filesHPHP Software UpdateHPWuSchd2.exe" [2010-03-12 49208]

"EEventManager"="c:program filesEPSONCreativity SuiteEvent ManagerEEventManager.exe" [2005-04-08 102400]

"EKIJ5000StatusMonitor"="c:windowsSystem32spoolDRIVERSW32X863EKIJ5000MUI.exe" [2009-08-03 1626112]

"ArcSoft Connection Service"="c:program filesCommon FilesArcSoftConnection ServiceBinACDaemon.exe" [2010-10-28 207424]

"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2011-03-30 937920]

"AVG_TRAY"="c:program filesAVGAVG2012avgtray.exe" [2011-10-25 2415456]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-06-09 254696]

"Ad-Aware Browsing Protection"="c:documents and settingsAll UsersApplication DataAd-Aware Browsing Protectionadawarebp.exe" [2011-10-21 198032]

"HPBootOp"="c:program filesHewlett-PackardHP Boot OptimizerHPBootOp.exe" [2005-09-21 1605740]

"vProt"="c:program filesAVG Secure Searchvprot.exe" [2011-12-04 827232]

.

c:documents and settingsAll UsersStart MenuProgramsStartup

HP Digital Imaging Monitor.lnk - c:program filesHPDigital Imagingbinhpqtra08.exe [2005-5-12 282624]

Kodak EasyShare software.lnk - c:program filesKodakKodak EasyShare softwarebinEasyShare.exe [2010-1-27 323584]

McAfee Security Scan Plus.lnk - c:program filesMcAfee Security Scan2.0.181SSScheduler.exe [2010-1-15 255536]

Updates from HP.lnk - c:program filesUpdates from HP9972322ProgramUpdates from HP.exe [2010-2-5 36903]

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSuperAntiSpywareSASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:program filesSuperAntiSpywareSASWINLO.dll

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~1AVGAVG2012avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]

@="Service"

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"c:Program FilesHPDigital Imagingbinhpqtra08.exe"=

"c:Program FilesHPDigital Imagingbinhpqste08.exe"=

"c:Program FilesHPDigital Imagingbinhpofxm08.exe"=

"c:Program FilesHPDigital Imagingbinhposfx08.exe"=

"c:Program FilesHPDigital Imagingbinhposid01.exe"=

"c:Program FilesHPDigital Imagingbinhpqscnvw.exe"=

"c:Program FilesHPDigital Imagingbinhpqkygrp.exe"=

"c:Program FilesHPDigital ImagingbinhpqCopy.exe"=

"c:Program FilesHPDigital Imagingbinhpfccopy.exe"=

"c:Program FilesHPDigital Imagingbinhpzwiz01.exe"=

"c:Program FilesHPDigital ImagingUnloadHpqPhUnl.exe"=

"c:Program FilesHPDigital ImagingUnloadHpqDIA.exe"=

"c:Program FilesHPDigital Imagingbinhpoews01.exe"=

"c:Program FilesDISCDISCover.exe"=

"c:Program FilesDISCDiscStreamHub.exe"=

"c:Program FilesDISCmyFTP.exe"=

"c:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe"=

"c:Program FilesBonjourmDNSResponder.exe"=

"c:Program FilesKodakAiOCenterAiOHomeCenter.exe"=

"c:Program FilesKodakAiOCenterKodak.Statistics.exe"=

"c:Program FilesKodakAiOCenterNetworkPrinterDiscovery.exe"=

"c:Program FilesKodakAiOFirmwareKodakAiOUpdater.exe"=

"c:Documents and SettingsAll UsersApplication DataKodakInstallerSetup.exe"=

"c:Program FilesMessengermsmsgs.exe"=

"c:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:Program FilesYahoo!MessengerYahooMessenger.exe"=

"c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"=

"c:Program FilesAVGAVG2012avgmfapx.exe"=

"c:Program FilesadawaretbdtUser.exe"=

"c:Program FilesAVGAVG2012avgnsx.exe"=

"c:Program FilesAVGAVG2012avgdiagex.exe"=

"c:Program FilesAVGAVG2012avgemcx.exe"=

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]

"9322:TCP"= 9322:TCP:EKDiscovery

.

R0 AVGIDSEH;AVGIDSEH;c:windowssystem32driversAVGIDSEH.sys [2/22/2011 7:13 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [1/19/2011 3:32 AM 32592]

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2/5/2010 12:20 AM 64512]

R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [1/7/2011 5:41 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [2/10/2011 6:54 AM 295248]

R1 SASDIFSV;SASDIFSV;c:program filesSuperAntiSpywareSASDIFSV.SYS [1/5/2010 7:56 AM 12872]

R1 SASKUTIL;SASKUTIL;c:program filesSuperAntiSpywareSASKUTIL.SYS [1/5/2010 7:56 AM 67656]

R2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2012AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]

R2 avgwd;AVG WatchDog;c:program filesAVGAVG2012avgwdsvc.exe [8/2/2011 5:09 AM 192776]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:program filesKodakAiOCenterekdiscovery.exe [8/5/2009 12:49 PM 284016]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program filesLavasoftAd-AwareAAWService.exe [10/28/2011 4:52 PM 2152152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:progra~1mcafeeSITEAD~1mcsacore.exe [12/27/2010 2:33 PM 94880]

R2 vToolbarUpdater;vToolbarUpdater;c:program filesCommon FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe [12/4/2011 9:29 AM 855904]

R3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversAVGIDSDriver.sys [3/30/2011 4:17 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32driversAVGIDSFilter.sys [2/10/2011 6:53 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:windowssystem32driversAVGIDSShim.sys [2/10/2011 6:53 AM 16720]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:program filesLavasoftAd-Awarekernexplorer.sys [10/28/2011 4:52 PM 15232]

S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [3/7/2010 6:09 PM 135664]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:program filesAVGAVG10ToolbarToolbarBroker.exe [4/29/2011 12:25 AM 1025352]

S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [3/7/2010 6:09 PM 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesMcAfee Security Scan2.0.181McCHSvc.exe [1/15/2010 7:49 AM 227232]

S3 SASENUM;SASENUM;c:program filesSuperAntiSpywareSASENUM.SYS [1/5/2010 7:56 AM 12872]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - LAVASOFT_KERNEXPLORER

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-08 c:windowsTasksAd-Aware Update (Weekly).job

- c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2011-10-28 21:52]

.

2011-12-01 c:windowsTasksAppleSoftwareUpdate.job

- c:program filesApple Software UpdateSoftwareUpdate.exe [2011-06-01 21:57]

.

2010-04-06 c:windowsTasksEasy Internet Sign-up.job

- c:program filesHewlett-PackardSDPHPSdpApp.exe [2005-09-08 20:23]

.

2011-12-08 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-07 23:09]

.

2011-12-08 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-07 23:09]

.

2011-12-08 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-2169891929-1308194038-3238692466-1008.job

- c:program filesRealRealUpgraderealupgrade.exe [2011-09-27 17:40]

.

2011-12-07 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-2169891929-1308194038-3238692466-1008.job

- c:program filesRealRealUpgraderealupgrade.exe [2011-09-27 17:40]

.

2011-12-07 c:windowsTasksUser_Feed_Synchronization-{14113E78-B761-4450-824B-C213608E3C5F}.job

- c:windowssystem32msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE: &Google Search - c:program filesGoogleGoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:program filesGoogleGoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:program filesGoogleGoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:program filesGoogleGoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:progra~1MICROS~4OFFICE11EXCEL.EXE/3000

IE: Similar Pages - c:program filesGoogleGoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:program filesGoogleGoogleToolbar1.dll/cmtrans.html

Trusted Zone: trymedia.com

TCP: DhcpNameServer = 68.87.71.230 68.87.73.246

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:program filesCommon FilesAVG Secure SearchViProtocolInstaller9.0.1ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKLM-Run-PCDrProfiler - (no file)

Notify-TPSvc - TPSvc.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-07 19:44

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:docume~1HP_ADM~1LOCALS~1Temp3at_tqlr.0.cs 93478 bytes

c:docume~1HP_ADM~1LOCALS~1Temp3at_tqlr.cmdline 303 bytes

c:docume~1HP_ADM~1LOCALS~1Temp3at_tqlr.err 0 bytes

.

scan completed successfully

hidden files: 3

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERSS-1-5-21-2169891929-1308194038-3238692466-1008SoftwareMicrosoftSystemCertificatesAddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1240)

c:program filesSuperAntiSpywareSASWINLO.dll

c:windowssystem32WININET.dll

c:windowssystem32Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(672)

c:windowssystem32WININET.dll

c:documents and settingsAll UsersApplication DataAd-Aware Browsing Protectionadawarebp.dll

c:progra~1mcafeeSITEAD~1saHook.dll

c:windowssystem32ieframe.dll

c:windowssystem32webcheck.dll

c:windowssystem32WPDShServiceObj.dll

c:windowssystem32PortableDeviceTypes.dll

c:windowssystem32PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:progra~1AVGAVG2012avgrsx.exe

c:program filesAVGAVG2012avgcsrvx.exe

c:windowssystem32Ati2evxx.exe

c:windowssystem32Ati2evxx.exe

c:program filesCommon FilesArcSoftConnection ServiceBinACService.exe

c:windowsarservice.exe

c:program filesBonjourmDNSResponder.exe

c:windowseHomeehRecvr.exe

c:windowseHomeehSched.exe

c:program filesAVGAVG2012avgnsx.exe

c:program filesJavajre6binjqs.exe

c:program filesCommon FilesLightScribeLSSrvc.exe

c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

c:windowsSystem32spoolDRIVERSW32X863HPZIPM12.EXE

c:program filesYahoo!SoftwareUpdateYahooAUService.exe

c:windowsehomemcrdsvc.exe

c:windowssystem32rundll32.exe

c:windowssystem32wbemunsecapp.exe

c:windowsARPWRMSG.EXE

c:program filesLavasoftAd-AwareAAWTray.exe

c:windowseHomeehmsas.exe

c:windowssystem32dllhost.exe

c:program filesDISCDiscStreamHub.exe

c:hpKBDKBD.EXE

c:windowsRTHDCPL.EXE

c:program filesATI TechnologiesATI Control Panelatiptaxx.exe

.

**************************************************************************

.

Completion time: 2011-12-07 20:19:12 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-08 01:18

.

Pre-Run: 212,425,293,824 bytes free

Post-Run: 212,605,882,368 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)WINDOWS

[operating systems]

c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 8A7A5CD8F4AB3C65441C889A5A5E6DE8

Link to comment
Share on other sites

Hello darkeyes

 

Thank you for the log.

 

Please make sure that the Combofix executable is placed directly onto your desktop (right now it is in your downloads folder).

  • Security Programs

  • I can see from your log that you have a number of real-time security programs running, namely AVG Anti-Virus Free Edition 2012, Lavasoft Ad-Watch Live! Anti-Virus and I can also see traces of Norton N360.
  • Whilst these programs provide good security, they may clash with each other which can leave your system vulnerable to infection.
  • Multiple real time security programs will drai system resources leading to a slow running machine.
  • Please make sure that you only have ONE Firewall and ONE real-time Antivirus running on your system.
  • If you would like a removal tool for Norton let me know.

Before we continue I would like to take anpther look at the MBR:

  • GMER

    • Please run GMER again as you did previously and post the log in your next reply.
  • MBRCheck

    • Please download MBRCheck by clicking here and save it to your desktop.
    • Be sure to disable your security programs.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm:filtered: should appear on your desktop.
    • Please post the contents of that file in your next reply.
  • Please download SystemLook by JPShortstuff

    • Please download SystemLook by JPShortstuff by clicking here or here and save the file (called SystemLook.exe) to your desktop.
    • Double click SystemLook.exe to run the program.
    • Copy the content of the following codebox into the main textfield:
    :filefind
    *3at_tqlr.0.cs
    *3at_tqlr.cmdline
    *3at_tqlr.err
    
    

    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    • Note: The log can also be found on your Desktop entitled SystemLook.txt
    Please post the GMER log, the MBRCheck log and the SystemLook log in your next reply.
Link to comment
Share on other sites

Hello darkeyes

 

Here you go

 

  • Please download and run the Norton Removal Tool

     

  • The Norton removal tool will locate and remove all traces of Norton products from your computer.
  • To download the tool, click here.
  • Read throught the information on the page, and then select the Norton product that you have (this is the one that will be removed).
  • Follow the instructions to obtain the removal tool and to complete the removal process.
Link to comment
Share on other sites

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit quick scan 2011-12-08 13:06:05

Windows 5.1.2600 Service Pack 3 Harddisk0DR0 -> DeviceIdeIdeDeviceP2T0L0-7 WDC_WD2500JS-60MHB1 rev.10.02E02

Running: gmer.exe; Driver: C:DOCUME~1HP_ADM~1LOCALS~1Tempaxloiuod.sys

 

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice FileSystemNtfs Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

AttachedDevice FileSystemNtfs Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

AttachedDevice FileSystemFastfat Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice FileSystemFastfat Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

AttachedDevice DriverTcpip DeviceIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice DriverTcpip DeviceTcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice DriverTcpip DeviceUdp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice DriverTcpip DeviceRawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice DriverKbdclass DeviceKeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

AttachedDevice DriverKbdclass DeviceKeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

 

---- EOF - GMER 1.0.15 ----

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...