G'day Guys I'm not a techo & new here. Was pointed in this direction to run ERUNT (this wouldn't run due to no internet access on pc) & DDS log.

First can I say before I found your site & had discovered the virus (see notes below) I had tried to run Combofix but it didn't work (i think, as I have lost internet access on my PC)

I hope I've done it right so far??

--------------------------------------------------------------------------
My 7 year old son mainly uses our pc for playing games & printing out coloring in pages etc.

I run AVG & it's now coming up with following;
IDP.Trojan.1C8D1A13 & Crypt.AQLW

I've tried to find a tool to remove it (as avg cant get rid of it) but can't find anything. Don't really know what else to do?

If you can an help me I would really appreciate it (fyi the pc runs xppro).

Cheers Andy

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Cameron at 11:05:22 on 2012-04-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1410 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FingerPrint\FingerPrint.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - c:\program files\rewardsarcade\RewardsArcade.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Help the General-Search Project: {ca4520f3-ae13-4fb1-a513-58e23991c86d} - c:\docume~1\cameron\applic~1\mediaf~1\extens~1\GENCRA~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\9.0"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [uipre] rundll32.exe "c:\docume~1\cameron\locals~1\temp\uipre.dll",Vec3TransformCoord
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\cameron\startm~1\programs\startup\myprog~1.lnk - c:\program files\fingerprint\FingerPrint.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{A4A02AAB-A392-4FBC-8929-A0CB65998009} : DhcpNameServer = 10.1.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
S2 antivirservice;Ctljystk;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FingerPrint;FingerPrint Service;c:\program files\fingerprint\fingerprintservice.exe -start --> c:\program files\fingerprint\FingerPrintService.exe -start [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-28 116648]
S2 mcvsrte;Roxmediadb;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 mks_scan;Z525obex;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 nod32krn;Kerbkey;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 ofcpfwsvc;Websensecpmcommunicationagent;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 pavdrv;Pnp680r;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 symantecantibotdriver;Tmesrv3;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 symantecantibotshim;Oracle%oracle_home_service%clientcache80;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 vsdatant;HFACSVC;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-5-10 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-28 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-12-15 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-24 05:19:22 -------- d-----w- c:\documents and settings\cameron\local settings\application data\NPE
2012-04-24 05:19:22 -------- d-----w- c:\documents and settings\all users.windows\application data\Norton
2012-04-24 05:08:19 -------- d-----w- c:\documents and settings\all users.windows\application data\COMODO
2012-04-24 05:08:10 -------- d-----w- c:\documents and settings\cameron\application data\Comodo
2012-04-23 00:07:36 -------- d-----w- c:\documents and settings\cameron\application data\Uqycux
2012-04-23 00:07:36 -------- d-----w- c:\documents and settings\cameron\application data\Rofeen
2012-04-22 15:48:12 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Identities
2012-04-22 15:47:58 -------- d-----w- c:\documents and settings\cameron\application data\Ypaxad
2012-04-22 15:47:58 -------- d-----w- c:\documents and settings\cameron\application data\Ydod
2012-04-20 00:23:16 -------- d-----w- C:\sh4ldr
2012-04-20 00:23:16 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21:59 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21:30 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-04-19 23:49:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-19 23:48:04 -------- d-----w- c:\documents and settings\all users.windows\application data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41:07 -------- d--h--w- c:\documents and settings\all users.windows\application data\CanonIJFAX
2012-04-17 00:40:16 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:40:16 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40:16 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40:16 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:36:39 -------- d-----w- c:\documents and settings\cameron\application data\Canon Easy-WebPrint EX
2012-04-17 00:32:02 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:31:49 74752 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31:49 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31:49 28672 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31:42 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31:39 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-07 08:55:58 -------- d-sh--w- C:\found.000
2012-04-07 07:42:52 -------- d-----w- C:\big w prints
2012-04-07 07:07:12 -------- d-----w- C:\Vuze
2012-04-07 06:48:39 -------- d-----w- C:\To Transfer
2012-04-06 00:19:51 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09:26 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
2012-03-28 07:22:27 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Plex
2012-03-28 07:22:20 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Deployment
2012-03-28 07:19:19 -------- d-----w- c:\documents and settings\all users.windows\application data\boost_interprocess
2012-03-28 07:19:17 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Plex Media Server
2012-03-28 07:19:01 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-03-28 07:18:44 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-03-28 07:18:33 -------- d-----w- c:\windows\Logs
2012-03-28 07:16:08 -------- d-----w- c:\program files\Plex
2012-03-26 11:07:43 -------- d-----w- c:\documents and settings\cameron\application data\searchquband
2012-03-26 11:07:43 -------- d-----w- c:\documents and settings\cameron\AppData
.
==================== Find3M ====================
.
2012-04-14 15:02:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22:18 1860096 ------w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:06:10.65 ===============

Hi jacknjaspa, welcome to the forum.

To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


I take it you are posting from a different computer?

Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe), transfer it to the effected computer.
double click the file to run it
make sure Internet Service is checked (RpcSs and PlugPlay should be checked by default and greyed out)
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

G'day mate yeh I have a wireles connection at home & have an old notebook that that I am using to post. I'll do what you said but hope it doesn't matter that I can't get an Internet connection on my pc?

I'll do it as soon as I can & post the file as instructed.

G'day mate heres the FSS.txt log. Thanks for your help

Farbar Service Scanner Version: 24-04-2012
Ran by Cameron (administrator) on 25-04-2012 at 17:34:57
Running from "H:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2008-04-14 20:00] - [2011-08-17 21:49] - 0138496 ____A () 1D495EE1D3A836801D1FD816FF4A93F9

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(1) Avgtdix(2) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000003000000040000000800000002000000060000000700000001000000
IpSec Tag value is correct.

**** End of log ****

Hi jacknjaspa

We're just going to work on getting the internet back. Once we do that we will work directly on the infected computer. Until then we will need to transfer the tools.

Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and transfer it to the infected computer's desktop.



Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_1.jpg

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_2.jpg

Click the Start Scan button.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_3.jpg

If a suspicious object is detected, the default action will be Skip, click on Continue.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_4.jpg

If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

http://i466.photobucket.com/albums/rr21/JSntgRvr/tdss_5.jpg

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



Can you now access the internet?

Yep I'm back on the internet & sending this form my pc.

Heres the TDSSKiller log;

You guys are legends!!


21:16:27.0828 1836 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
21:16:27.0843 1836 ============================================================
21:16:27.0843 1836 Current date / time: 2012/04/25 21:16:27.0843
21:16:27.0843 1836 SystemInfo:
21:16:27.0843 1836
21:16:27.0843 1836 OS Version: 5.1.2600 ServicePack: 3.0
21:16:27.0843 1836 Product type: Workstation
21:16:27.0843 1836 ComputerName: B03F21AE66BF49C
21:16:27.0843 1836 UserName: Cameron
21:16:27.0843 1836 Windows directory: C:\WINDOWS
21:16:27.0843 1836 System windows directory: C:\WINDOWS
21:16:27.0843 1836 Processor architecture: Intel x86
21:16:27.0843 1836 Number of processors: 2
21:16:27.0843 1836 Page size: 0x1000
21:16:27.0843 1836 Boot type: Normal boot
21:16:27.0843 1836 ============================================================
21:16:28.0765 1836 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:16:28.0765 1836 Drive \Device\Harddisk1\DR14 - Size: 0x3CDD2200 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:16:28.0765 1836 Drive \Device\Harddisk2\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:16:31.0718 1836 ============================================================
21:16:31.0718 1836 \Device\Harddisk0\DR0:
21:16:31.0734 1836 MBR partitions:
21:16:31.0734 1836 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
21:16:31.0734 1836 \Device\Harddisk1\DR14:
21:16:31.0734 1836 MBR partitions:
21:16:31.0734 1836 \Device\Harddisk1\DR14\Partition0: MBR, Type 0xB, StartLBA 0xF7, BlocksNum 0x1E6B69
21:16:31.0734 1836 \Device\Harddisk2\DR3:
21:16:31.0734 1836 MBR partitions:
21:16:31.0734 1836 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
21:16:31.0734 1836 ============================================================
21:16:31.0765 1836 C: <-> \Device\Harddisk0\DR0\Partition0
21:16:31.0843 1836 G: <-> \Device\Harddisk2\DR3\Partition0
21:16:31.0843 1836 ============================================================
21:16:31.0843 1836 Initialize success
21:16:31.0843 1836 ============================================================
21:17:10.0218 2452 ============================================================
21:17:10.0218 2452 Scan started
21:17:10.0218 2452 Mode: Manual; SigCheck; TDLFS;
21:17:10.0218 2452 ============================================================
21:17:10.0625 2452 .avgtdix - ok
21:17:11.0187 2452 2wirepcp - ok
21:17:11.0187 2452 3dkeybd - ok
21:17:11.0187 2452 61883 - ok
21:17:11.0203 2452 Abiosdsk - ok
21:17:11.0203 2452 abp480n5 - ok
21:17:11.0250 2452 ACPI (ea38c961260f29295c6d03070fa9d0b5) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:17:11.0250 2452 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: ea38c961260f29295c6d03070fa9d0b5, Fake md5: 8fd99680a539792a30e97944fdaecf17
21:17:11.0250 2452 ACPI ( Virus.Win32.Rloader.a ) - infected
21:17:11.0250 2452 ACPI - detected Virus.Win32.Rloader.a (0)
21:17:11.0265 2452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:17:11.0796 2452 ACPIEC - ok
21:17:11.0812 2452 ACS (233235123f3d73228ec3d2bba0e7143d) C:\WINDOWS\system32\acs.exe
21:17:11.0812 2452 ACS ( UnsignedFile.Multi.Generic ) - warning
21:17:11.0812 2452 ACS - detected UnsignedFile.Multi.Generic (1)
21:17:11.0812 2452 admjoy - ok
21:17:11.0875 2452 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:17:11.0890 2452 AdobeFlashPlayerUpdateSvc - ok
21:17:11.0890 2452 adpu160m - ok
21:17:11.0921 2452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:17:11.0984 2452 aec - ok
21:17:12.0015 2452 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:17:12.0031 2452 AegisP ( UnsignedFile.Multi.Generic ) - warning
21:17:12.0031 2452 AegisP - detected UnsignedFile.Multi.Generic (1)
21:17:12.0062 2452 AFD (1d495ee1d3a836801d1fd816ff4a93f9) C:\WINDOWS\System32\drivers\afd.sys
21:17:12.0062 2452 AFD ( Virus.Win32.ZAccess.c ) - infected
21:17:12.0062 2452 AFD - detected Virus.Win32.ZAccess.c (0)
21:17:12.0062 2452 Aha154x - ok
21:17:12.0078 2452 aic78u2 - ok
21:17:12.0078 2452 aic78xx - ok
21:17:12.0078 2452 aksusb - ok
21:17:12.0109 2452 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:17:12.0203 2452 Alerter - ok
21:17:12.0218 2452 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:17:12.0250 2452 ALG - ok
21:17:12.0250 2452 AliIde - ok
21:17:12.0250 2452 AlKernel - ok
21:17:12.0343 2452 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:17:12.0453 2452 Ambfilt - ok
21:17:12.0468 2452 ami0nt - ok
21:17:12.0484 2452 amsint - ok
21:17:12.0484 2452 ANC - ok
21:17:12.0484 2452 antivirservice - ok
21:17:12.0546 2452 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:17:12.0562 2452 Apple Mobile Device - ok
21:17:12.0593 2452 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:17:12.0640 2452 AppMgmt - ok
21:17:12.0640 2452 appnnode - ok
21:17:12.0687 2452 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WG311T13.sys
21:17:12.0718 2452 AR5211 - ok
21:17:12.0750 2452 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:17:12.0812 2452 Arp1394 - ok
21:17:12.0828 2452 asc - ok
21:17:12.0828 2452 asc3350p - ok
21:17:12.0828 2452 asc3550 - ok
21:17:12.0828 2452 aslm75 - ok
21:17:12.0828 2452 ASMMAP - ok
21:17:12.0921 2452 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:17:12.0937 2452 aspnet_state - ok
21:17:12.0937 2452 aswmon2 - ok
21:17:12.0953 2452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:17:13.0031 2452 AsyncMac - ok
21:17:13.0046 2452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:17:13.0140 2452 atapi - ok
21:17:13.0140 2452 Atdisk - ok
21:17:13.0156 2452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:17:13.0234 2452 Atmarpc - ok
21:17:13.0250 2452 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:17:13.0328 2452 AudioSrv - ok
21:17:13.0343 2452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:17:13.0421 2452 audstub - ok
21:17:13.0421 2452 AVCSTRM - ok
21:17:13.0421 2452 AVerBDA - ok
21:17:13.0640 2452 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:17:13.0828 2452 AVGIDSAgent - ok
21:17:13.0937 2452 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:17:13.0937 2452 AVGIDSDriver - ok
21:17:13.0953 2452 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:17:13.0968 2452 AVGIDSEH - ok
21:17:13.0984 2452 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:17:13.0984 2452 AVGIDSFilter - ok
21:17:14.0000 2452 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:17:14.0015 2452 AVGIDSShim - ok
21:17:14.0031 2452 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:17:14.0046 2452 Avgldx86 - ok
21:17:14.0046 2452 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:17:14.0062 2452 Avgmfx86 - ok
21:17:14.0078 2452 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:17:14.0078 2452 Avgrkx86 - ok
21:17:14.0093 2452 Avgtdix (d9a14d3bf565a33d9878ac6a8117b4f0) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:17:14.0109 2452 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\avgtdix.sys. md5: d9a14d3bf565a33d9878ac6a8117b4f0
21:17:14.0109 2452 Avgtdix ( Virus.Win32.ZAccess.c ) - infected
21:17:14.0109 2452 Avgtdix - detected Virus.Win32.ZAccess.c (0)
21:17:14.0187 2452 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:17:14.0203 2452 avgwd - ok
21:17:14.0203 2452 backuplauncher - ok
21:17:14.0218 2452 bcm43xx - ok
21:17:14.0218 2452 beatjammusicstreamingserver - ok
21:17:14.0250 2452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:17:14.0328 2452 Beep - ok
21:17:14.0328 2452 belgium_id_card_service - ok
21:17:14.0328 2452 besclient - ok
21:17:14.0328 2452 bglivesvc - ok
21:17:14.0328 2452 bhmonitorservice - ok
21:17:14.0390 2452 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:17:14.0484 2452 BITS - ok
21:17:14.0484 2452 BoiHwsetup - ok
21:17:14.0531 2452 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:17:14.0546 2452 Bonjour Service - ok
21:17:14.0546 2452 bridgemp - ok
21:17:14.0593 2452 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:17:14.0656 2452 Browser - ok
21:17:14.0671 2452 BrPar - ok
21:17:14.0671 2452 btfirst - ok
21:17:14.0671 2452 bthidenum - ok
21:17:14.0671 2452 cachemgr - ok
21:17:14.0671 2452 CAMFLT - ok
21:17:14.0703 2452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:17:14.0781 2452 cbidf2k - ok
21:17:14.0781 2452 CBN - ok
21:17:14.0781 2452 ccalib8 - ok
21:17:14.0812 2452 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:17:14.0890 2452 CCDECODE - ok
21:17:14.0890 2452 cd20xrnt - ok
21:17:14.0906 2452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:17:15.0000 2452 Cdaudio - ok
21:17:15.0015 2452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:17:15.0093 2452 Cdfs - ok
21:17:15.0093 2452 Changer - ok
21:17:15.0140 2452 CinemaNow Service (127d4d0e9f78834ffd1eeea3fcfb47c1) C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
21:17:15.0156 2452 CinemaNow Service - ok
21:17:15.0187 2452 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:17:15.0265 2452 CiSvc - ok
21:17:15.0296 2452 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:17:15.0375 2452 ClipSrv - ok
21:17:15.0390 2452 clisvc - ok
21:17:15.0468 2452 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:17:15.0484 2452 clr_optimization_v2.0.50727_32 - ok
21:17:15.0531 2452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:17:15.0546 2452 clr_optimization_v4.0.30319_32 - ok
21:17:15.0546 2452 CmdIde - ok
21:17:15.0546 2452 cmigameport - ok
21:17:15.0546 2452 COMSysApp - ok
21:17:15.0546 2452 Cpqarray - ok
21:17:15.0562 2452 cpqdmi - ok
21:17:15.0562 2452 cq_mem - ok
21:17:15.0593 2452 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:17:15.0671 2452 CryptSvc - ok
21:17:15.0671 2452 dac2w2k - ok
21:17:15.0687 2452 dac960nt - ok
21:17:15.0687 2452 DCamUSBMke - ok
21:17:15.0734 2452 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:17:15.0750 2452 DcomLaunch - ok
21:17:15.0750 2452 deventagent - ok
21:17:15.0796 2452 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:17:15.0875 2452 Dhcp - ok
21:17:15.0875 2452 dirms_defragmentation - ok
21:17:15.0890 2452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:17:15.0984 2452 Disk - ok
21:17:16.0000 2452 dktknsrv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\QWAVE.dll
21:17:16.0000 2452 dktknsrv ( Backdoor.Multi.ZAccess.gen ) - infected
21:17:16.0000 2452 dktknsrv - detected Backdoor.Multi.ZAccess.gen (0)
21:17:16.0000 2452 dlaudfam - ok
21:17:16.0015 2452 DM9102 - ok
21:17:16.0015 2452 dmadmin - ok
21:17:16.0062 2452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:17:16.0156 2452 dmboot - ok
21:17:16.0156 2452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:17:16.0234 2452 dmio - ok
21:17:16.0250 2452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:17:16.0328 2452 dmload - ok
21:17:16.0359 2452 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:17:16.0437 2452 dmserver - ok
21:17:16.0453 2452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:17:16.0546 2452 DMusic - ok
21:17:16.0578 2452 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:17:16.0593 2452 Dnscache - ok
21:17:16.0593 2452 dnwhodisp - ok
21:17:16.0609 2452 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:17:16.0687 2452 Dot3svc - ok
21:17:16.0687 2452 dot4print - ok
21:17:16.0687 2452 dpti2o - ok
21:17:16.0703 2452 DritekPortIO - ok
21:17:16.0703 2452 driverhardwarev2 - ok
21:17:16.0718 2452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:17:16.0796 2452 drmkaud - ok
21:17:16.0796 2452 dsbrokerservice - ok
21:17:16.0796 2452 dtscsi - ok
21:17:16.0796 2452 EagleNT - ok
21:17:16.0828 2452 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:17:16.0906 2452 EapHost - ok
21:17:16.0906 2452 EIO_XP - ok
21:17:16.0906 2452 elnkservice - ok
21:17:16.0906 2452 enodpl - ok
21:17:16.0921 2452 enxpsvc - ok
21:17:16.0921 2452 epsonbidirectionalagent - ok
21:17:16.0921 2452 epson_pm_rpcv2_02 - ok
21:17:16.0937 2452 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:17:17.0015 2452 ERSvc - ok
21:17:17.0046 2452 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:17:17.0062 2452 Eventlog - ok
21:17:17.0093 2452 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:17:17.0109 2452 EventSystem - ok
21:17:17.0109 2452 FA312 - ok
21:17:17.0140 2452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:17:17.0250 2452 Fastfat - ok
21:17:17.0281 2452 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:17:17.0312 2452 FastUserSwitchingCompatibility - ok
21:17:17.0312 2452 fcprintservice - ok
21:17:17.0328 2452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:17:17.0406 2452 Fdc - ok
21:17:17.0406 2452 FETNDIS - ok
21:17:17.0453 2452 FingerPrint - ok
21:17:17.0468 2452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:17:17.0546 2452 Fips - ok
21:17:17.0546 2452 flashcomadmin - ok
21:17:17.0546 2452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:17:17.0625 2452 Flpydisk - ok
21:17:17.0640 2452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:17:17.0718 2452 FltMgr - ok
21:17:17.0828 2452 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:17:17.0828 2452 FontCache3.0.0.0 - ok
21:17:17.0828 2452 freepops - ok
21:17:17.0859 2452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:17:17.0953 2452 Fs_Rec - ok
21:17:17.0953 2452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:17:18.0046 2452 Ftdisk - ok
21:17:18.0062 2452 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:17:18.0078 2452 GEARAspiWDM - ok
21:17:18.0093 2452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:17:18.0187 2452 Gpc - ok
21:17:18.0187 2452 GT680x - ok
21:17:18.0187 2452 GTF32BUS - ok
21:17:18.0250 2452 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
21:17:18.0265 2452 gupdate - ok
21:17:18.0281 2452 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
21:17:18.0281 2452 gupdatem - ok
21:17:18.0312 2452 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:17:18.0328 2452 gusvc - ok
21:17:18.0343 2452 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:17:18.0437 2452 HDAudBus - ok
21:17:18.0468 2452 helpsvc - ok
21:17:18.0468 2452 hidgame - ok
21:17:18.0500 2452 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:17:18.0578 2452 HidServ - ok
21:17:18.0609 2452 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:17:18.0687 2452 hidusb - ok
21:17:18.0703 2452 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:17:18.0781 2452 hkmsvc - ok
21:17:18.0781 2452 HPFECP20 - ok
21:17:18.0781 2452 hpn - ok
21:17:18.0781 2452 HpqKbFiltr - ok
21:17:18.0781 2452 HSFHWICH - ok
21:17:18.0796 2452 hsf_dp - ok
21:17:18.0796 2452 HssTrayService - ok
21:17:18.0828 2452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:17:18.0843 2452 HTTP - ok
21:17:18.0859 2452 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:17:18.0937 2452 HTTPFilter - ok
21:17:18.0937 2452 i2omgmt - ok
21:17:18.0953 2452 i2omp - ok
21:17:18.0953 2452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:17:19.0031 2452 i8042prt - ok
21:17:19.0031 2452 iaimfp2 - ok
21:17:19.0031 2452 iaimtv2 - ok
21:17:19.0281 2452 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:17:19.0453 2452 ialm - ok
21:17:19.0500 2452 ibmfilter - ok
21:17:19.0515 2452 ibmpmdrv - ok
21:17:19.0515 2452 ibmpmsvc - ok
21:17:19.0671 2452 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:17:19.0687 2452 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:17:19.0687 2452 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:17:19.0812 2452 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:17:19.0859 2452 idsvc - ok
21:17:19.0859 2452 igniteservice.exe - ok
21:17:19.0906 2452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:17:20.0000 2452 Imapi - ok
21:17:20.0015 2452 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:17:20.0109 2452 ImapiService - ok
21:17:20.0109 2452 ini910u - ok
21:17:20.0359 2452 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:17:20.0515 2452 IntcAzAudAddService - ok
21:17:20.0593 2452 IntelC53 - ok
21:17:20.0609 2452 IntelIde - ok
21:17:20.0640 2452 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:17:20.0703 2452 intelppm - ok
21:17:20.0718 2452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:17:20.0796 2452 Ip6Fw - ok
21:17:20.0828 2452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:17:20.0906 2452 IpFilterDriver - ok
21:17:20.0921 2452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:17:20.0984 2452 IpInIp - ok
21:17:21.0015 2452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:17:21.0093 2452 IpNat - ok
21:17:21.0156 2452 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:17:21.0203 2452 iPod Service - ok
21:17:21.0234 2452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:17:21.0312 2452 IPSec - ok
21:17:21.0328 2452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:17:21.0375 2452 IRENUM - ok
21:17:21.0406 2452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:17:21.0484 2452 isapnp - ok
21:17:21.0484 2452 IWCA - ok
21:17:21.0484 2452 ixiaendpoint - ok
21:17:21.0546 2452 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
21:17:21.0562 2452 JavaQuickStarterService - ok
21:17:21.0578 2452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:17:21.0656 2452 Kbdclass - ok
21:17:21.0656 2452 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:17:21.0734 2452 kbdhid - ok
21:17:21.0765 2452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:17:21.0843 2452 kmixer - ok
21:17:21.0843 2452 KMW_USB - ok
21:17:21.0875 2452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:17:21.0921 2452 KSecDD - ok
21:17:21.0968 2452 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:17:21.0984 2452 LanmanServer - ok
21:17:22.0000 2452 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:17:22.0031 2452 lanmanworkstation - ok
21:17:22.0031 2452 lbrtfdc - ok
21:17:22.0062 2452 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:17:22.0125 2452 LmHosts - ok
21:17:22.0140 2452 ltmodem5 - ok
21:17:22.0140 2452 ltxred - ok
21:17:22.0140 2452 lusbaudio - ok
21:17:22.0156 2452 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
21:17:22.0171 2452 LVPr2Mon - ok
21:17:22.0234 2452 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:17:22.0250 2452 LVPrcSrv - ok
21:17:22.0250 2452 lxby_device - ok
21:17:22.0250 2452 lxcj_device - ok
21:17:22.0250 2452 lxdm_device - ok
21:17:22.0250 2452 Machnm32 - ok
21:17:22.0265 2452 mcdbus - ok
21:17:22.0265 2452 mcvsrte - ok
21:17:22.0312 2452 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:17:22.0328 2452 MDM ( UnsignedFile.Multi.Generic ) - warning
21:17:22.0328 2452 MDM - detected UnsignedFile.Multi.Generic (1)
21:17:22.0375 2452 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:17:22.0468 2452 Messenger - ok
21:17:22.0468 2452 mfeapfk - ok
21:17:22.0468 2452 mks_scan - ok
21:17:22.0500 2452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:17:22.0578 2452 mnmdd - ok
21:17:22.0593 2452 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:17:22.0671 2452 mnmsrvc - ok
21:17:22.0703 2452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:17:22.0765 2452 Modem - ok
21:17:22.0859 2452 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
21:17:22.0906 2452 Monfilt - ok
21:17:22.0953 2452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:17:23.0031 2452 Mouclass - ok
21:17:23.0031 2452 moufiltr - ok
21:17:23.0062 2452 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:17:23.0140 2452 mouhid - ok
21:17:23.0156 2452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:17:23.0234 2452 MountMgr - ok
21:17:23.0234 2452 mraid35x - ok
21:17:23.0250 2452 MRESP50a64 - ok
21:17:23.0250 2452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:17:23.0343 2452 MRxDAV - ok
21:17:23.0375 2452 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:17:23.0406 2452 MRxSmb - ok
21:17:23.0406 2452 MSCamSvc - ok
21:17:23.0453 2452 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:17:23.0531 2452 MSDTC - ok
21:17:23.0546 2452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:17:23.0625 2452 Msfs - ok
21:17:23.0625 2452 MSFWHLPR - ok
21:17:23.0625 2452 MSIServer - ok
21:17:23.0656 2452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:17:23.0718 2452 MSKSSRV - ok
21:17:23.0734 2452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:17:23.0828 2452 MSPCLOCK - ok
21:17:23.0828 2452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:17:23.0921 2452 MSPQM - ok
21:17:23.0937 2452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:17:24.0015 2452 mssmbios - ok
21:17:24.0046 2452 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:17:24.0125 2452 MSTEE - ok
21:17:24.0156 2452 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:17:24.0171 2452 Mup - ok
21:17:24.0187 2452 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:17:24.0265 2452 NABTSFEC - ok
21:17:24.0296 2452 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:17:24.0406 2452 napagent - ok
21:17:24.0406 2452 NCPro - ok
21:17:24.0437 2452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:17:24.0531 2452 NDIS - ok
21:17:24.0546 2452 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:17:24.0609 2452 NdisIP - ok
21:17:24.0640 2452 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:17:24.0640 2452 NdisTapi - ok
21:17:24.0671 2452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:17:24.0750 2452 Ndisuio - ok
21:17:24.0765 2452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:17:24.0859 2452 NdisWan - ok
21:17:24.0875 2452 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:17:24.0890 2452 NDProxy - ok
21:17:24.0906 2452 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
21:17:24.0921 2452 Netaapl - ok
21:17:24.0937 2452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:17:25.0015 2452 NetBIOS - ok
21:17:25.0046 2452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:17:25.0125 2452 NetBT - ok
21:17:25.0156 2452 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:17:25.0234 2452 NetDDE - ok
21:17:25.0234 2452 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:17:25.0312 2452 NetDDEdsdm - ok
21:17:25.0312 2452 netdevio - ok
21:17:25.0343 2452 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:25.0421 2452 Netlogon - ok
21:17:25.0468 2452 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:17:25.0546 2452 Netman - ok
21:17:25.0625 2452 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:17:25.0640 2452 NetTcpPortSharing - ok
21:17:25.0671 2452 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:17:25.0750 2452 NIC1394 - ok
21:17:25.0750 2452 nim32 - ok
21:17:25.0796 2452 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:17:25.0812 2452 Nla - ok
21:17:25.0812 2452 nod32krn - ok
21:17:25.0812 2452 npfmntor - ok
21:17:25.0828 2452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:17:25.0906 2452 Npfs - ok
21:17:25.0953 2452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:17:26.0031 2452 Ntfs - ok
21:17:26.0046 2452 ntiopnp - ok
21:17:26.0046 2452 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:26.0109 2452 NtLmSsp - ok
21:17:26.0140 2452 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:17:26.0218 2452 NtmsSvc - ok
21:17:26.0234 2452 ntsyslog - ok
21:17:26.0250 2452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:17:26.0328 2452 Null - ok
21:17:26.0328 2452 NWADI - ok
21:17:26.0359 2452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:17:26.0437 2452 NwlnkFlt - ok
21:17:26.0437 2452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:17:26.0515 2452 NwlnkFwd - ok
21:17:26.0515 2452 NWSNS - ok
21:17:26.0515 2452 NxSysMon - ok
21:17:26.0640 2452 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:17:26.0671 2452 odserv - ok
21:17:26.0671 2452 ofcpfwsvc - ok
21:17:26.0703 2452 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:17:26.0781 2452 ohci1394 - ok
21:17:26.0781 2452 opcenum - ok
21:17:26.0781 2452 oracleorahome92tnslistener - ok
21:17:26.0812 2452 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:17:26.0843 2452 ose - ok
21:17:26.0843 2452 p2psvc - ok
21:17:26.0843 2452 papycpu2 - ok
21:17:26.0875 2452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:17:26.0968 2452 Parport - ok
21:17:26.0968 2452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:17:27.0031 2452 PartMgr - ok
21:17:27.0062 2452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:17:27.0140 2452 ParVdm - ok
21:17:27.0140 2452 pavdrv - ok
21:17:27.0156 2452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:17:27.0234 2452 PCI - ok
21:17:27.0234 2452 PCIDump - ok
21:17:27.0265 2452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:17:27.0328 2452 PCIIde - ok
21:17:27.0375 2452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:17:27.0437 2452 Pcmcia - ok
21:17:27.0453 2452 pcscnsrv - ok
21:17:27.0453 2452 PDCOMP - ok
21:17:27.0453 2452 pdengine - ok
21:17:27.0453 2452 PDFRAME - ok
21:17:27.0453 2452 pdlnctdl - ok
21:17:27.0468 2452 pdlnemsg - ok
21:17:27.0468 2452 PDRELI - ok
21:17:27.0468 2452 PDRFRAME - ok
21:17:27.0468 2452 pepifilter - ok
21:17:27.0468 2452 perc2 - ok
21:17:27.0484 2452 perc2hib - ok
21:17:27.0484 2452 phc600 - ok
21:17:27.0609 2452 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
21:17:27.0687 2452 PID_PEPI - ok
21:17:27.0750 2452 pilogsrv - ok
21:17:27.0781 2452 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:17:27.0796 2452 PlugPlay - ok
21:17:27.0796 2452 pmsveh - ok
21:17:27.0796 2452 pnrouter - ok
21:17:27.0828 2452 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:27.0890 2452 PolicyAgent - ok
21:17:27.0921 2452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:17:28.0015 2452 PptpMiniport - ok
21:17:28.0015 2452 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:28.0093 2452 ProtectedStorage - ok
21:17:28.0093 2452 proxyhostdriver - ok
21:17:28.0093 2452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:17:28.0171 2452 PSched - ok
21:17:28.0171 2452 pshost - ok
21:17:28.0187 2452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:17:28.0281 2452 Ptilink - ok
21:17:28.0281 2452 ql1080 - ok
21:17:28.0281 2452 Ql10wnt - ok
21:17:28.0281 2452 ql12160 - ok
21:17:28.0296 2452 ql1240 - ok
21:17:28.0296 2452 ql1280 - ok
21:17:28.0312 2452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:28.0375 2452 RasAcd - ok
21:17:28.0406 2452 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:17:28.0515 2452 RasAuto - ok
21:17:28.0546 2452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:17:28.0625 2452 Rasl2tp - ok
21:17:28.0656 2452 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:17:28.0734 2452 RasMan - ok
21:17:28.0750 2452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:28.0828 2452 RasPppoe - ok
21:17:28.0828 2452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:17:28.0890 2452 Raspti - ok
21:17:28.0937 2452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:29.0015 2452 Rdbss - ok
21:17:29.0015 2452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:17:29.0093 2452 RDPCDD - ok
21:17:29.0125 2452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:17:29.0187 2452 rdpdr - ok
21:17:29.0234 2452 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:17:29.0265 2452 RDPWD - ok
21:17:29.0296 2452 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:17:29.0390 2452 RDSessMgr - ok
21:17:29.0406 2452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:17:29.0484 2452 redbook - ok
21:17:29.0515 2452 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:17:29.0609 2452 RemoteAccess - ok
21:17:29.0640 2452 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:17:29.0703 2452 RemoteRegistry - ok
21:17:29.0796 2452 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:17:29.0812 2452 RichVideo - ok
21:17:29.0828 2452 RimUsb - ok
21:17:29.0843 2452 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:17:29.0875 2452 RimVSerPort - ok
21:17:29.0890 2452 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:17:29.0968 2452 ROOTMODEM - ok
21:17:30.0031 2452 RoxLiveShare9 - ok
21:17:30.0078 2452 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:17:30.0156 2452 RpcLocator - ok
21:17:30.0187 2452 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:17:30.0218 2452 RpcSs - ok
21:17:30.0218 2452 rslinxng - ok
21:17:30.0265 2452 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:17:30.0343 2452 RSVP - ok
21:17:30.0343 2452 rt73 - ok
21:17:30.0390 2452 RTLE8023xp (c48e7bbc6a17a0676079e11a13e82549) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:17:30.0390 2452 RTLE8023xp - ok
21:17:30.0406 2452 s616mgmt - ok
21:17:30.0437 2452 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:30.0500 2452 SamSs - ok
21:17:30.0500 2452 sandboxu - ok
21:17:30.0515 2452 sbcssvc - ok
21:17:30.0515 2452 sbhooksvc - ok
21:17:30.0515 2452 scarddrv - ok
21:17:30.0546 2452 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:17:30.0625 2452 SCardSvr - ok
21:17:30.0656 2452 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:17:30.0734 2452 Schedule - ok
21:17:30.0734 2452 scsiaccess - ok
21:17:30.0734 2452 SE2Cmdm - ok
21:17:30.0734 2452 se44mgmt - ok
21:17:30.0765 2452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:17:30.0796 2452 Secdrv - ok
21:17:30.0828 2452 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:17:30.0906 2452 seclogon - ok
21:17:30.0921 2452 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
21:17:31.0000 2452 SENS - ok
21:17:31.0015 2452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:17:31.0093 2452 serenum - ok
21:17:31.0125 2452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:17:31.0187 2452 Serial - ok
21:17:31.0203 2452 serialkeys - ok
21:17:31.0218 2452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:17:31.0296 2452 Sfloppy - ok
21:17:31.0343 2452 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:17:31.0421 2452 SharedAccess - ok
21:17:31.0453 2452 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:17:31.0453 2452 ShellHWDetection - ok
21:17:31.0468 2452 Si3114r5 - ok
21:17:31.0468 2452 Simbad - ok
21:17:31.0468 2452 SiRemFil - ok
21:17:31.0468 2452 SiSRaid2 - ok
21:17:31.0468 2452 sit_flt - ok
21:17:31.0484 2452 Sk99202k - ok
21:17:31.0515 2452 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:17:31.0578 2452 SLIP - ok
21:17:31.0593 2452 snac - ok
21:17:31.0593 2452 snapman - ok
21:17:31.0593 2452 sonytvc - ok
21:17:31.0593 2452 Sparrow - ok
21:17:31.0609 2452 spcsutilityservice - ok
21:17:31.0640 2452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:17:31.0703 2452 splitter - ok
21:17:31.0734 2452 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:17:31.0750 2452 Spooler - ok
21:17:31.0750 2452 sprtsvc_ddoctorv2 - ok
21:17:31.0750 2452 sqlserveragent - ok
21:17:31.0781 2452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:17:31.0828 2452 sr - ok
21:17:31.0843 2452 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:17:31.0890 2452 srservice - ok
21:17:31.0921 2452 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:17:31.0937 2452 Srv - ok
21:17:31.0937 2452 SrvcEPIOMngr - ok
21:17:31.0968 2452 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:17:32.0000 2452 SSDPSRV - ok
21:17:32.0015 2452 sshrmd - ok
21:17:32.0015 2452 StickyMesger - ok
21:17:32.0046 2452 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:17:32.0140 2452 stisvc - ok
21:17:32.0140 2452 stllssvr - ok
21:17:32.0156 2452 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:17:32.0234 2452 streamip - ok
21:17:32.0250 2452 susbser - ok
21:17:32.0265 2452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:17:32.0328 2452 swenum - ok
21:17:32.0359 2452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:17:32.0437 2452 swmidi - ok
21:17:32.0437 2452 SwPrv - ok
21:17:32.0437 2452 symantecantibotdriver - ok
21:17:32.0453 2452 symantecantibotshim - ok
21:17:32.0453 2452 symc810 - ok
21:17:32.0453 2452 symc8xx - ok
21:17:32.0453 2452 sym_hi - ok
21:17:32.0468 2452 sym_u3 - ok
21:17:32.0484 2452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:17:32.0562 2452 sysaudio - ok
21:17:32.0625 2452 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:17:32.0703 2452 SysmonLog - ok
21:17:32.0734 2452 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:17:32.0812 2452 TapiSrv - ok
21:17:32.0843 2452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:17:32.0859 2452 Tcpip - ok
21:17:32.0890 2452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:17:32.0953 2452 TDPIPE - ok
21:17:32.0953 2452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:17:33.0046 2452 TDTCP - ok
21:17:33.0078 2452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:17:33.0156 2452 TermDD - ok
21:17:33.0187 2452 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:17:33.0265 2452 TermService - ok
21:17:33.0265 2452 tfsnopio - ok
21:17:33.0296 2452 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:17:33.0312 2452 Themes - ok
21:17:33.0343 2452 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:17:33.0375 2452 TlntSvr - ok
21:17:33.0375 2452 TMHIDSRV - ok
21:17:33.0390 2452 TosIde - ok
21:17:33.0421 2452 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:17:33.0500 2452 TrkWks - ok
21:17:33.0500 2452 tversitymediaserver - ok
21:17:33.0500 2452 tzontservice - ok
21:17:33.0515 2452 UDFReadr - ok
21:17:33.0546 2452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:17:33.0625 2452 Udfs - ok
21:17:33.0640 2452 uhcd - ok
21:17:33.0640 2452 ultra - ok
21:17:33.0640 2452 UPATC - ok
21:17:33.0687 2452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:17:33.0765 2452 Update - ok
21:17:33.0781 2452 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:17:33.0828 2452 upnphost - ok
21:17:33.0828 2452 upperdev - ok
21:17:33.0843 2452 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:17:33.0906 2452 UPS - ok
21:17:33.0937 2452 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:17:33.0937 2452 USBAAPL - ok
21:17:33.0953 2452 usbatapi2000 - ok
21:17:33.0968 2452 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:17:34.0046 2452 usbaudio - ok
21:17:34.0078 2452 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:17:34.0156 2452 usbccgp - ok
21:17:34.0171 2452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:17:34.0250 2452 usbehci - ok
21:17:34.0281 2452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:17:34.0359 2452 usbhub - ok
21:17:34.0375 2452 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:17:34.0453 2452 usbprint - ok
21:17:34.0468 2452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:17:34.0546 2452 usbscan - ok
21:17:34.0578 2452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:17:34.0656 2452 USBSTOR - ok
21:17:34.0671 2452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:17:34.0734 2452 usbuhci - ok
21:17:34.0734 2452 USB_RNDIS - ok
21:17:34.0750 2452 useraccess - ok
21:17:34.0765 2452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:17:34.0828 2452 VgaSave - ok
21:17:34.0843 2452 ViaIde - ok
21:17:34.0843 2452 videoacceleratorengine - ok
21:17:34.0843 2452 vmparport - ok
21:17:34.0859 2452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:17:34.0937 2452 VolSnap - ok
21:17:34.0937 2452 vsdatant - ok
21:17:34.0984 2452 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:17:35.0015 2452 VSS - ok
21:17:35.0046 2452 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:17:35.0109 2452 W32Time - ok
21:17:35.0140 2452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:17:35.0218 2452 Wanarp - ok
21:17:35.0250 2452 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:17:35.0265 2452 WDC_SAM - ok
21:17:35.0328 2452 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:17:35.0375 2452 Wdf01000 - ok
21:17:35.0375 2452 WDICA - ok
21:17:35.0390 2452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:17:35.0468 2452 wdmaud - ok
21:17:35.0500 2452 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:17:35.0562 2452 WebClient - ok
21:17:35.0578 2452 websensecamreportserver - ok
21:17:35.0578 2452 whoisd32 - ok
21:17:35.0578 2452 winachcf - ok
21:17:35.0640 2452 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:17:35.0718 2452 winmgmt - ok
21:17:35.0734 2452 wlancfg - ok
21:17:35.0734 2452 wlluc48 - ok
21:17:35.0734 2452 wmccdsls - ok
21:17:35.0765 2452 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:17:35.0812 2452 WmdmPmSN - ok
21:17:35.0843 2452 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:17:35.0890 2452 Wmi - ok
21:17:35.0921 2452 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:17:35.0984 2452 WmiApSrv - ok
21:17:36.0093 2452 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:17:36.0140 2452 WMPNetworkSvc - ok
21:17:36.0281 2452 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:17:36.0312 2452 WPFFontCache_v0400 - ok
21:17:36.0359 2452 wpshelper - ok
21:17:36.0390 2452 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:17:36.0468 2452 WSTCODEC - ok
21:17:36.0500 2452 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:17:36.0562 2452 wuauserv - ok
21:17:36.0609 2452 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:17:36.0656 2452 WudfPf - ok
21:17:36.0703 2452 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:17:36.0718 2452 WudfRd - ok
21:17:36.0765 2452 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:17:36.0765 2452 WudfSvc - ok
21:17:36.0828 2452 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:17:36.0937 2452 WZCSVC - ok
21:17:36.0968 2452 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:17:37.0046 2452 xmlprov - ok
21:17:37.0046 2452 Xponaut_WBD - ok
21:17:37.0046 2452 zendcoreapache - ok
21:17:37.0046 2452 ZuneWlanCfgSvc - ok
21:17:37.0093 2452 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:17:37.0312 2452 \Device\Harddisk0\DR0 - ok
21:17:37.0328 2452 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR14
21:17:37.0500 2452 \Device\Harddisk1\DR14 - ok
21:17:37.0546 2452 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk2\DR3
21:17:53.0062 2452 \Device\Harddisk2\DR3 - ok
21:17:53.0062 2452 Boot (0x1200) (ba8e3f9f280e677b1a053430c0bb4fe5) \Device\Harddisk0\DR0\Partition0
21:17:53.0078 2452 \Device\Harddisk0\DR0\Partition0 - ok
21:17:53.0078 2452 Boot (0x1200) (b11ea20c0c893a8f3492cd347145f0c0) \Device\Harddisk1\DR14\Partition0
21:17:53.0078 2452 \Device\Harddisk1\DR14\Partition0 - ok
21:17:53.0078 2452 Boot (0x1200) (fee9c7855dd1239cae89a9e4488e0700) \Device\Harddisk2\DR3\Partition0
21:17:53.0109 2452 \Device\Harddisk2\DR3\Partition0 - ok
21:17:53.0109 2452 ============================================================
21:17:53.0109 2452 Scan finished
21:17:53.0109 2452 ============================================================
21:17:53.0218 1376 Detected object count: 8
21:17:53.0218 1376 Actual detected object count: 8
21:18:50.0625 1376 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
21:18:50.0718 1376 Backup copy found, using it..
21:18:50.0734 1376 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
21:18:50.0734 1376 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
21:18:50.0734 1376 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:50.0734 1376 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:50.0734 1376 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:50.0734 1376 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:50.0796 1376 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
21:18:50.0828 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\@ - copied to quarantine
21:18:50.0843 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\cfg.ini - copied to quarantine
21:18:50.0875 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\Desktop.ini - copied to quarantine
21:18:50.0906 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\L\ehuhiilp - copied to quarantine
21:18:50.0921 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\oemid - copied to quarantine
21:18:50.0968 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000001.@ - copied to quarantine
21:18:51.0015 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000002.@ - copied to quarantine
21:18:51.0031 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000004.@ - copied to quarantine
21:18:51.0062 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000000.@ - copied to quarantine
21:18:51.0062 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000004.@ - copied to quarantine
21:18:51.0109 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000032.@ - copied to quarantine
21:18:51.0156 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\version - copied to quarantine
21:18:51.0187 1376 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
21:18:51.0281 1376 Backup copy found, using it..
21:18:51.0312 1376 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
21:18:52.0421 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\@ - will be deleted on reboot
21:18:52.0421 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\cfg.ini - will be deleted on reboot
21:18:52.0468 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\Desktop.ini - will be deleted on reboot
21:18:52.0484 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\oemid - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000001.@ - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000002.@ - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000004.@ - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000000.@ - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000004.@ - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000032.@ - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\version - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\4069655542 - will be deleted on reboot
21:18:52.0515 1376 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
21:18:52.0593 1376 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - copied to quarantine
21:18:52.0640 1376 Backup copy not found, trying to cure infected file..
21:18:52.0640 1376 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - Cure failed (FFFFFFFF)
21:18:52.0640 1376 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - processing error
21:18:53.0625 1376 Avgtdix ( Virus.Win32.ZAccess.c ) - User select action: Cure
21:18:53.0656 1376 C:\WINDOWS\system32\QWAVE.dll - copied to quarantine
21:18:53.0656 1376 HKLM\SYSTEM\ControlSet001\services\dktknsrv - will be deleted on reboot
21:18:53.0656 1376 HKLM\SYSTEM\ControlSet002\services\dktknsrv - will be deleted on reboot
21:18:53.0671 1376 C:\WINDOWS\system32\QWAVE.dll - will be deleted on reboot
21:18:53.0671 1376 dktknsrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
21:18:53.0687 1376 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:53.0687 1376 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:53.0687 1376 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:53.0687 1376 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:21:34.0000 0648 Deinitialize success

Hi jacknjaspa,

Ok good. We'll work directly on the infected computer.

Your system has been infected by one or more Rootkits/Backdoor Trojans.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

More information on Remote Access Trojans can be found here (http://antivirus.about.com/library/weekly/aa100400a.htm).

I strongly suggest you do the following immediately:

From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the new passwords could be compromised.


Given there were several files infected before we go poking around, please rerun TDSSKiller with the same instructions so we can see how successful it was.

Please post the log and we will continue.

Ran it again, went through but it didn't make me reboot (I guess this is still OK)
FYI AVG warnings still popping up with threats detected.......anyway here is the file


06:48:20.0125 57244 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
06:48:21.0125 57244 ============================================================
06:48:21.0125 57244 Current date / time: 2012/04/26 06:48:21.0125
06:48:21.0125 57244 SystemInfo:
06:48:21.0125 57244
06:48:21.0125 57244 OS Version: 5.1.2600 ServicePack: 3.0
06:48:21.0125 57244 Product type: Workstation
06:48:21.0125 57244 ComputerName: B03F21AE66BF49C
06:48:21.0125 57244 UserName: Cameron
06:48:21.0125 57244 Windows directory: C:\WINDOWS
06:48:21.0125 57244 System windows directory: C:\WINDOWS
06:48:21.0125 57244 Processor architecture: Intel x86
06:48:21.0125 57244 Number of processors: 2
06:48:21.0125 57244 Page size: 0x1000
06:48:21.0125 57244 Boot type: Normal boot
06:48:21.0125 57244 ============================================================
06:48:21.0781 57244 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:48:21.0781 57244 Drive \Device\Harddisk2\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
06:48:21.0796 57244 ============================================================
06:48:21.0796 57244 \Device\Harddisk0\DR0:
06:48:21.0796 57244 MBR partitions:
06:48:21.0796 57244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
06:48:21.0796 57244 \Device\Harddisk2\DR3:
06:48:21.0812 57244 MBR partitions:
06:48:21.0812 57244 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
06:48:21.0812 57244 ============================================================
06:48:21.0890 57244 C: <-> \Device\Harddisk0\DR0\Partition0
06:48:21.0968 57244 G: <-> \Device\Harddisk2\DR3\Partition0
06:48:21.0968 57244 ============================================================
06:48:21.0968 57244 Initialize success
06:48:21.0968 57244 ============================================================
06:48:27.0375 57748 ============================================================
06:48:27.0375 57748 Scan started
06:48:27.0375 57748 Mode: Manual; SigCheck; TDLFS;
06:48:27.0375 57748 ============================================================
06:48:27.0875 57748 .avgtdix - ok
06:48:27.0968 57748 2wirepcp - ok
06:48:27.0984 57748 3dkeybd - ok
06:48:27.0984 57748 61883 - ok
06:48:27.0984 57748 Abiosdsk - ok
06:48:27.0984 57748 abp480n5 - ok
06:48:28.0031 57748 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:48:28.0218 57748 ACPI - ok
06:48:28.0250 57748 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
06:48:28.0312 57748 ACPIEC - ok
06:48:28.0343 57748 ACS (233235123f3d73228ec3d2bba0e7143d) C:\WINDOWS\system32\acs.exe
06:48:28.0343 57748 ACS ( UnsignedFile.Multi.Generic ) - warning
06:48:28.0343 57748 ACS - detected UnsignedFile.Multi.Generic (1)
06:48:28.0343 57748 admjoy - ok
06:48:28.0406 57748 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
06:48:28.0421 57748 AdobeFlashPlayerUpdateSvc - ok
06:48:28.0421 57748 adpu160m - ok
06:48:28.0484 57748 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
06:48:28.0546 57748 aec - ok
06:48:28.0578 57748 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
06:48:28.0578 57748 AegisP ( UnsignedFile.Multi.Generic ) - warning
06:48:28.0578 57748 AegisP - detected UnsignedFile.Multi.Generic (1)
06:48:28.0609 57748 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
06:48:28.0609 57748 AFD - ok
06:48:28.0609 57748 Aha154x - ok
06:48:28.0625 57748 aic78u2 - ok
06:48:28.0625 57748 aic78xx - ok
06:48:28.0625 57748 aksusb - ok
06:48:28.0671 57748 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
06:48:28.0750 57748 Alerter - ok
06:48:28.0765 57748 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
06:48:28.0812 57748 ALG - ok
06:48:28.0812 57748 AliIde - ok
06:48:28.0812 57748 AlKernel - ok
06:48:28.0890 57748 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
06:48:28.0953 57748 Ambfilt - ok
06:48:29.0015 57748 ami0nt - ok
06:48:29.0015 57748 amsint - ok
06:48:29.0015 57748 ANC - ok
06:48:29.0015 57748 antivirservice - ok
06:48:29.0078 57748 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:48:29.0078 57748 Apple Mobile Device - ok
06:48:29.0125 57748 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
06:48:29.0156 57748 AppMgmt - ok
06:48:29.0156 57748 appnnode - ok
06:48:29.0203 57748 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WG311T13.sys
06:48:29.0218 57748 AR5211 - ok
06:48:29.0234 57748 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
06:48:29.0296 57748 Arp1394 - ok
06:48:29.0296 57748 asc - ok
06:48:29.0312 57748 asc3350p - ok
06:48:29.0312 57748 asc3550 - ok
06:48:29.0312 57748 aslm75 - ok
06:48:29.0312 57748 ASMMAP - ok
06:48:29.0390 57748 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
06:48:29.0390 57748 aspnet_state - ok
06:48:29.0406 57748 aswmon2 - ok
06:48:29.0421 57748 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:48:29.0500 57748 AsyncMac - ok
06:48:29.0515 57748 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
06:48:29.0609 57748 atapi - ok
06:48:29.0609 57748 Atdisk - ok
06:48:29.0656 57748 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:48:29.0734 57748 Atmarpc - ok
06:48:29.0765 57748 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
06:48:29.0828 57748 AudioSrv - ok
06:48:29.0843 57748 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
06:48:29.0921 57748 audstub - ok
06:48:29.0921 57748 AVCSTRM - ok
06:48:29.0921 57748 AVerBDA - ok
06:48:30.0171 57748 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
06:48:30.0281 57748 AVGIDSAgent - ok
06:48:30.0375 57748 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
06:48:30.0390 57748 AVGIDSDriver - ok
06:48:30.0406 57748 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
06:48:30.0406 57748 AVGIDSEH - ok
06:48:30.0421 57748 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
06:48:30.0437 57748 AVGIDSFilter - ok
06:48:30.0437 57748 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
06:48:30.0453 57748 AVGIDSShim - ok
06:48:30.0468 57748 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
06:48:30.0468 57748 Avgldx86 - ok
06:48:30.0484 57748 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
06:48:30.0484 57748 Avgmfx86 - ok
06:48:30.0500 57748 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
06:48:30.0500 57748 Avgrkx86 - ok
06:48:30.0515 57748 Avgtdix (d9a14d3bf565a33d9878ac6a8117b4f0) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
06:48:30.0531 57748 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\avgtdix.sys. md5: d9a14d3bf565a33d9878ac6a8117b4f0
06:48:30.0531 57748 Avgtdix ( Virus.Win32.ZAccess.c ) - infected
06:48:30.0531 57748 Avgtdix - detected Virus.Win32.ZAccess.c (0)
06:48:30.0609 57748 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
06:48:30.0625 57748 avgwd - ok
06:48:30.0625 57748 backuplauncher - ok
06:48:30.0625 57748 bcm43xx - ok
06:48:30.0640 57748 beatjammusicstreamingserver - ok
06:48:30.0671 57748 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
06:48:30.0734 57748 Beep - ok
06:48:30.0750 57748 belgium_id_card_service - ok
06:48:30.0750 57748 besclient - ok
06:48:30.0750 57748 bglivesvc - ok
06:48:30.0750 57748 bhmonitorservice - ok
06:48:30.0781 57748 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
06:48:30.0859 57748 BITS - ok
06:48:30.0875 57748 BoiHwsetup - ok
06:48:30.0906 57748 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
06:48:30.0921 57748 Bonjour Service - ok
06:48:30.0921 57748 bridgemp - ok
06:48:30.0968 57748 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
06:48:31.0031 57748 Browser - ok
06:48:31.0046 57748 BrPar - ok
06:48:31.0046 57748 btfirst - ok
06:48:31.0046 57748 bthidenum - ok
06:48:31.0046 57748 cachemgr - ok
06:48:31.0046 57748 CAMFLT - ok
06:48:31.0078 57748 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
06:48:31.0156 57748 cbidf2k - ok
06:48:31.0156 57748 CBN - ok
06:48:31.0156 57748 ccalib8 - ok
06:48:31.0187 57748 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
06:48:31.0265 57748 CCDECODE - ok
06:48:31.0265 57748 cd20xrnt - ok
06:48:31.0265 57748 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
06:48:31.0343 57748 Cdaudio - ok
06:48:31.0375 57748 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
06:48:31.0453 57748 Cdfs - ok
06:48:31.0453 57748 Changer - ok
06:48:31.0500 57748 CinemaNow Service (127d4d0e9f78834ffd1eeea3fcfb47c1) C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
06:48:31.0500 57748 CinemaNow Service - ok
06:48:31.0531 57748 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
06:48:31.0609 57748 CiSvc - ok
06:48:31.0640 57748 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
06:48:31.0703 57748 ClipSrv - ok
06:48:31.0703 57748 clisvc - ok
06:48:31.0796 57748 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:48:31.0796 57748 clr_optimization_v2.0.50727_32 - ok
06:48:31.0843 57748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:48:31.0859 57748 clr_optimization_v4.0.30319_32 - ok
06:48:31.0859 57748 CmdIde - ok
06:48:31.0875 57748 cmigameport - ok
06:48:31.0875 57748 COMSysApp - ok
06:48:31.0875 57748 Cpqarray - ok
06:48:31.0875 57748 cpqdmi - ok
06:48:31.0875 57748 cq_mem - ok
06:48:31.0906 57748 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
06:48:31.0984 57748 CryptSvc - ok
06:48:31.0984 57748 dac2w2k - ok
06:48:31.0984 57748 dac960nt - ok
06:48:31.0984 57748 DCamUSBMke - ok
06:48:32.0031 57748 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
06:48:32.0046 57748 DcomLaunch - ok
06:48:32.0046 57748 deventagent - ok
06:48:32.0062 57748 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
06:48:32.0140 57748 Dhcp - ok
06:48:32.0140 57748 dirms_defragmentation - ok
06:48:32.0156 57748 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
06:48:32.0234 57748 Disk - ok
06:48:32.0234 57748 dlaudfam - ok
06:48:32.0234 57748 DM9102 - ok
06:48:32.0250 57748 dmadmin - ok
06:48:32.0328 57748 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
06:48:32.0406 57748 dmboot - ok
06:48:32.0421 57748 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
06:48:32.0500 57748 dmio - ok
06:48:32.0500 57748 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
06:48:32.0578 57748 dmload - ok
06:48:32.0609 57748 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
06:48:32.0687 57748 dmserver - ok
06:48:32.0718 57748 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
06:48:32.0781 57748 DMusic - ok
06:48:32.0812 57748 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
06:48:32.0828 57748 Dnscache - ok
06:48:32.0828 57748 dnwhodisp - ok
06:48:32.0843 57748 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
06:48:32.0921 57748 Dot3svc - ok
06:48:32.0937 57748 dot4print - ok
06:48:32.0937 57748 dpti2o - ok
06:48:32.0937 57748 DritekPortIO - ok
06:48:32.0937 57748 driverhardwarev2 - ok
06:48:32.0968 57748 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
06:48:33.0046 57748 drmkaud - ok
06:48:33.0062 57748 dsbrokerservice - ok
06:48:33.0062 57748 dtscsi - ok
06:48:33.0062 57748 EagleNT - ok
06:48:33.0109 57748 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
06:48:33.0187 57748 EapHost - ok
06:48:33.0187 57748 EIO_XP - ok
06:48:33.0187 57748 elnkservice - ok
06:48:33.0187 57748 enodpl - ok
06:48:33.0187 57748 enxpsvc - ok
06:48:33.0187 57748 epsonbidirectionalagent - ok
06:48:33.0203 57748 epson_pm_rpcv2_02 - ok
06:48:33.0218 57748 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
06:48:33.0312 57748 ERSvc - ok
06:48:33.0343 57748 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:48:33.0343 57748 Eventlog - ok
06:48:33.0375 57748 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
06:48:33.0390 57748 EventSystem - ok
06:48:33.0390 57748 FA312 - ok
06:48:33.0421 57748 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
06:48:33.0484 57748 Fastfat - ok
06:48:33.0515 57748 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:48:33.0515 57748 FastUserSwitchingCompatibility - ok
06:48:33.0515 57748 fcprintservice - ok
06:48:33.0531 57748 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
06:48:33.0609 57748 Fdc - ok
06:48:33.0609 57748 FETNDIS - ok
06:48:33.0671 57748 FingerPrint - ok
06:48:33.0687 57748 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
06:48:33.0765 57748 Fips - ok
06:48:33.0765 57748 flashcomadmin - ok
06:48:33.0765 57748 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
06:48:33.0843 57748 Flpydisk - ok
06:48:33.0859 57748 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
06:48:33.0937 57748 FltMgr - ok
06:48:34.0046 57748 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
06:48:34.0046 57748 FontCache3.0.0.0 - ok
06:48:34.0046 57748 freepops - ok
06:48:34.0093 57748 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:48:34.0171 57748 Fs_Rec - ok
06:48:34.0171 57748 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:48:34.0250 57748 Ftdisk - ok
06:48:34.0281 57748 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
06:48:34.0281 57748 GEARAspiWDM - ok
06:48:34.0312 57748 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:48:34.0390 57748 Gpc - ok
06:48:34.0390 57748 GT680x - ok
06:48:34.0390 57748 GTF32BUS - ok
06:48:34.0453 57748 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
06:48:34.0468 57748 gupdate - ok
06:48:34.0468 57748 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
06:48:34.0484 57748 gupdatem - ok
06:48:34.0515 57748 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
06:48:34.0531 57748 gusvc - ok
06:48:34.0562 57748 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:48:34.0656 57748 HDAudBus - ok
06:48:34.0703 57748 helpsvc - ok
06:48:34.0703 57748 hidgame - ok
06:48:34.0734 57748 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
06:48:34.0812 57748 HidServ - ok
06:48:34.0843 57748 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
06:48:34.0921 57748 hidusb - ok
06:48:34.0953 57748 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
06:48:35.0015 57748 hkmsvc - ok
06:48:35.0015 57748 HPFECP20 - ok
06:48:35.0031 57748 hpn - ok
06:48:35.0031 57748 HpqKbFiltr - ok
06:48:35.0031 57748 HSFHWICH - ok
06:48:35.0031 57748 hsf_dp - ok
06:48:35.0031 57748 HssTrayService - ok
06:48:35.0078 57748 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
06:48:35.0078 57748 HTTP - ok
06:48:35.0109 57748 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
06:48:35.0187 57748 HTTPFilter - ok
06:48:35.0187 57748 i2omgmt - ok
06:48:35.0187 57748 i2omp - ok
06:48:35.0218 57748 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:48:35.0296 57748 i8042prt - ok
06:48:35.0296 57748 iaimfp2 - ok
06:48:35.0296 57748 iaimtv2 - ok
06:48:35.0546 57748 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
06:48:35.0687 57748 ialm - ok
06:48:35.0734 57748 ibmfilter - ok
06:48:35.0750 57748 ibmpmdrv - ok
06:48:35.0750 57748 ibmpmsvc - ok
06:48:35.0875 57748 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
06:48:35.0875 57748 IDriverT ( UnsignedFile.Multi.Generic ) - warning
06:48:35.0875 57748 IDriverT - detected UnsignedFile.Multi.Generic (1)
06:48:36.0015 57748 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
06:48:36.0046 57748 idsvc - ok
06:48:36.0046 57748 igniteservice.exe - ok
06:48:36.0093 57748 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
06:48:36.0156 57748 Imapi - ok
06:48:36.0187 57748 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
06:48:36.0281 57748 ImapiService - ok
06:48:36.0281 57748 ini910u - ok
06:48:36.0515 57748 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
06:48:36.0671 57748 IntcAzAudAddService - ok
06:48:36.0734 57748 IntelC53 - ok
06:48:36.0750 57748 IntelIde - ok
06:48:36.0781 57748 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:48:36.0843 57748 intelppm - ok
06:48:36.0859 57748 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
06:48:36.0937 57748 Ip6Fw - ok
06:48:36.0984 57748 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:48:37.0062 57748 IpFilterDriver - ok
06:48:37.0062 57748 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:48:37.0140 57748 IpInIp - ok
06:48:37.0171 57748 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:48:37.0250 57748 IpNat - ok
06:48:37.0328 57748 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
06:48:37.0343 57748 iPod Service - ok
06:48:37.0375 57748 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:48:37.0453 57748 IPSec - ok
06:48:37.0484 57748 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
06:48:37.0515 57748 IRENUM - ok
06:48:37.0531 57748 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:48:37.0625 57748 isapnp - ok
06:48:37.0625 57748 IWCA - ok
06:48:37.0625 57748 ixiaendpoint - ok
06:48:37.0687 57748 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
06:48:37.0703 57748 JavaQuickStarterService - ok
06:48:37.0765 57748 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:48:37.0843 57748 Kbdclass - ok
06:48:37.0859 57748 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
06:48:37.0937 57748 kbdhid - ok
06:48:37.0968 57748 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
06:48:38.0046 57748 kmixer - ok
06:48:38.0046 57748 KMW_USB - ok
06:48:38.0078 57748 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
06:48:38.0093 57748 KSecDD - ok
06:48:38.0140 57748 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
06:48:38.0140 57748 LanmanServer - ok
06:48:38.0171 57748 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
06:48:38.0187 57748 lanmanworkstation - ok
06:48:38.0187 57748 lbrtfdc - ok
06:48:38.0203 57748 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
06:48:38.0281 57748 LmHosts - ok
06:48:38.0281 57748 ltmodem5 - ok
06:48:38.0281 57748 ltxred - ok
06:48:38.0296 57748 lusbaudio - ok
06:48:38.0328 57748 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
06:48:38.0328 57748 LVPr2Mon - ok
06:48:38.0390 57748 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
06:48:38.0406 57748 LVPrcSrv - ok
06:48:38.0406 57748 lxby_device - ok
06:48:38.0406 57748 lxcj_device - ok
06:48:38.0406 57748 lxdm_device - ok
06:48:38.0406 57748 Machnm32 - ok
06:48:38.0421 57748 mcdbus - ok
06:48:38.0421 57748 mcvsrte - ok
06:48:38.0468 57748 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
06:48:38.0484 57748 MDM ( UnsignedFile.Multi.Generic ) - warning
06:48:38.0484 57748 MDM - detected UnsignedFile.Multi.Generic (1)
06:48:38.0515 57748 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
06:48:38.0593 57748 Messenger - ok
06:48:38.0593 57748 mfeapfk - ok
06:48:38.0609 57748 mks_scan - ok
06:48:38.0640 57748 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
06:48:38.0718 57748 mnmdd - ok
06:48:38.0765 57748 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
06:48:38.0828 57748 mnmsrvc - ok
06:48:38.0859 57748 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
06:48:38.0937 57748 Modem - ok
06:48:39.0031 57748 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
06:48:39.0078 57748 Monfilt - ok
06:48:39.0125 57748 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:48:39.0203 57748 Mouclass - ok
06:48:39.0203 57748 moufiltr - ok
06:48:39.0234 57748 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
06:48:39.0312 57748 mouhid - ok
06:48:39.0328 57748 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
06:48:39.0406 57748 MountMgr - ok
06:48:39.0421 57748 mraid35x - ok
06:48:39.0421 57748 MRESP50a64 - ok
06:48:39.0437 57748 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:48:39.0515 57748 MRxDAV - ok
06:48:39.0546 57748 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:48:39.0578 57748 MRxSmb - ok
06:48:39.0578 57748 MSCamSvc - ok
06:48:39.0625 57748 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
06:48:39.0703 57748 MSDTC - ok
06:48:39.0734 57748 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
06:48:39.0796 57748 Msfs - ok
06:48:39.0796 57748 MSFWHLPR - ok
06:48:39.0812 57748 MSIServer - ok
06:48:40.0062 57748 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:48:40.0125 57748 MSKSSRV - ok
06:48:40.0156 57748 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:48:40.0218 57748 MSPCLOCK - ok
06:48:40.0234 57748 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
06:48:40.0312 57748 MSPQM - ok
06:48:40.0328 57748 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:48:40.0406 57748 mssmbios - ok
06:48:40.0437 57748 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
06:48:40.0500 57748 MSTEE - ok
06:48:40.0531 57748 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
06:48:40.0546 57748 Mup - ok
06:48:40.0562 57748 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
06:48:40.0640 57748 NABTSFEC - ok
06:48:40.0687 57748 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
06:48:40.0750 57748 napagent - ok
06:48:40.0765 57748 NCPro - ok
06:48:40.0796 57748 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
06:48:40.0875 57748 NDIS - ok
06:48:40.0875 57748 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
06:48:40.0953 57748 NdisIP - ok
06:48:40.0968 57748 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:48:40.0984 57748 NdisTapi - ok
06:48:41.0000 57748 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:48:41.0078 57748 Ndisuio - ok
06:48:41.0109 57748 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:48:41.0171 57748 NdisWan - ok
06:48:41.0187 57748 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
06:48:41.0203 57748 NDProxy - ok
06:48:41.0218 57748 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
06:48:41.0234 57748 Netaapl - ok
06:48:41.0250 57748 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
06:48:41.0312 57748 NetBIOS - ok
06:48:41.0343 57748 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
06:48:41.0421 57748 NetBT - ok
06:48:41.0453 57748 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:48:41.0515 57748 NetDDE - ok
06:48:41.0531 57748 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
06:48:41.0593 57748 NetDDEdsdm - ok
06:48:41.0593 57748 netdevio - ok
06:48:41.0625 57748 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:48:41.0703 57748 Netlogon - ok
06:48:41.0734 57748 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
06:48:41.0812 57748 Netman - ok
06:48:41.0859 57748 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
06:48:41.0875 57748 NetTcpPortSharing - ok
06:48:41.0906 57748 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
06:48:41.0968 57748 NIC1394 - ok
06:48:41.0984 57748 nim32 - ok
06:48:42.0015 57748 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
06:48:42.0031 57748 Nla - ok
06:48:42.0031 57748 nod32krn - ok
06:48:42.0031 57748 npfmntor - ok
06:48:42.0046 57748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
06:48:42.0125 57748 Npfs - ok
06:48:42.0140 57748 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
06:48:42.0218 57748 Ntfs - ok
06:48:42.0218 57748 ntiopnp - ok
06:48:42.0234 57748 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:48:42.0296 57748 NtLmSsp - ok
06:48:42.0343 57748 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
06:48:42.0421 57748 NtmsSvc - ok
06:48:42.0421 57748 ntsyslog - ok
06:48:42.0437 57748 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
06:48:42.0515 57748 Null - ok
06:48:42.0515 57748 NWADI - ok
06:48:42.0546 57748 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:48:42.0609 57748 NwlnkFlt - ok
06:48:42.0609 57748 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:48:42.0687 57748 NwlnkFwd - ok
06:48:42.0687 57748 NWSNS - ok
06:48:42.0687 57748 NxSysMon - ok
06:48:42.0812 57748 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:48:42.0828 57748 odserv - ok
06:48:42.0828 57748 ofcpfwsvc - ok
06:48:42.0859 57748 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
06:48:42.0937 57748 ohci1394 - ok
06:48:42.0937 57748 opcenum - ok
06:48:42.0937 57748 oracleorahome92tnslistener - ok
06:48:42.0968 57748 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:48:42.0984 57748 ose - ok
06:48:42.0984 57748 p2psvc - ok
06:48:42.0984 57748 papycpu2 - ok
06:48:43.0015 57748 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
06:48:43.0078 57748 Parport - ok
06:48:43.0093 57748 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
06:48:43.0156 57748 PartMgr - ok
06:48:43.0187 57748 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
06:48:43.0250 57748 ParVdm - ok
06:48:43.0250 57748 pavdrv - ok
06:48:43.0265 57748 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
06:48:43.0343 57748 PCI - ok
06:48:43.0343 57748 PCIDump - ok
06:48:43.0359 57748 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
06:48:43.0437 57748 PCIIde - ok
06:48:43.0468 57748 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
06:48:43.0531 57748 Pcmcia - ok
06:48:43.0531 57748 pcscnsrv - ok
06:48:43.0546 57748 PDCOMP - ok
06:48:43.0546 57748 pdengine - ok
06:48:43.0546 57748 PDFRAME - ok
06:48:43.0546 57748 pdlnctdl - ok
06:48:43.0546 57748 pdlnemsg - ok
06:48:43.0562 57748 PDRELI - ok
06:48:43.0562 57748 PDRFRAME - ok
06:48:43.0562 57748 pepifilter - ok
06:48:43.0562 57748 perc2 - ok
06:48:43.0562 57748 perc2hib - ok
06:48:43.0578 57748 phc600 - ok
06:48:43.0703 57748 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
06:48:43.0781 57748 PID_PEPI - ok
06:48:43.0859 57748 pilogsrv - ok
06:48:43.0890 57748 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
06:48:43.0906 57748 PlugPlay - ok
06:48:43.0906 57748 pmsveh - ok
06:48:43.0906 57748 pnrouter - ok
06:48:43.0937 57748 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:48:44.0000 57748 PolicyAgent - ok
06:48:44.0031 57748 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:48:44.0093 57748 PptpMiniport - ok
06:48:44.0109 57748 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:48:44.0171 57748 ProtectedStorage - ok
06:48:44.0187 57748 proxyhostdriver - ok
06:48:44.0187 57748 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
06:48:44.0250 57748 PSched - ok
06:48:44.0265 57748 pshost - ok
06:48:44.0281 57748 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:48:44.0343 57748 Ptilink - ok
06:48:44.0343 57748 ql1080 - ok
06:48:44.0359 57748 Ql10wnt - ok
06:48:44.0359 57748 ql12160 - ok
06:48:44.0359 57748 ql1240 - ok
06:48:44.0359 57748 ql1280 - ok
06:48:44.0359 57748 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:48:44.0437 57748 RasAcd - ok
06:48:44.0484 57748 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
06:48:44.0562 57748 RasAuto - ok
06:48:44.0593 57748 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:48:44.0671 57748 Rasl2tp - ok
06:48:44.0687 57748 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
06:48:44.0765 57748 RasMan - ok
06:48:44.0765 57748 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:48:44.0843 57748 RasPppoe - ok
06:48:44.0843 57748 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
06:48:44.0906 57748 Raspti - ok
06:48:44.0953 57748 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:48:45.0031 57748 Rdbss - ok
06:48:45.0031 57748 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:48:45.0093 57748 RDPCDD - ok
06:48:45.0156 57748 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
06:48:45.0234 57748 rdpdr - ok
06:48:45.0265 57748 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
06:48:45.0265 57748 RDPWD - ok
06:48:45.0312 57748 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
06:48:45.0375 57748 RDSessMgr - ok
06:48:45.0406 57748 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
06:48:45.0468 57748 redbook - ok
06:48:45.0500 57748 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
06:48:45.0578 57748 RemoteAccess - ok
06:48:45.0609 57748 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
06:48:45.0687 57748 RemoteRegistry - ok
06:48:45.0765 57748 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
06:48:45.0781 57748 RichVideo - ok
06:48:45.0781 57748 RimUsb - ok
06:48:45.0812 57748 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
06:48:45.0828 57748 RimVSerPort - ok
06:48:45.0843 57748 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
06:48:45.0921 57748 ROOTMODEM - ok
06:48:45.0984 57748 RoxLiveShare9 - ok
06:48:46.0031 57748 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
06:48:46.0109 57748 RpcLocator - ok
06:48:46.0140 57748 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
06:48:46.0156 57748 RpcSs - ok
06:48:46.0156 57748 rslinxng - ok
06:48:46.0187 57748 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
06:48:46.0250 57748 RSVP - ok
06:48:46.0265 57748 rt73 - ok
06:48:46.0296 57748 RTLE8023xp (c48e7bbc6a17a0676079e11a13e82549) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
06:48:46.0296 57748 RTLE8023xp - ok
06:48:46.0312 57748 s616mgmt - ok
06:48:46.0343 57748 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
06:48:46.0406 57748 SamSs - ok
06:48:46.0421 57748 sandboxu - ok
06:48:46.0421 57748 sbcssvc - ok
06:48:46.0421 57748 sbhooksvc - ok
06:48:46.0421 57748 scarddrv - ok
06:48:46.0453 57748 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
06:48:46.0515 57748 SCardSvr - ok
06:48:46.0546 57748 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
06:48:46.0625 57748 Schedule - ok
06:48:46.0625 57748 scsiaccess - ok
06:48:46.0625 57748 SE2Cmdm - ok
06:48:46.0640 57748 se44mgmt - ok
06:48:46.0640 57748 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:48:46.0671 57748 Secdrv - ok
06:48:46.0703 57748 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
06:48:46.0781 57748 seclogon - ok
06:48:46.0796 57748 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
06:48:46.0875 57748 SENS - ok
06:48:46.0890 57748 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
06:48:46.0968 57748 serenum - ok
06:48:46.0984 57748 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
06:48:47.0062 57748 Serial - ok
06:48:47.0062 57748 serialkeys - ok
06:48:47.0078 57748 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
06:48:47.0156 57748 Sfloppy - ok
06:48:47.0187 57748 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
06:48:47.0265 57748 SharedAccess - ok
06:48:47.0281 57748 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:48:47.0296 57748 ShellHWDetection - ok
06:48:47.0296 57748 Si3114r5 - ok
06:48:47.0296 57748 Simbad - ok
06:48:47.0296 57748 SiRemFil - ok
06:48:47.0312 57748 SiSRaid2 - ok
06:48:47.0312 57748 sit_flt - ok
06:48:47.0312 57748 Sk99202k - ok
06:48:47.0343 57748 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
06:48:47.0406 57748 SLIP - ok
06:48:47.0421 57748 snac - ok
06:48:47.0421 57748 snapman - ok
06:48:47.0421 57748 sonytvc - ok
06:48:47.0421 57748 Sparrow - ok
06:48:47.0421 57748 spcsutilityservice - ok
06:48:47.0453 57748 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
06:48:47.0515 57748 splitter - ok
06:48:47.0546 57748 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
06:48:47.0562 57748 Spooler - ok
06:48:47.0562 57748 sprtsvc_ddoctorv2 - ok
06:48:47.0562 57748 sqlserveragent - ok
06:48:47.0593 57748 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
06:48:47.0625 57748 sr - ok
06:48:47.0640 57748 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
06:48:47.0671 57748 srservice - ok
06:48:47.0718 57748 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
06:48:47.0734 57748 Srv - ok
06:48:47.0734 57748 SrvcEPIOMngr - ok
06:48:47.0781 57748 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
06:48:47.0812 57748 SSDPSRV - ok
06:48:47.0812 57748 sshrmd - ok
06:48:47.0812 57748 StickyMesger - ok
06:48:47.0843 57748 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
06:48:47.0921 57748 stisvc - ok
06:48:47.0921 57748 stllssvr - ok
06:48:47.0953 57748 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
06:48:48.0031 57748 streamip - ok
06:48:48.0031 57748 susbser - ok
06:48:48.0046 57748 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
06:48:48.0125 57748 swenum - ok
06:48:48.0156 57748 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
06:48:48.0234 57748 swmidi - ok
06:48:48.0234 57748 SwPrv - ok
06:48:48.0234 57748 symantecantibotdriver - ok
06:48:48.0234 57748 symantecantibotshim - ok
06:48:48.0250 57748 symc810 - ok
06:48:48.0250 57748 symc8xx - ok
06:48:48.0250 57748 sym_hi - ok
06:48:48.0250 57748 sym_u3 - ok
06:48:48.0265 57748 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
06:48:48.0343 57748 sysaudio - ok
06:48:48.0375 57748 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
06:48:48.0453 57748 SysmonLog - ok
06:48:48.0484 57748 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
06:48:48.0562 57748 TapiSrv - ok
06:48:48.0593 57748 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:48:48.0609 57748 Tcpip - ok
06:48:48.0656 57748 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
06:48:48.0718 57748 TDPIPE - ok
06:48:48.0734 57748 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
06:48:48.0796 57748 TDTCP - ok
06:48:48.0828 57748 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
06:48:48.0890 57748 TermDD - ok
06:48:48.0921 57748 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
06:48:49.0000 57748 TermService - ok
06:48:49.0000 57748 tfsnopio - ok
06:48:49.0046 57748 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
06:48:49.0046 57748 Themes - ok
06:48:49.0093 57748 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
06:48:49.0125 57748 TlntSvr - ok
06:48:49.0125 57748 TMHIDSRV - ok
06:48:49.0125 57748 TosIde - ok
06:48:49.0156 57748 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
06:48:49.0234 57748 TrkWks - ok
06:48:49.0234 57748 tversitymediaserver - ok
06:48:49.0250 57748 tzontservice - ok
06:48:49.0250 57748 UDFReadr - ok
06:48:49.0281 57748 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
06:48:49.0343 57748 Udfs - ok
06:48:49.0343 57748 uhcd - ok
06:48:49.0343 57748 ultra - ok
06:48:49.0359 57748 UPATC - ok
06:48:49.0406 57748 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
06:48:49.0484 57748 Update - ok
06:48:49.0500 57748 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
06:48:49.0546 57748 upnphost - ok
06:48:49.0546 57748 upperdev - ok
06:48:49.0562 57748 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
06:48:49.0625 57748 UPS - ok
06:48:49.0671 57748 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
06:48:49.0687 57748 USBAAPL - ok
06:48:49.0687 57748 usbatapi2000 - ok
06:48:49.0718 57748 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
06:48:49.0781 57748 usbaudio - ok
06:48:49.0812 57748 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:48:49.0875 57748 usbccgp - ok
06:48:49.0906 57748 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:48:49.0968 57748 usbehci - ok
06:48:50.0000 57748 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:48:50.0078 57748 usbhub - ok
06:48:50.0109 57748 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
06:48:50.0171 57748 usbprint - ok
06:48:50.0187 57748 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
06:48:50.0265 57748 usbscan - ok
06:48:50.0296 57748 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:48:50.0359 57748 USBSTOR - ok
06:48:50.0375 57748 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:48:50.0453 57748 usbuhci - ok
06:48:50.0453 57748 USB_RNDIS - ok
06:48:50.0453 57748 useraccess - ok
06:48:50.0484 57748 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
06:48:50.0546 57748 VgaSave - ok
06:48:50.0546 57748 ViaIde - ok
06:48:50.0562 57748 videoacceleratorengine - ok
06:48:50.0562 57748 vmparport - ok
06:48:50.0578 57748 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
06:48:50.0656 57748 VolSnap - ok
06:48:50.0656 57748 vsdatant - ok
06:48:50.0687 57748 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
06:48:50.0718 57748 VSS - ok
06:48:50.0765 57748 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
06:48:50.0828 57748 W32Time - ok
06:48:50.0843 57748 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:48:50.0921 57748 Wanarp - ok
06:48:50.0937 57748 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
06:48:50.0953 57748 WDC_SAM - ok
06:48:51.0000 57748 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
06:48:51.0015 57748 Wdf01000 - ok
06:48:51.0015 57748 WDICA - ok
06:48:51.0078 57748 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
06:48:51.0140 57748 wdmaud - ok
06:48:51.0156 57748 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
06:48:51.0234 57748 WebClient - ok
06:48:51.0234 57748 websensecamreportserver - ok
06:48:51.0250 57748 whoisd32 - ok
06:48:51.0250 57748 winachcf - ok
06:48:51.0296 57748 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
06:48:51.0359 57748 winmgmt - ok
06:48:51.0375 57748 wlancfg - ok
06:48:51.0375 57748 wlluc48 - ok
06:48:51.0375 57748 wmccdsls - ok
06:48:51.0406 57748 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
06:48:51.0421 57748 WmdmPmSN - ok
06:48:51.0484 57748 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
06:48:51.0500 57748 Wmi - ok
06:48:51.0515 57748 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:48:51.0593 57748 WmiApSrv - ok
06:48:51.0687 57748 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
06:48:51.0718 57748 WMPNetworkSvc - ok
06:48:51.0875 57748 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:48:51.0906 57748 WPFFontCache_v0400 - ok
06:48:51.0937 57748 wpshelper - ok
06:48:51.0984 57748 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
06:48:52.0046 57748 WSTCODEC - ok
06:48:52.0062 57748 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
06:48:52.0140 57748 wuauserv - ok
06:48:52.0187 57748 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
06:48:52.0187 57748 WudfPf - ok
06:48:52.0234 57748 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
06:48:52.0250 57748 WudfRd - ok
06:48:52.0281 57748 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
06:48:52.0281 57748 WudfSvc - ok
06:48:52.0343 57748 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
06:48:52.0421 57748 WZCSVC - ok
06:48:52.0453 57748 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
06:48:52.0515 57748 xmlprov - ok
06:48:52.0515 57748 Xponaut_WBD - ok
06:48:52.0531 57748 zendcoreapache - ok
06:48:52.0531 57748 ZuneWlanCfgSvc - ok
06:48:52.0546 57748 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
06:48:52.0781 57748 \Device\Harddisk0\DR0 - ok
06:48:52.0828 57748 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk2\DR3
06:49:08.0406 57748 \Device\Harddisk2\DR3 - ok
06:49:08.0406 57748 Boot (0x1200) (ba8e3f9f280e677b1a053430c0bb4fe5) \Device\Harddisk0\DR0\Partition0
06:49:08.0406 57748 \Device\Harddisk0\DR0\Partition0 - ok
06:49:08.0421 57748 Boot (0x1200) (fee9c7855dd1239cae89a9e4488e0700) \Device\Harddisk2\DR3\Partition0
06:49:08.0437 57748 \Device\Harddisk2\DR3\Partition0 - ok
06:49:08.0437 57748 ============================================================
06:49:08.0437 57748 Scan finished
06:49:08.0437 57748 ============================================================
06:49:08.0546 57740 Detected object count: 5
06:49:08.0546 57740 Actual detected object count: 5
06:49:13.0078 57740 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
06:49:13.0078 57740 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:49:13.0078 57740 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
06:49:13.0078 57740 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:49:13.0109 57740 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - copied to quarantine
06:49:13.0156 57740 Backup copy not found, trying to cure infected file..
06:49:13.0156 57740 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - Cure failed (FFFFFFFF)
06:49:13.0156 57740 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - processing error
06:49:13.0984 57740 Avgtdix ( Virus.Win32.ZAccess.c ) - User select action: Cure
06:49:13.0984 57740 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
06:49:13.0984 57740 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:49:13.0984 57740 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
06:49:13.0984 57740 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

Hi jacknjaspa,

It looks like AVG itself may be infected. Let's have a closer look.

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.

Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following


netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
Avgtdix.*
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgtdix /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.avgtdix /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antivirservice /s


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

OTL Extras logfile created on: 26/04/2012 7:41:25 AM - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.78% Memory free
4.87 Gb Paging File | 4.16 Gb Available in Paging File | 85.32% Paging File free
Paging file location(s): C:\pagefile.sys 3100 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 35.56 Gb Free Space | 11.93% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 75.29 Gb Free Space | 50.51% Space Free | Partition Type: NTFS

Computer Name: B03F21AE66BF49C | User Name: Cameron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\FingerPrint\FingerPrintService.exe" = C:\Program Files\FingerPrint\FingerPrintService.exe:*:Enabled:FingerPrint Service -- (Collobos Software)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe" = C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe:*:Enabled:Plex Media Server -- (Plex, Inc.)
"C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe" = C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe:*:Enabled:Plex Scripting Host -- ()
"C:\Program Files\Plex\Plex Media Center\Plex.exe" = C:\Program Files\Plex\Plex Media Center\Plex.exe:*:Enabled:Plex Media Center -- (Plex, Inc.)
"C:\Program Files\Safari\Safari.exe" = C:\Program Files\Safari\Safari.exe:*:Enabled:Safari -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F0DEB7-21A6-4166-B021-CE9675665985}" = Plex Media Server
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{54DFC275-7F2F-4F01-B8B5-304E1DD03B04}" = Garfield G1 Spelling
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{85D5BFBB-8BC4-467B-BADA-D574A3CDC139}_is1" = FingerPrint 1.2.0.278
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BAF227A2-E214-49E3-9137-94A300EA85BA}" = iPhone Configuration Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG" = AVG 2012
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome Frame" = Google Chrome Frame
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HFSExplorer" = HFSExplorer 0.21
"iBackupBot for iTunes" = iBackupBot for iTunes 3.1.6
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
"Logitech Vid" = Logitech Vid HD
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Speed Dial Utility" = Canon Speed Dial Utility
"VLC media player" = VLC media player 1.1.10
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Plex" = Plex
"RewardsArcade" = RewardsArcade
"Smart Fortress 2012" = Smart Fortress 2012
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18

Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19

Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20

Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21

Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22

Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23

Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24

Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 3

Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 3

Error - 25/04/2012 7:41:09 PM | Computer Name = B03F21AE66BF49C | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.42.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 20/08/2011 2:49:44 AM | Computer Name = B03F21AE66BF49C | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 803260
seconds with 2100 seconds of active time. This session ended with a crash.

Error - 29/02/2012 4:00:32 AM | Computer Name = B03F21AE66BF49C | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 339531
seconds with 3180 seconds of active time. This session ended with a crash.


< End of report >

When I try & submit the OTL file its saying that its 87377 characters & I need to shorten to 64000.

Any Suggestions how i can do this?

Hi jacknjaspa,

Eith break it into multiple posts or zip it and attach it.

aha didnt think of that.......I think I've atached it OK, if not I'll try again.
FYI I'm now at work so cant do too much more until I get home this evening.

Hi jacknjaspa,

There's a lot going on on this computer so we might as well start with getting AVG sorted out. There are also a lot of missing files we will need to replace.

Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :


:Reg

:Services
.avgtdix

:Files
copy "C:\Program Files\AVG\AVG2012\Drivers\avgtdix.sys" "C:\WINDOWS\system32\dllcache" /c
C:\WINDOWS\System32\dds_trash_log.cmd
:Commands


Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Reboot your computer
Please post the OTL fix log.

Next

Rerun TDSSKilller the same way as youd did before. Let's see if it can straighten AVG out for us.

Please post back with
OTL fix log
TDSSK log

Ok pretty sure this is what you asked for?

========== REGISTRY ==========
========== SERVICES/DRIVERS ==========
Error: No service named .avgtdix was found to stop!
Service\Driver key .avgtdix not found.
========== FILES ==========
< copy "C:\Program Files\AVG\AVG2012\Drivers\avgtdix.sys" "C:\WINDOWS\system32\dllcache" /c >
1 file(s) copied.
C:\Documents and Settings\Cameron\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Cameron\Desktop\cmd.txt deleted successfully.
File\Folder C:\WINDOWS\System32\dds_trash_log.cmd not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.42.0 log created on 04262012_215859

Ok im now confused...ive ran then TDSSkiller 3 times but it hasn't left OTL fix log or the TDSSK log

What am I doing wrong?? I've double checked the steps & Im pretty sure I've done it correctly?????????

Hi

The log you last posted was the OTL fix log. The TDSSKiller log should be at C:\.

Ok found it


22:21:28.0859 5048 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
22:21:29.0687 5048 ============================================================
22:21:29.0687 5048 Current date / time: 2012/04/26 22:21:29.0687
22:21:29.0687 5048 SystemInfo:
22:21:29.0687 5048
22:21:29.0687 5048 OS Version: 5.1.2600 ServicePack: 3.0
22:21:29.0687 5048 Product type: Workstation
22:21:29.0687 5048 ComputerName: B03F21AE66BF49C
22:21:29.0687 5048 UserName: Cameron
22:21:29.0687 5048 Windows directory: C:\WINDOWS
22:21:29.0687 5048 System windows directory: C:\WINDOWS
22:21:29.0687 5048 Processor architecture: Intel x86
22:21:29.0687 5048 Number of processors: 2
22:21:29.0687 5048 Page size: 0x1000
22:21:29.0687 5048 Boot type: Normal boot
22:21:29.0687 5048 ============================================================
22:21:34.0265 5048 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:21:34.0312 5048 Drive \Device\Harddisk1\DR2 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:21:34.0343 5048 ============================================================
22:21:34.0343 5048 \Device\Harddisk0\DR0:
22:21:34.0343 5048 MBR partitions:
22:21:34.0343 5048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
22:21:34.0343 5048 \Device\Harddisk1\DR2:
22:21:34.0359 5048 MBR partitions:
22:21:34.0359 5048 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
22:21:34.0359 5048 ============================================================
22:21:34.0546 5048 C: <-> \Device\Harddisk0\DR0\Partition0
22:21:34.0640 5048 G: <-> \Device\Harddisk1\DR2\Partition0
22:21:34.0640 5048 ============================================================
22:21:34.0640 5048 Initialize success
22:21:34.0640 5048 ============================================================
22:21:43.0968 5896 ============================================================
22:21:43.0968 5896 Scan started
22:21:43.0968 5896 Mode: Manual; SigCheck; TDLFS;
22:21:43.0968 5896 ============================================================
22:21:46.0921 5896 2wirepcp - ok
22:21:46.0921 5896 3dkeybd - ok
22:21:46.0921 5896 61883 - ok
22:21:46.0984 5896 Abiosdsk - ok
22:21:46.0984 5896 abp480n5 - ok
22:21:47.0140 5896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:21:47.0484 5896 ACPI - ok
22:21:47.0531 5896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:21:47.0609 5896 ACPIEC - ok
22:21:47.0640 5896 ACS (233235123f3d73228ec3d2bba0e7143d) C:\WINDOWS\system32\acs.exe
22:21:47.0640 5896 ACS ( UnsignedFile.Multi.Generic ) - warning
22:21:47.0640 5896 ACS - detected UnsignedFile.Multi.Generic (1)
22:21:47.0640 5896 admjoy - ok
22:21:47.0781 5896 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:21:47.0781 5896 AdobeFlashPlayerUpdateSvc - ok
22:21:47.0796 5896 adpu160m - ok
22:21:47.0890 5896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:21:47.0968 5896 aec - ok
22:21:48.0000 5896 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:21:48.0000 5896 AegisP ( UnsignedFile.Multi.Generic ) - warning
22:21:48.0000 5896 AegisP - detected UnsignedFile.Multi.Generic (1)
22:21:48.0234 5896 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:21:48.0250 5896 AFD - ok
22:21:48.0265 5896 Aha154x - ok
22:21:48.0265 5896 aic78u2 - ok
22:21:48.0265 5896 aic78xx - ok
22:21:48.0265 5896 aksusb - ok
22:21:48.0390 5896 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:21:48.0500 5896 Alerter - ok
22:21:48.0562 5896 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:21:48.0593 5896 ALG - ok
22:21:48.0593 5896 AliIde - ok
22:21:48.0609 5896 AlKernel - ok
22:21:50.0656 5896 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
22:21:50.0718 5896 Ambfilt - ok
22:21:51.0031 5896 ami0nt - ok
22:21:51.0156 5896 amsint - ok
22:21:51.0156 5896 ANC - ok
22:21:51.0156 5896 antivirservice - ok
22:21:51.0453 5896 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:21:51.0453 5896 Apple Mobile Device - ok
22:21:51.0640 5896 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:21:51.0687 5896 AppMgmt - ok
22:21:51.0687 5896 appnnode - ok
22:21:52.0015 5896 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WG311T13.sys
22:21:52.0046 5896 AR5211 - ok
22:21:52.0125 5896 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:21:52.0203 5896 Arp1394 - ok
22:21:52.0203 5896 asc - ok
22:21:52.0218 5896 asc3350p - ok
22:21:52.0218 5896 asc3550 - ok
22:21:52.0218 5896 aslm75 - ok
22:21:52.0218 5896 ASMMAP - ok
22:21:52.0562 5896 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:21:52.0562 5896 aspnet_state - ok
22:21:52.0578 5896 aswmon2 - ok
22:21:52.0671 5896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:21:52.0750 5896 AsyncMac - ok
22:21:52.0875 5896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:21:52.0953 5896 atapi - ok
22:21:52.0953 5896 Atdisk - ok
22:21:53.0031 5896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:21:53.0125 5896 Atmarpc - ok
22:21:53.0234 5896 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:21:53.0312 5896 AudioSrv - ok
22:21:53.0343 5896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:21:53.0421 5896 audstub - ok
22:21:53.0437 5896 AVCSTRM - ok
22:21:53.0437 5896 AVerBDA - ok
22:21:58.0078 5896 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
22:21:58.0578 5896 AVGIDSAgent - ok
22:21:59.0531 5896 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:21:59.0546 5896 AVGIDSDriver - ok
22:21:59.0640 5896 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:21:59.0640 5896 AVGIDSEH - ok
22:21:59.0734 5896 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:21:59.0734 5896 AVGIDSFilter - ok
22:21:59.0812 5896 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:21:59.0828 5896 AVGIDSShim - ok
22:21:59.0953 5896 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:21:59.0968 5896 Avgldx86 - ok
22:21:59.0984 5896 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:21:59.0984 5896 Avgmfx86 - ok
22:22:00.0031 5896 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:22:00.0031 5896 Avgrkx86 - ok
22:22:00.0468 5896 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:22:00.0484 5896 Avgtdix - ok
22:22:00.0843 5896 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:22:00.0859 5896 avgwd - ok
22:22:00.0859 5896 backuplauncher - ok
22:22:00.0859 5896 bcm43xx - ok
22:22:00.0859 5896 beatjammusicstreamingserver - ok
22:22:00.0890 5896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:22:00.0984 5896 Beep - ok
22:22:00.0984 5896 belgium_id_card_service - ok
22:22:00.0984 5896 besclient - ok
22:22:00.0984 5896 bglivesvc - ok
22:22:00.0984 5896 bhmonitorservice - ok
22:22:01.0093 5896 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:22:01.0203 5896 BITS - ok
22:22:01.0203 5896 BoiHwsetup - ok
22:22:01.0640 5896 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:22:01.0687 5896 Bonjour Service - ok
22:22:01.0687 5896 bridgemp - ok
22:22:01.0875 5896 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:22:01.0968 5896 Browser - ok
22:22:01.0968 5896 BrPar - ok
22:22:01.0968 5896 btfirst - ok
22:22:01.0968 5896 bthidenum - ok
22:22:01.0968 5896 cachemgr - ok
22:22:01.0968 5896 CAMFLT - ok
22:22:02.0031 5896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:22:02.0125 5896 cbidf2k - ok
22:22:02.0125 5896 CBN - ok
22:22:02.0125 5896 ccalib8 - ok
22:22:02.0203 5896 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:22:02.0312 5896 CCDECODE - ok
22:22:02.0312 5896 cd20xrnt - ok
22:22:02.0343 5896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:22:02.0421 5896 Cdaudio - ok
22:22:02.0593 5896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:22:02.0687 5896 Cdfs - ok
22:22:02.0687 5896 Changer - ok
22:22:02.0812 5896 CinemaNow Service (127d4d0e9f78834ffd1eeea3fcfb47c1) C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
22:22:02.0812 5896 CinemaNow Service - ok
22:22:02.0875 5896 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:22:02.0968 5896 CiSvc - ok
22:22:03.0015 5896 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:22:03.0093 5896 ClipSrv - ok
22:22:03.0093 5896 clisvc - ok
22:22:03.0234 5896 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:22:03.0250 5896 clr_optimization_v2.0.50727_32 - ok
22:22:03.0609 5896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:22:03.0625 5896 clr_optimization_v4.0.30319_32 - ok
22:22:03.0625 5896 CmdIde - ok
22:22:03.0625 5896 cmigameport - ok
22:22:03.0625 5896 COMSysApp - ok
22:22:03.0640 5896 Cpqarray - ok
22:22:03.0640 5896 cpqdmi - ok
22:22:03.0640 5896 cq_mem - ok
22:22:03.0703 5896 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:22:03.0796 5896 CryptSvc - ok
22:22:03.0796 5896 dac2w2k - ok
22:22:03.0796 5896 dac960nt - ok
22:22:03.0796 5896 DCamUSBMke - ok
22:22:03.0984 5896 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:22:04.0031 5896 DcomLaunch - ok
22:22:04.0031 5896 deventagent - ok
22:22:04.0093 5896 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:22:04.0171 5896 Dhcp - ok
22:22:04.0187 5896 dirms_defragmentation - ok
22:22:04.0218 5896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:22:04.0328 5896 Disk - ok
22:22:04.0328 5896 dlaudfam - ok
22:22:04.0328 5896 DM9102 - ok
22:22:04.0328 5896 dmadmin - ok
22:22:05.0437 5896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:22:05.0546 5896 dmboot - ok
22:22:05.0734 5896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:22:05.0828 5896 dmio - ok
22:22:05.0859 5896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:22:05.0921 5896 dmload - ok
22:22:06.0000 5896 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:22:06.0093 5896 dmserver - ok
22:22:06.0187 5896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:22:06.0265 5896 DMusic - ok
22:22:06.0296 5896 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:22:06.0312 5896 Dnscache - ok
22:22:06.0312 5896 dnwhodisp - ok
22:22:06.0375 5896 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:22:06.0468 5896 Dot3svc - ok
22:22:06.0468 5896 dot4print - ok
22:22:06.0468 5896 dpti2o - ok
22:22:06.0468 5896 DritekPortIO - ok
22:22:06.0468 5896 driverhardwarev2 - ok
22:22:06.0500 5896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:22:06.0578 5896 drmkaud - ok
22:22:06.0578 5896 dsbrokerservice - ok
22:22:06.0578 5896 dtscsi - ok
22:22:06.0578 5896 EagleNT - ok
22:22:06.0640 5896 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:22:06.0718 5896 EapHost - ok
22:22:06.0718 5896 EIO_XP - ok
22:22:06.0718 5896 elnkservice - ok
22:22:06.0718 5896 enodpl - ok
22:22:06.0718 5896 enxpsvc - ok
22:22:06.0718 5896 epsonbidirectionalagent - ok
22:22:06.0734 5896 epson_pm_rpcv2_02 - ok
22:22:06.0796 5896 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:22:06.0890 5896 ERSvc - ok
22:22:07.0156 5896 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:22:07.0171 5896 Eventlog - ok
22:22:07.0265 5896 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:22:07.0312 5896 EventSystem - ok
22:22:07.0312 5896 FA312 - ok
22:22:07.0390 5896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:22:07.0468 5896 Fastfat - ok
22:22:07.0562 5896 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:22:07.0578 5896 FastUserSwitchingCompatibility - ok
22:22:07.0578 5896 fcprintservice - ok
22:22:07.0640 5896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:22:07.0734 5896 Fdc - ok
22:22:07.0734 5896 FETNDIS - ok
22:22:07.0828 5896 FingerPrint - ok
22:22:07.0875 5896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:22:07.0953 5896 Fips - ok
22:22:07.0953 5896 flashcomadmin - ok
22:22:08.0015 5896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:22:08.0109 5896 Flpydisk - ok
22:22:08.0140 5896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:22:08.0234 5896 FltMgr - ok
22:22:08.0500 5896 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:22:08.0500 5896 FontCache3.0.0.0 - ok
22:22:08.0500 5896 freepops - ok
22:22:08.0546 5896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:22:08.0656 5896 Fs_Rec - ok
22:22:08.0734 5896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:22:08.0812 5896 Ftdisk - ok
22:22:08.0859 5896 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:22:08.0875 5896 GEARAspiWDM - ok
22:22:08.0937 5896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:22:09.0046 5896 Gpc - ok
22:22:09.0046 5896 GT680x - ok
22:22:09.0046 5896 GTF32BUS - ok
22:22:09.0171 5896 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:09.0171 5896 gupdate - ok
22:22:09.0187 5896 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:09.0187 5896 gupdatem - ok
22:22:09.0312 5896 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:22:09.0328 5896 gusvc - ok
22:22:09.0421 5896 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:22:09.0515 5896 HDAudBus - ok
22:22:09.0546 5896 helpsvc - ok
22:22:09.0546 5896 hidgame - ok
22:22:09.0625 5896 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:22:09.0703 5896 HidServ - ok
22:22:09.0750 5896 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:22:09.0843 5896 hidusb - ok
22:22:09.0953 5896 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:22:10.0031 5896 hkmsvc - ok
22:22:10.0031 5896 HPFECP20 - ok
22:22:10.0031 5896 hpn - ok
22:22:10.0046 5896 HpqKbFiltr - ok
22:22:10.0046 5896 HSFHWICH - ok
22:22:10.0046 5896 hsf_dp - ok
22:22:10.0046 5896 HssTrayService - ok
22:22:10.0203 5896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:22:10.0218 5896 HTTP - ok
22:22:10.0281 5896 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:22:10.0359 5896 HTTPFilter - ok
22:22:10.0359 5896 i2omgmt - ok
22:22:10.0359 5896 i2omp - ok
22:22:10.0421 5896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:22:10.0515 5896 i8042prt - ok
22:22:10.0515 5896 iaimfp2 - ok
22:22:10.0515 5896 iaimtv2 - ok
22:22:12.0765 5896 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:22:13.0468 5896 ialm - ok
22:22:14.0796 5896 ibmfilter - ok
22:22:14.0812 5896 ibmpmdrv - ok
22:22:14.0812 5896 ibmpmsvc - ok
22:22:15.0453 5896 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:22:15.0453 5896 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:22:15.0453 5896 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:22:16.0921 5896 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:22:17.0015 5896 idsvc - ok
22:22:17.0015 5896 igniteservice.exe - ok
22:22:17.0203 5896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:22:17.0296 5896 Imapi - ok
22:22:17.0390 5896 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:22:17.0468 5896 ImapiService - ok
22:22:17.0468 5896 ini910u - ok
22:22:27.0500 5896 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:22:28.0562 5896 IntcAzAudAddService - ok
22:22:29.0562 5896 IntelC53 - ok
22:22:29.0703 5896 IntelIde - ok
22:22:29.0843 5896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:22:29.0937 5896 intelppm - ok
22:22:30.0078 5896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:22:30.0171 5896 Ip6Fw - ok
22:22:30.0328 5896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:22:30.0421 5896 IpFilterDriver - ok
22:22:30.0500 5896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:22:30.0593 5896 IpInIp - ok
22:22:30.0937 5896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:22:31.0031 5896 IpNat - ok
22:22:32.0781 5896 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
22:22:32.0906 5896 iPod Service - ok
22:22:33.0046 5896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:22:33.0140 5896 IPSec - ok
22:22:33.0203 5896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:22:33.0250 5896 IRENUM - ok
22:22:33.0375 5896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:22:33.0453 5896 isapnp - ok
22:22:33.0468 5896 IWCA - ok
22:22:33.0468 5896 ixiaendpoint - ok
22:22:33.0828 5896 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
22:22:33.0828 5896 JavaQuickStarterService - ok
22:22:33.0921 5896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:22:34.0015 5896 Kbdclass - ok
22:22:34.0093 5896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:22:34.0171 5896 kbdhid - ok
22:22:34.0515 5896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:22:34.0593 5896 kmixer - ok
22:22:34.0593 5896 KMW_USB - ok
22:22:34.0859 5896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:22:34.0890 5896 KSecDD - ok
22:22:35.0234 5896 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:22:35.0250 5896 LanmanServer - ok
22:22:35.0703 5896 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:22:35.0734 5896 lanmanworkstation - ok
22:22:35.0734 5896 lbrtfdc - ok
22:22:35.0812 5896 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:22:35.0906 5896 LmHosts - ok
22:22:35.0906 5896 ltmodem5 - ok
22:22:35.0906 5896 ltxred - ok
22:22:35.0906 5896 lusbaudio - ok
22:22:36.0000 5896 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
22:22:36.0000 5896 LVPr2Mon - ok
22:22:36.0609 5896 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
22:22:36.0625 5896 LVPrcSrv - ok
22:22:36.0625 5896 lxby_device - ok
22:22:36.0625 5896 lxcj_device - ok
22:22:36.0625 5896 lxdm_device - ok
22:22:36.0625 5896 Machnm32 - ok
22:22:36.0640 5896 mcdbus - ok
22:22:36.0640 5896 mcvsrte - ok
22:22:37.0343 5896 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
22:22:37.0375 5896 MDM ( UnsignedFile.Multi.Generic ) - warning
22:22:37.0375 5896 MDM - detected UnsignedFile.Multi.Generic (1)
22:22:37.0609 5896 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:22:37.0687 5896 Messenger - ok
22:22:37.0687 5896 mfeapfk - ok
22:22:37.0687 5896 mks_scan - ok
22:22:37.0734 5896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:22:37.0828 5896 mnmdd - ok
22:22:37.0984 5896 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:22:38.0046 5896 mnmsrvc - ok
22:22:38.0156 5896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:22:38.0234 5896 Modem - ok
22:22:41.0734 5896 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
22:22:42.0109 5896 Monfilt - ok
22:22:42.0187 5896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:22:42.0281 5896 Mouclass - ok
22:22:42.0281 5896 moufiltr - ok
22:22:42.0343 5896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:22:42.0437 5896 mouhid - ok
22:22:42.0500 5896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:22:42.0593 5896 MountMgr - ok
22:22:42.0593 5896 mraid35x - ok
22:22:42.0593 5896 MRESP50a64 - ok
22:22:42.0781 5896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:22:42.0875 5896 MRxDAV - ok
22:22:43.0375 5896 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:22:43.0468 5896 MRxSmb - ok
22:22:43.0468 5896 MSCamSvc - ok
22:22:43.0515 5896 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:22:43.0625 5896 MSDTC - ok
22:22:43.0687 5896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:22:43.0765 5896 Msfs - ok
22:22:43.0765 5896 MSFWHLPR - ok
22:22:43.0765 5896 MSIServer - ok
22:22:43.0828 5896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:22:43.0906 5896 MSKSSRV - ok
22:22:43.0953 5896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:22:44.0031 5896 MSPCLOCK - ok
22:22:44.0062 5896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:22:44.0140 5896 MSPQM - ok
22:22:44.0234 5896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:22:44.0312 5896 mssmbios - ok
22:22:44.0375 5896 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:22:44.0484 5896 MSTEE - ok
22:22:44.0703 5896 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:22:44.0718 5896 Mup - ok
22:22:44.0937 5896 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:22:45.0015 5896 NABTSFEC - ok
22:22:45.0828 5896 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:22:45.0921 5896 napagent - ok
22:22:45.0921 5896 NCPro - ok
22:22:46.0078 5896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:22:46.0171 5896 NDIS - ok
22:22:46.0234 5896 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:22:46.0328 5896 NdisIP - ok
22:22:46.0343 5896 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:22:46.0375 5896 NdisTapi - ok
22:22:46.0437 5896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:22:46.0515 5896 Ndisuio - ok
22:22:46.0796 5896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:22:46.0890 5896 NdisWan - ok
22:22:46.0921 5896 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:22:46.0937 5896 NDProxy - ok
22:22:46.0984 5896 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
22:22:47.0015 5896 Netaapl - ok
22:22:47.0140 5896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:22:47.0218 5896 NetBIOS - ok
22:22:47.0500 5896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:22:47.0578 5896 NetBT - ok
22:22:47.0937 5896 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:22:48.0015 5896 NetDDE - ok
22:22:48.0015 5896 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:22:48.0093 5896 NetDDEdsdm - ok
22:22:48.0093 5896 netdevio - ok
22:22:48.0171 5896 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:22:48.0234 5896 Netlogon - ok
22:22:48.0734 5896 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:22:48.0812 5896 Netman - ok
22:22:49.0500 5896 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:22:49.0500 5896 NetTcpPortSharing - ok
22:22:49.0609 5896 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:22:49.0687 5896 NIC1394 - ok
22:22:49.0687 5896 nim32 - ok
22:22:49.0953 5896 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:22:49.0968 5896 Nla - ok
22:22:49.0968 5896 nod32krn - ok
22:22:49.0968 5896 npfmntor - ok
22:22:50.0078 5896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:22:50.0203 5896 Npfs - ok
22:22:51.0515 5896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:22:51.0656 5896 Ntfs - ok
22:22:51.0656 5896 ntiopnp - ok
22:22:51.0656 5896 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:22:51.0734 5896 NtLmSsp - ok
22:22:53.0328 5896 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:22:53.0437 5896 NtmsSvc - ok
22:22:53.0437 5896 ntsyslog - ok
22:22:53.0468 5896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:22:53.0546 5896 Null - ok
22:22:53.0546 5896 NWADI - ok
22:22:53.0609 5896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:22:53.0687 5896 NwlnkFlt - ok
22:22:53.0718 5896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:22:53.0812 5896 NwlnkFwd - ok
22:22:53.0812 5896 NWSNS - ok
22:22:53.0812 5896 NxSysMon - ok
22:22:54.0968 5896 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:22:55.0062 5896 odserv - ok
22:22:55.0062 5896 ofcpfwsvc - ok
22:22:55.0140 5896 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:22:55.0218 5896 ohci1394 - ok
22:22:55.0218 5896 opcenum - ok
22:22:55.0218 5896 oracleorahome92tnslistener - ok
22:22:55.0421 5896 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:22:55.0421 5896 ose - ok
22:22:55.0437 5896 p2psvc - ok
22:22:55.0437 5896 papycpu2 - ok
22:22:55.0531 5896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:22:55.0609 5896 Parport - ok
22:22:55.0671 5896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:22:55.0765 5896 PartMgr - ok
22:22:55.0812 5896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:22:55.0890 5896 ParVdm - ok
22:22:55.0890 5896 pavdrv - ok
22:22:56.0156 5896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:22:56.0234 5896 PCI - ok
22:22:56.0250 5896 PCIDump - ok
22:22:56.0281 5896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:22:56.0359 5896 PCIIde - ok
22:22:56.0703 5896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:22:56.0796 5896 Pcmcia - ok
22:22:56.0796 5896 pcscnsrv - ok
22:22:56.0796 5896 PDCOMP - ok
22:22:56.0796 5896 pdengine - ok
22:22:56.0812 5896 PDFRAME - ok
22:22:56.0812 5896 pdlnctdl - ok
22:22:56.0812 5896 pdlnemsg - ok
22:22:56.0812 5896 PDRELI - ok
22:22:56.0812 5896 PDRFRAME - ok
22:22:56.0812 5896 pepifilter - ok
22:22:56.0828 5896 perc2 - ok
22:22:56.0828 5896 perc2hib - ok
22:22:56.0828 5896 phc600 - ok
22:23:00.0906 5896 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
22:23:01.0359 5896 PID_PEPI - ok
22:23:02.0187 5896 pilogsrv - ok
22:23:02.0375 5896 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:23:02.0390 5896 PlugPlay - ok
22:23:02.0390 5896 pmsveh - ok
22:23:02.0390 5896 pnrouter - ok
22:23:02.0421 5896 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:23:02.0500 5896 PolicyAgent - ok
22:23:02.0875 5896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:23:02.0968 5896 PptpMiniport - ok
22:23:02.0968 5896 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:23:03.0031 5896 ProtectedStorage - ok
22:23:03.0046 5896 proxyhostdriver - ok
22:23:03.0171 5896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:23:03.0250 5896 PSched - ok
22:23:03.0250 5896 pshost - ok
22:23:03.0343 5896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:23:03.0421 5896 Ptilink - ok
22:23:03.0421 5896 ql1080 - ok
22:23:03.0437 5896 Ql10wnt - ok
22:23:03.0437 5896 ql12160 - ok
22:23:03.0437 5896 ql1240 - ok
22:23:03.0437 5896 ql1280 - ok
22:23:03.0515 5896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:23:03.0578 5896 RasAcd - ok
22:23:04.0046 5896 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:23:04.0125 5896 RasAuto - ok
22:23:04.0296 5896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:23:04.0390 5896 Rasl2tp - ok
22:23:04.0687 5896 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:23:04.0750 5896 RasMan - ok
22:23:04.0812 5896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:23:04.0890 5896 RasPppoe - ok
22:23:04.0906 5896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:23:04.0984 5896 Raspti - ok
22:23:05.0250 5896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:23:05.0343 5896 Rdbss - ok
22:23:05.0375 5896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:23:05.0453 5896 RDPCDD - ok
22:23:05.0578 5896 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:23:05.0671 5896 rdpdr - ok
22:23:06.0390 5896 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:23:06.0406 5896 RDPWD - ok
22:23:06.0796 5896 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:23:06.0890 5896 RDSessMgr - ok
22:23:07.0109 5896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:23:07.0187 5896 redbook - ok
22:23:07.0515 5896 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:23:07.0609 5896 RemoteAccess - ok
22:23:07.0781 5896 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:23:07.0875 5896 RemoteRegistry - ok
22:23:08.0265 5896 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
22:23:08.0265 5896 RichVideo - ok
22:23:08.0265 5896 RimUsb - ok
22:23:08.0343 5896 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
22:23:08.0359 5896 RimVSerPort - ok
22:23:08.0375 5896 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
22:23:08.0453 5896 ROOTMODEM - ok
22:23:08.0703 5896 RoxLiveShare9 - ok
22:23:08.0843 5896 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:23:08.0906 5896 RpcLocator - ok
22:23:09.0265 5896 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:23:09.0328 5896 RpcSs - ok
22:23:09.0328 5896 rslinxng - ok
22:23:09.0671 5896 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:23:09.0781 5896 RSVP - ok
22:23:09.0781 5896 rt73 - ok
22:23:10.0437 5896 RTLE8023xp (c48e7bbc6a17a0676079e11a13e82549) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
22:23:10.0453 5896 RTLE8023xp - ok
22:23:10.0453 5896 s616mgmt - ok
22:23:10.0546 5896 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:23:10.0625 5896 SamSs - ok
22:23:10.0625 5896 sandboxu - ok
22:23:10.0625 5896 sbcssvc - ok
22:23:10.0625 5896 sbhooksvc - ok
22:23:10.0625 5896 scarddrv - ok
22:23:10.0781 5896 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:23:10.0875 5896 SCardSvr - ok
22:23:11.0093 5896 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:23:11.0187 5896 Schedule - ok
22:23:11.0187 5896 scsiaccess - ok
22:23:11.0203 5896 SE2Cmdm - ok
22:23:11.0203 5896 se44mgmt - ok
22:23:11.0265 5896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:23:11.0312 5896 Secdrv - ok
22:23:11.0343 5896 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:23:11.0421 5896 seclogon - ok
22:23:11.0468 5896 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
22:23:11.0562 5896 SENS - ok
22:23:11.0640 5896 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:23:11.0750 5896 serenum - ok
22:23:11.0968 5896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:23:12.0078 5896 Serial - ok
22:23:12.0078 5896 serialkeys - ok
22:23:12.0171 5896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:23:12.0250 5896 Sfloppy - ok
22:23:12.0796 5896 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:23:13.0000 5896 SharedAccess - ok
22:23:13.0281 5896 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:23:13.0312 5896 ShellHWDetection - ok
22:23:13.0312 5896 Si3114r5 - ok
22:23:13.0312 5896 Simbad - ok
22:23:13.0328 5896 SiRemFil - ok
22:23:13.0328 5896 SiSRaid2 - ok
22:23:13.0328 5896 sit_flt - ok
22:23:13.0328 5896 Sk99202k - ok
22:23:13.0390 5896 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:23:13.0468 5896 SLIP - ok
22:23:13.0484 5896 snac - ok
22:23:13.0484 5896 snapman - ok
22:23:13.0484 5896 sonytvc - ok
22:23:13.0484 5896 Sparrow - ok
22:23:13.0484 5896 spcsutilityservice - ok
22:23:13.0546 5896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:23:13.0640 5896 splitter - ok
22:23:13.0843 5896 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:23:13.0875 5896 Spooler - ok
22:23:13.0875 5896 sprtsvc_ddoctorv2 - ok
22:23:13.0875 5896 sqlserveragent - ok
22:23:14.0156 5896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:23:14.0203 5896 sr - ok
22:23:14.0421 5896 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:23:14.0453 5896 srservice - ok
22:23:14.0812 5896 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:23:14.0859 5896 Srv - ok
22:23:14.0859 5896 SrvcEPIOMngr - ok
22:23:14.0953 5896 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:23:15.0000 5896 SSDPSRV - ok
22:23:15.0000 5896 sshrmd - ok
22:23:15.0000 5896 StickyMesger - ok
22:23:15.0171 5896 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:23:15.0328 5896 stisvc - ok
22:23:15.0328 5896 stllssvr - ok
22:23:15.0390 5896 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:23:15.0484 5896 streamip - ok
22:23:15.0484 5896 susbser - ok
22:23:15.0531 5896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:23:15.0625 5896 swenum - ok
22:23:15.0765 5896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:23:15.0843 5896 swmidi - ok
22:23:15.0843 5896 SwPrv - ok
22:23:15.0859 5896 symantecantibotdriver - ok
22:23:15.0859 5896 symantecantibotshim - ok
22:23:15.0859 5896 symc810 - ok
22:23:15.0859 5896 symc8xx - ok
22:23:15.0859 5896 sym_hi - ok
22:23:15.0875 5896 sym_u3 - ok
22:23:16.0078 5896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:23:16.0203 5896 sysaudio - ok
22:23:16.0640 5896 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:23:16.0750 5896 SysmonLog - ok
22:23:17.0359 5896 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:23:17.0453 5896 TapiSrv - ok
22:23:17.0781 5896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:23:17.0875 5896 Tcpip - ok
22:23:17.0937 5896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:23:18.0015 5896 TDPIPE - ok
22:23:18.0062 5896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:23:18.0171 5896 TDTCP - ok
22:23:18.0218 5896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:23:18.0296 5896 TermDD - ok
22:23:18.0562 5896 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:23:18.0656 5896 TermService - ok
22:23:18.0656 5896 tfsnopio - ok
22:23:18.0750 5896 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:23:18.0765 5896 Themes - ok
22:23:18.0859 5896 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:23:18.0921 5896 TlntSvr - ok
22:23:18.0921 5896 TMHIDSRV - ok
22:23:18.0921 5896 TosIde - ok
22:23:19.0250 5896 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:23:19.0328 5896 TrkWks - ok
22:23:19.0343 5896 tversitymediaserver - ok
22:23:19.0343 5896 tzontservice - ok
22:23:19.0343 5896 UDFReadr - ok
22:23:19.0656 5896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:23:19.0734 5896 Udfs - ok
22:23:19.0750 5896 uhcd - ok
22:23:19.0750 5896 ultra - ok
22:23:19.0750 5896 UPATC - ok
22:23:20.0765 5896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:23:20.0937 5896 Update - ok
22:23:21.0312 5896 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:23:21.0359 5896 upnphost - ok
22:23:21.0375 5896 upperdev - ok
22:23:21.0437 5896 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:23:21.0515 5896 UPS - ok
22:23:21.0562 5896 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:23:21.0578 5896 USBAAPL - ok
22:23:21.0578 5896 usbatapi2000 - ok
22:23:21.0765 5896 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:23:21.0859 5896 usbaudio - ok
22:23:21.0921 5896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:23:22.0015 5896 usbccgp - ok
22:23:22.0078 5896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:23:22.0171 5896 usbehci - ok
22:23:22.0265 5896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:23:22.0343 5896 usbhub - ok
22:23:22.0484 5896 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:23:22.0562 5896 usbprint - ok
22:23:22.0609 5896 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:23:22.0703 5896 usbscan - ok
22:23:22.0781 5896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:23:22.0875 5896 USBSTOR - ok
22:23:23.0000 5896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:23:23.0078 5896 usbuhci - ok
22:23:23.0078 5896 USB_RNDIS - ok
22:23:23.0093 5896 useraccess - ok
22:23:23.0234 5896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:23:23.0312 5896 VgaSave - ok
22:23:23.0312 5896 ViaIde - ok
22:23:23.0328 5896 videoacceleratorengine - ok
22:23:23.0328 5896 vmparport - ok
22:23:23.0468 5896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:23:23.0546 5896 VolSnap - ok
22:23:23.0546 5896 vsdatant - ok
22:23:23.0828 5896 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:23:23.0875 5896 VSS - ok
22:23:24.0156 5896 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:23:24.0234 5896 W32Time - ok
22:23:24.0312 5896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:23:24.0406 5896 Wanarp - ok
22:23:24.0453 5896 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
22:23:24.0468 5896 WDC_SAM - ok
22:23:25.0578 5896 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
22:23:25.0625 5896 Wdf01000 - ok
22:23:25.0625 5896 WDICA - ok
22:23:25.0859 5896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:23:25.0937 5896 wdmaud - ok
22:23:26.0171 5896 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:23:26.0265 5896 WebClient - ok
22:23:26.0281 5896 websensecamreportserver - ok
22:23:26.0281 5896 whoisd32 - ok
22:23:26.0281 5896 winachcf - ok
22:23:26.0781 5896 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:23:26.0875 5896 winmgmt - ok
22:23:26.0890 5896 wlancfg - ok
22:23:26.0890 5896 wlluc48 - ok
22:23:26.0890 5896 wmccdsls - ok
22:23:27.0062 5896 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:23:27.0078 5896 WmdmPmSN - ok
22:23:27.0656 5896 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:23:27.0765 5896 Wmi - ok
22:23:27.0906 5896 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:23:28.0000 5896 WmiApSrv - ok
22:23:31.0359 5896 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:23:31.0531 5896 WMPNetworkSvc - ok
22:23:32.0234 5896 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:23:32.0343 5896 WPFFontCache_v0400 - ok
22:23:32.0640 5896 wpshelper - ok
22:23:32.0765 5896 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:23:32.0859 5896 WSTCODEC - ok
22:23:32.0984 5896 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:23:33.0078 5896 wuauserv - ok
22:23:33.0125 5896 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:23:33.0187 5896 WudfPf - ok
22:23:33.0296 5896 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:23:33.0312 5896 WudfRd - ok
22:23:33.0453 5896 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:23:33.0484 5896 WudfSvc - ok
22:23:33.0609 5896 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:23:33.0734 5896 WZCSVC - ok
22:23:34.0000 5896 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:23:34.0093 5896 xmlprov - ok
22:23:34.0093 5896 Xponaut_WBD - ok
22:23:34.0093 5896 zendcoreapache - ok
22:23:34.0093 5896 ZuneWlanCfgSvc - ok
22:23:34.0140 5896 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:23:35.0234 5896 \Device\Harddisk0\DR0 - ok
22:23:35.0281 5896 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR2
22:23:50.0843 5896 \Device\Harddisk1\DR2 - ok
22:23:50.0859 5896 Boot (0x1200) (ba8e3f9f280e677b1a053430c0bb4fe5) \Device\Harddisk0\DR0\Partition0
22:23:50.0875 5896 \Device\Harddisk0\DR0\Partition0 - ok
22:23:50.0875 5896 Boot (0x1200) (6c0f95afe40caec0a1a3119384c2bc28) \Device\Harddisk1\DR2\Partition0
22:23:50.0921 5896 \Device\Harddisk1\DR2\Partition0 - ok
22:23:50.0921 5896 ============================================================
22:23:50.0921 5896 Scan finished
22:23:50.0921 5896 ============================================================
22:23:51.0031 5900 Detected object count: 4
22:23:51.0031 5900 Actual detected object count: 4
22:24:30.0328 5900 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:30.0328 5900 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:30.0328 5900 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:30.0328 5900 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:30.0328 5900 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:30.0328 5900 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:24:30.0328 5900 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:24:30.0328 5900 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

Hi jacknjaspa,

That part looks good now. Let's try to put this computer back together before we bring in the big tools.

Next

Please open OTL.


Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)

In the window under Custom Scans/Fixes copy and paste the following


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice /s
/md5start
logonui.*
crypt32.*
cryptnet.*
cscdll.*
igfxdev.*
wlnotify.*
sclgntfy.*
WlNotify.*
WgaLogon.*
msapsspc.*
schannel.*
digest.*
msnsspc.*
/md5stop



Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

OTL logfile created on: 27/04/2012 12:33:30 AM - Run 2
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.67% Memory free
4.87 Gb Paging File | 4.22 Gb Available in Paging File | 86.60% Paging File free
Paging file location(s): C:\pagefile.sys 3100 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 35.53 Gb Free Space | 11.92% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 75.29 Gb Free Space | 50.51% Space Free | Partition Type: NTFS

Computer Name: B03F21AE66BF49C | User Name: Cameron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Cameron\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.)
PRC - C:\Program Files\FingerPrint\FingerPrint.exe (Collobos Software)
PRC - C:\Program Files\FingerPrint\FingerPrintService.exe (Collobos Software)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\acs.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Safari\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Safari\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\FingerPrint\libcups2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
MOD - C:\WINDOWS\system32\acs.exe ()


========== Win32 Services (SafeList) ==========

SRV - (ZuneWlanCfgSvc) -- %systemroot%\system32\Wbutton.dll File not found
SRV - (zendcoreapache) -- %systemroot%\system32\adobeversioncue.dll File not found
SRV - (Xponaut_WBD) -- %systemroot%\system32\sthda.dll File not found
SRV - (wpshelper) -- %systemroot%\system32\ksthunk.dll File not found
SRV - (wmccdsls) -- %systemroot%\system32\ql12160.dll File not found
SRV - (wlluc48) -- %systemroot%\system32\RR2Ctrl.dll File not found
SRV - (wlancfg) -- %systemroot%\system32\2wirepcp.dll File not found
SRV - (winachcf) -- %systemroot%\system32\prismxl.dll File not found
SRV - (whoisd32) -- %systemroot%\system32\rt61.dll File not found
SRV - (websensecamreportserver) -- %systemroot%\system32\irbus.dll File not found
SRV - (vsdatant) -- %systemroot%\system32\PSDNServ.dll File not found
SRV - (vmparport) -- %systemroot%\system32\CDRPDACC.dll File not found
SRV - (videoacceleratorengine) -- %systemroot%\system32\qbposdbservices.dll File not found
SRV - (useraccess) -- %systemroot%\system32\sentinelprotectionserver.dll File not found
SRV - (usbatapi2000) -- %systemroot%\system32\Spsmqvsm.dll File not found
SRV - (USB_RNDIS) -- %systemroot%\system32\ICAM5USB.dll File not found
SRV - (upperdev) -- %systemroot%\system32\NtMtlFax.dll File not found
SRV - (UPATC) -- %systemroot%\system32\TeamViewer.dll File not found
SRV - (uhcd) -- %systemroot%\system32\websenselogserver.dll File not found
SRV - (UDFReadr) -- %systemroot%\system32\ATMsrvc.dll File not found
SRV - (tzontservice) -- %systemroot%\system32\bvrp_pci.dll File not found
SRV - (tversitymediaserver) -- %systemroot%\system32\Defrag32.dll File not found
SRV - (TMHIDSRV) -- %systemroot%\system32\Sunkfiltp.dll File not found
SRV - (tfsnopio) -- %systemroot%\system32\spbbcsvc.dll File not found
SRV - (symantecantibotshim) -- %systemroot%\system32\nvmd.dll File not found
SRV - (symantecantibotdriver) -- %systemroot%\system32\NTIDrvr.dll File not found
SRV - (susbser) -- %systemroot%\system32\wfxsvc.dll File not found
SRV - (stllssvr) -- %systemroot%\system32\hap17v2k.dll File not found
SRV - (StickyMesger) -- %systemroot%\system32\dlcc_device.dll File not found
SRV - (sshrmd) -- %systemroot%\system32\nvedavt.dll File not found
SRV - (SrvcEPIOMngr) -- %systemroot%\system32\TPPWRIF.dll File not found
SRV - (sqlserveragent) -- %systemroot%\system32\us30service.dll File not found
SRV - (sprtsvc_ddoctorv2) -- %systemroot%\system32\ghostsec.dll File not found
SRV - (spcsutilityservice) -- %systemroot%\system32\atitool.dll File not found
SRV - (sonytvc) -- %systemroot%\system32\LHidUsbK.dll File not found
SRV - (snapman) -- %systemroot%\system32\USB_NDIS_51.dll File not found
SRV - (snac) -- %systemroot%\system32\service.dll File not found
SRV - (Sk99202k) -- %systemroot%\system32\hdaudbus.dll File not found
SRV - (sit_flt) -- %systemroot%\system32\s125mdm.dll File not found
SRV - (SiSRaid2) -- %systemroot%\system32\VC6SecS.dll File not found
SRV - (SiRemFil) -- %systemroot%\system32\msgame.dll File not found
SRV - (Si3114r5) -- %systemroot%\system32\amfilter.dll File not found
SRV - (serialkeys) -- %systemroot%\system32\bthusb.dll File not found
SRV - (se44mgmt) -- %systemroot%\system32\RivaTuner32.dll File not found
SRV - (SE2Cmdm) -- %systemroot%\system32\Xyz777s.dll File not found
SRV - (scsiaccess) -- %systemroot%\system32\edspport.dll File not found
SRV - (scarddrv) -- %systemroot%\system32\se59mgmt.dll File not found
SRV - (sbhooksvc) -- %systemroot%\system32\slabser.dll File not found
SRV - (sbcssvc) -- %systemroot%\system32\ndasbus.dll File not found
SRV - (sandboxu) -- %systemroot%\system32\om518p.dll File not found
SRV - (s616mgmt) -- %systemroot%\system32\asp.net_2.0.50727.dll File not found
SRV - (rt73) -- %systemroot%\system32\ccevtmgr.dll File not found
SRV - (rslinxng) -- %systemroot%\system32\NWUSBModem.dll File not found
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
SRV - (pshost) -- %systemroot%\system32\asusgsb.dll File not found
SRV - (proxyhostdriver) -- %systemroot%\system32\DCamUSBSQTECH.dll File not found
SRV - (pnrouter) -- %systemroot%\system32\traprcvr.dll File not found
SRV - (pmsveh) -- %systemroot%\system32\twotrack.dll File not found
SRV - (pilogsrv) -- %systemroot%\system32\z800mdm.dll File not found
SRV - (phc600) -- %systemroot%\system32\yats32.dll File not found
SRV - (pepifilter) -- %systemroot%\system32\CoachUsb.dll File not found
SRV - (pdlnemsg) -- %systemroot%\system32\SiSRaid.dll File not found
SRV - (pdlnctdl) -- %systemroot%\system32\NWSNS.dll File not found
SRV - (pdengine) -- %systemroot%\system32\rdpdr.dll File not found
SRV - (pcscnsrv) -- %systemroot%\system32\oracle%oracle_home_service%clientcache80.dll File not found
SRV - (pavdrv) -- %systemroot%\system32\statusagent4.dll File not found
SRV - (papycpu2) -- %systemroot%\system32\clipsrv.dll File not found
SRV - (p2psvc) -- %systemroot%\system32\NWDHCP.dll File not found
SRV - (oracleorahome92tnslistener) -- %systemroot%\system32\dnetc.dll File not found
SRV - (opcenum) -- %systemroot%\system32\btserial.dll File not found
SRV - (ofcpfwsvc) -- %systemroot%\system32\pdcomp.dll File not found
SRV - (NxSysMon) -- %systemroot%\system32\nvrd64.dll File not found
SRV - (NWSNS) -- %systemroot%\system32\AdfuUd.dll File not found
SRV - (NWADI) -- %systemroot%\system32\DSI_SiUSBXp_3_1.dll File not found
SRV - (ntsyslog) -- %systemroot%\system32\uagp35.dll File not found
SRV - (ntiopnp) -- %systemroot%\system32\x10nets.dll File not found
SRV - (npfmntor) -- %systemroot%\system32\wencrservice.dll File not found
SRV - (nod32krn) -- %systemroot%\system32\tsircsrv.dll File not found
SRV - (nim32) -- %systemroot%\system32\SMNDIS5.dll File not found
SRV - (netdevio) -- %systemroot%\system32\rspndr.dll File not found
SRV - (NCPro) -- %systemroot%\system32\NuidFltr.dll File not found
SRV - (MSFWHLPR) -- %systemroot%\system32\MREMP50a64.dll File not found
SRV - (MSCamSvc) -- %systemroot%\system32\smapint.dll File not found
SRV - (MRESP50a64) -- %systemroot%\system32\fetnd5bv.dll File not found
SRV - (moufiltr) -- %systemroot%\system32\vsbus.dll File not found
SRV - (mks_scan) -- %systemroot%\system32\backupexecnamingservice.dll File not found
SRV - (mfeapfk) -- %systemroot%\system32\psdvdisk.dll File not found
SRV - (mcvsrte) -- %systemroot%\system32\UNDPX2A.dll File not found
SRV - (Machnm32) -- %systemroot%\system32\ipodsrv.dll File not found
SRV - (lxdm_device) -- %systemroot%\system32\odysseyIM4.dll File not found
SRV - (lxcj_device) -- %systemroot%\system32\bt3cusb.dll File not found
SRV - (lxby_device) -- %systemroot%\system32\clnt_clientman.dll File not found
SRV - (lusbaudio) -- %systemroot%\system32\sffdisk.dll File not found
SRV - (ltxred) -- %systemroot%\system32\tga.dll File not found
SRV - (ltmodem5) -- %systemroot%\system32\pdiddcci.dll File not found
SRV - (KMW_USB) -- %systemroot%\system32\ikhlayer.dll File not found
SRV - (ixiaendpoint) -- %systemroot%\system32\ctxcpubal.dll File not found
SRV - (IWCA) -- %systemroot%\system32\viaudio.dll File not found
SRV - (IntelC53) -- %systemroot%\system32\cpsvc.dll File not found
SRV - (igniteservice.exe) -- %systemroot%\system32\lanmanserver.dll File not found
SRV - (ibmpmsvc) -- %systemroot%\system32\LMIRfsClientNP.dll File not found
SRV - (ibmpmdrv) -- %systemroot%\system32\lxdm_device.dll File not found
SRV - (ibmfilter) -- %systemroot%\system32\sr_service.dll File not found
SRV - (iaimtv2) -- %systemroot%\system32\ppa3.dll File not found
SRV - (iaimfp2) -- %systemroot%\system32\retroexplauncher.dll File not found
SRV - (HssTrayService) -- %systemroot%\system32\cccredmgr.dll File not found
SRV - (HSFHWICH) -- %systemroot%\system32\messenger.dll File not found
SRV - (hsf_dp) -- %systemroot%\system32\intelppm.dll File not found
SRV - (HpqKbFiltr) -- %systemroot%\system32\CoolerXPDriver.dll File not found
SRV - (HPFECP20) -- %systemroot%\system32\pfmodnt.dll File not found
SRV - (hidgame) -- %systemroot%\system32\WUSB54Gv4SVC.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (GTF32BUS) -- %systemroot%\system32\RioS30.dll File not found
SRV - (GT680x) -- %systemroot%\system32\SetupNT.dll File not found
SRV - (freepops) -- %systemroot%\system32\AppnApi.dll File not found
SRV - (flashcomadmin) -- %systemroot%\system32\AdobeActiveFileMonitor6.0.dll File not found
SRV - (FETNDIS) -- %systemroot%\system32\DgiVecp.dll File not found
SRV - (fcprintservice) -- %systemroot%\system32\navapel.dll File not found
SRV - (FA312) -- %systemroot%\system32\iAimTV5.dll File not found
SRV - (epsonbidirectionalagent) -- %systemroot%\system32\BrScnUsb.dll File not found
SRV - (epson_pm_rpcv2_02) -- %systemroot%\system32\pid_0928.dll File not found
SRV - (enxpsvc) -- %systemroot%\system32\AmdLLD.dll File not found
SRV - (enodpl) -- %systemroot%\system32\pctavsvc.dll File not found
SRV - (elnkservice) -- %systemroot%\system32\ultra.dll File not found
SRV - (EIO_XP) -- %systemroot%\system32\RTLE8023xp.dll File not found
SRV - (EagleNT) -- %systemroot%\system32\W55U01.dll File not found
SRV - (dtscsi) -- %systemroot%\system32\pdlnshay.dll File not found
SRV - (dsbrokerservice) -- %systemroot%\system32\lpx.dll File not found
SRV - (driverhardwarev2) BLKWGU(Belkin) -- %systemroot%\system32\WinFl32.dll File not found
SRV - (DritekPortIO) -- %systemroot%\system32\aswrdr.dll File not found
SRV - (dot4print) -- %systemroot%\system32\NSSvcMgr.dll File not found
SRV - (dnwhodisp) -- %systemroot%\system32\idsvc.dll File not found
SRV - (DM9102) -- %systemroot%\system32\lwwlicenseservice.dll File not found
SRV - (dlaudfam) -- %systemroot%\system32\TPECioCtl.dll File not found
SRV - (dirms_defragmentation) -- %systemroot%\system32\bwcsrv.dll File not found
SRV - (deventagent) -- %systemroot%\system32\EagleNT.dll File not found
SRV - (DCamUSBMke) -- %systemroot%\system32\pdlnafac.dll File not found
SRV - (cq_mem) -- %systemroot%\system32\fsRamDsk.dll File not found
SRV - (cpqdmi) -- %systemroot%\system32\rpclocator.dll File not found
SRV - (cmigameport) -- %systemroot%\system32\DSXUSB.dll File not found
SRV - (clisvc) -- %systemroot%\system32\sysaidagent.dll File not found
SRV - (ccalib8) -- %systemroot%\system32\roxliveshare9.dll File not found
SRV - (CBN) -- %systemroot%\system32\stirusb.dll File not found
SRV - (CAMFLT) -- %systemroot%\system32\p2pimsvc.dll File not found
SRV - (cachemgr) -- %systemroot%\system32\nvgts.dll File not found
SRV - (bthidenum) -- %systemroot%\system32\ARCSOFTVIRTUALCAPTURE.dll File not found
SRV - (btfirst) -- %systemroot%\system32\wusb54gv2svc.dll File not found
SRV - (BrPar) -- %systemroot%\system32\protexislicensing.dll File not found
SRV - (bridgemp) -- %systemroot%\system32\msk80service.dll File not found
SRV - (BoiHwsetup) -- %systemroot%\system32\U81xmgmt.dll File not found
SRV - (bhmonitorservice) -- %systemroot%\system32\i8042prt.dll File not found
SRV - (bglivesvc) -- %systemroot%\system32\avcgbfl.dll File not found
SRV - (besclient) -- %systemroot%\system32\nvata.dll File not found
SRV - (belgium_id_card_service) -- %systemroot%\system32\rksample.dll File not found
SRV - (beatjammusicstreamingserver) -- %systemroot%\system32\mrpostman.dll File not found
SRV - (bcm43xx) -- %systemroot%\system32\snareiis.dll File not found
SRV - (backuplauncher) -- %systemroot%\system32\rimsptsk.dll File not found
SRV - (AVerBDA) -- %systemroot%\system32\UWProSys.dll File not found
SRV - (AVCSTRM) -- %systemroot%\system32\msgame.dll File not found
SRV - (aswmon2) -- %systemroot%\system32\aswrdr.dll File not found
SRV - (ASMMAP) -- %systemroot%\system32\dns4meclient.dll File not found
SRV - (aslm75) -- %systemroot%\system32\ireike.dll File not found
SRV - (appnnode) -- %systemroot%\system32\lmimirr.dll File not found
SRV - (antivirservice) -- %systemroot%\system32\bt.dll File not found
SRV - (ANC) -- %systemroot%\system32\snapman380.dll File not found
SRV - (ami0nt) -- %systemroot%\system32\Machnm32.dll File not found
SRV - (AlKernel) -- %systemroot%\system32\WinVd32.dll File not found
SRV - (aksusb) -- %systemroot%\system32\processor.dll File not found
SRV - (admjoy) -- %systemroot%\system32\wlancig.dll File not found
SRV - (61883) -- %systemroot%\system32\SNP2STD.dll File not found
SRV - (3dkeybd) -- %systemroot%\system32\adpu320.dll File not found
SRV - (2wirepcp) -- %systemroot%\system32\db2governor.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FingerPrint) -- C:\Program Files\FingerPrint\FingerPrintService.exe (Collobos Software)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (CinemaNow Service) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\WG311T13.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {D712F12C-ABCF-4523-8C25-371D9A76CF65}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{D712F12C-ABCF-4523-8C25-371D9A76CF65}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {D712F12C-ABCF-4523-8C25-371D9A76CF65}
IE - HKCU\..\SearchScopes\{D712F12C-ABCF-4523-8C25-371D9A76CF65}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en-GB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll (Fun Web Products, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Cameron\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:34:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox [2012/01/02 08:41:16 | 000,000,000 | ---D | M]

[2012/02/19 18:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cameron\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2012/04/24 13:31:27 | 000,000,821 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll (215 Apps)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Documents and Settings\Cameron\Application Data\Media Finder\Extensions\gencrawler_gc.dll ()
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.162\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE File not found
O4 - HKLM..\Run: [uipre] rundll32.exe "C:\DOCUME~1\Cameron\LOCALS~1\Temp\uipre.dll",Vec3TransformCoord File not found
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\My Program.lnk = C:\Program Files\FingerPrint\FingerPrint.exe (Collobos Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - mswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9210D3-7F9C-40FF-9F7F-CF323A108DC8}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3007A0C4-BDDD-4944-9B05-08349F4D2246}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4A02AAB-A392-4FBC-8929-A0CB65998009}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.162\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2009/09/03 19:25:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/23 03:54:10 | 000,000,090 | ---- | M] () - G:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{da2bafa4-554a-11e1-98d6-001a4d5bc8b9}\Shell - "" = AutoRun
O33 - MountPoints2\{da2bafa4-554a-11e1-98d6-001a4d5bc8b9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{da2bafa4-554a-11e1-98d6-001a4d5bc8b9}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e932da52-a3d1-11e0-86a0-000fb586c000}\Shell - "" = AutoRun
O33 - MountPoints2\{e932da52-a3d1-11e0-86a0-000fb586c000}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e932da52-a3d1-11e0-86a0-000fb586c000}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 21:57:31 | 000,295,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\dllcache\avgtdix.sys
[2012/04/26 21:57:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/26 07:37:06 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cameron\Desktop\OTL.exe
[2012/04/25 21:18:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/25 21:16:22 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cameron\Desktop\tdsskiller.exe
[2012/04/25 11:05:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cameron\Start Menu\Programs\Administrative Tools
[2012/04/25 11:04:35 | 000,301,608 | ---- | C] (Softonic) -- C:\Documents and Settings\Cameron\Desktop\SoftonicDownloader_for_erunt.exe
[2012/04/25 11:04:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Cameron\Desktop\dds.scr
[2012/04/24 13:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Local Settings\Application Data\NPE
[2012/04/24 13:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
[2012/04/24 13:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\COMODO
[2012/04/24 13:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Comodo
[2012/04/23 08:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Uqycux
[2012/04/23 08:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Rofeen
[2012/04/22 23:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Local Settings\Application Data\Identities
[2012/04/22 23:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Ypaxad
[2012/04/22 23:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Ydod
[2012/04/20 18:29:01 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Cameron\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/04/20 08:34:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cameron\Recent
[2012/04/20 08:23:16 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/04/20 08:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/04/20 08:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/04/20 07:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
[2012/04/17 08:41:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJFAX
[2012/04/17 08:40:16 | 001,347,584 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410C.dll
[2012/04/17 08:40:16 | 000,315,392 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410L.dll
[2012/04/17 08:40:16 | 000,114,688 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410I.dll
[2012/04/17 08:40:16 | 000,106,496 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410U.dll
[2012/04/17 08:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Canon Easy-WebPrint EX
[2012/04/17 08:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Canon Utilities
[2012/04/17 08:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Canon MX410 series Manual
[2012/04/17 08:32:02 | 000,257,024 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNCALAL.DLL
[2012/04/17 08:32:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2012/04/17 08:31:49 | 000,303,104 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLMAL.DLL
[2012/04/17 08:31:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2012/04/17 08:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Canon MX410 series
[2012/04/17 08:31:42 | 000,094,208 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC410O.dll
[2012/04/17 08:31:39 | 000,180,224 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIUAL.DLL
[2012/04/17 08:31:27 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/04/07 16:55:58 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/04/07 15:42:52 | 000,000,000 | ---D | C] -- C:\big w prints
[2012/04/07 15:07:12 | 000,000,000 | ---D | C] -- C:\Vuze
[2012/04/07 14:48:39 | 000,000,000 | ---D | C] -- C:\To Transfer
[2012/04/06 08:19:51 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/03 07:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
[2012/04/01 11:09:26 | 000,000,000 | R--D | C] -- C:\g on Home PC (B03f21ae66bf49c)
[2012/03/29 08:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
[2012/03/28 15:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Local Settings\Application Data\Plex
[2012/03/28 15:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Local Settings\Application Data\Deployment
[2012/03/28 15:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2012/03/28 15:19:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Local Settings\Application Data\Plex Media Server
[2012/03/28 15:19:01 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2012/03/28 15:18:44 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2012/03/28 15:18:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012/03/28 15:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Plex Media Server
[2012/03/28 15:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Start Menu\Programs\Plex Media Center
[2012/03/28 15:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Plex
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Cameron\My Documents\*.tmp files -> C:\Documents and Settings\Cameron\My Documents\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/27 00:29:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/27 00:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/26 22:13:36 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012/04/26 22:11:38 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/26 22:10:59 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 22:10:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/26 22:10:19 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/04/26 07:37:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cameron\Desktop\OTL.exe
[2012/04/26 03:00:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\ErrorEND.job
[2012/04/25 22:16:27 | 096,205,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/25 21:27:59 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/25 21:27:59 | 000,089,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/25 13:57:46 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cameron\Desktop\tdsskiller.exe
[2012/04/25 02:21:58 | 000,337,321 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\FSS-1.exe
[2012/04/24 13:31:27 | 000,000,821 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/24 13:26:43 | 000,000,821 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ccebak
[2012/04/24 10:03:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/23 11:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/20 18:51:05 | 000,210,411 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/20 18:29:02 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Cameron\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/04/17 08:35:44 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Canon Solution Menu EX.lnk
[2012/04/17 08:33:04 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\Cameron\My Documents\Canon MX410 series On-screen Manual.lnk
[2012/04/14 23:02:10 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/14 23:02:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/08 16:39:43 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Cameron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 14:01:03 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2012/04/03 07:36:13 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/03/30 18:37:06 | 000,000,386 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Shortcut to Local Disk (G).lnk
[2012/03/30 18:36:37 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Shortcut to Local Disk (C).lnk
[2012/03/28 15:17:38 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Documents and Settings\Cameron\My Documents\*.tmp files -> C:\Documents and Settings\Cameron\My Documents\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/25 17:35:59 | 000,337,321 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\FSS-1.exe
[2012/04/20 08:31:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/17 08:40:16 | 000,015,104 | ---- | C] () -- C:\WINDOWS\System32\CNC174ED.TBL
[2012/04/17 08:35:44 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Canon Solution Menu EX.lnk
[2012/04/17 08:33:04 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\Cameron\My Documents\Canon MX410 series On-screen Manual.lnk
[2012/04/09 15:48:25 | 646,063,278 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\lego.ninjago.masters.of.spinjitzu.s02e01.rise.of.the.snakes.mkv
[2012/04/07 14:01:03 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2012/04/06 08:19:54 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/03 07:36:13 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/03 07:35:41 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012/03/30 18:36:37 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Shortcut to Local Disk (C).lnk
[2012/03/30 18:27:08 | 000,000,386 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\Shortcut to Local Disk (G).lnk
[2012/03/28 15:24:18 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/28 15:24:18 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/16 13:58:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/23 19:01:25 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Cameron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/07 20:52:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/06/08 12:44:53 | 000,058,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/30 22:03:14 | 000,001,802 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/05/18 11:05:52 | 000,037,879 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Comma Separated Values (DOS).ADR
[2011/05/16 12:38:37 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2011/05/12 18:54:32 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/05/10 22:14:42 | 000,421,206 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\bdinstall.bin
[2011/05/10 14:33:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/10 14:32:28 | 000,276,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/10 07:09:15 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/05/10 07:07:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2011/05/10 06:51:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/10 06:44:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/16 11:44:51 | 000,269,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/10 12:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy >
"Asynchronous" = 1
"DllName" = %SystemRoot%\System32\dimsntfy.dll -- [2008/04/14 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation)
"Startup" = WlDimsStartup
"Shutdown" = WlDimsShutdown
"Logon" = WlDimsLogon
"Logoff" = WlDimsLogoff
"StartShell" = WlDimsStartShell
"Lock" = WlDimsLock
"Unlock" = WlDimsUnlock

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr /s >
"Type" = 2
"Start" = 0
"ErrorControl" = 1
"Tag" = 4
"ImagePath" = system32\DRIVERS\sr.sys -- [2008/04/14 20:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation)
"DisplayName" = System Restore Filter Driver
"Group" = FSFilter System Recovery
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters]
"FirstRun" = 0
"DontBackup" = 0
"MachineGuid" = {0D95BA26-366A-429A-9C57-0099E7D1AE60}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Enum]
"0" = Root\LEGACY_SR\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice /s >
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/04/14 20:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = System Restore Service
"DependOnService" = RpcSs [binary data] -- [2009/02/09 20:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice\Parameters]
"ServiceDll" = C:\WINDOWS\system32\srsvc.dll -- [2008/04/14 20:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice\Enum]
"0" = Root\LEGACY_SRSERVICE\0000
"Count" = 1
"NextInstance" = 1

< MD5 for: CRYPT32.DLL >
[2011/09/28 15:05:47 | 000,599,552 | ---- | M] (Microsoft Corporation) MD5=51DC06501A0B661F29D11DEA6AAA5C54 -- C:\WINDOWS\$hf_mig$\KB2641690\SP3QFE\crypt32.dll
[2011/09/28 15:06:50 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=A90E118F12D355F9946DFB30A8F94609 -- C:\WINDOWS\system32\crypt32.dll
[2011/09/28 15:06:50 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=A90E118F12D355F9946DFB30A8F94609 -- C:\WINDOWS\system32\dllcache\crypt32.dll
[2008/04/14 20:00:00 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=BDAAF79DD63F194434D31A74B9BB8B77 -- C:\WINDOWS\$NtUninstallKB2616676$\crypt32.dll
[2011/09/09 17:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) MD5=BE369DA2DDA97258303ABF1B36B40FA4 -- C:\WINDOWS\$NtUninstallKB2641690$\crypt32.dll
[2011/09/09 17:11:14 | 000,599,552 | ---- | M] (Microsoft Corporation) MD5=F43180E876714D97F69B8BA3ED725A04 -- C:\WINDOWS\$hf_mig$\KB2616676\SP3QFE\crypt32.dll
[2011/09/09 17:11:14 | 000,599,552 | ---- | M] (Microsoft Corporation) MD5=F43180E876714D97F69B8BA3ED725A04 -- C:\WINDOWS\$hf_mig$\KB2616676-v2\SP3QFE\crypt32.dll

< MD5 for: CRYPTNET.DLL >
[2008/04/14 20:00:00 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=C14350FC0D47D806699C4F907FC6785B -- C:\WINDOWS\system32\cryptnet.dll
[2008/04/14 20:00:00 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=C14350FC0D47D806699C4F907FC6785B -- C:\WINDOWS\system32\dllcache\cryptnet.dll

< MD5 for: CSCDLL.DLL >
[2008/04/14 20:00:00 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=515A7FAE2070C2B0242B2353443E2F11 -- C:\WINDOWS\system32\cscdll.dll
[2008/04/14 20:00:00 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=515A7FAE2070C2B0242B2353443E2F11 -- C:\WINDOWS\system32\dllcache\cscdll.dll

< MD5 for: DIGEST.DLL >
[2008/04/14 20:00:00 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=3D76DD0CBC536E0F8C45D23ED230BEB2 -- C:\WINDOWS\system32\digest.dll
[2008/04/14 20:00:00 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=3D76DD0CBC536E0F8C45D23ED230BEB2 -- C:\WINDOWS\system32\dllcache\digest.dll

< MD5 for: DIGEST.S >
[2009/02/12 17:35:52 | 000,002,836 | ---- | M] () MD5=4E3E56B2B91D5F57E1C2C6E90E7159AA -- C:\Documents and Settings\Cameron.old\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\digest.s
[2011/05/12 18:41:44 | 000,002,834 | ---- | M] () MD5=DA1E1CE86B6E20F66A558E8B032B2337 -- C:\Documents and Settings\Default User.WINDOWS\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\digest.s
[2011/05/12 18:41:44 | 000,002,834 | ---- | M] () MD5=DA1E1CE86B6E20F66A558E8B032B2337 -- C:\Program Files\Adobe\Flash Player\AddIns\airappinstaller\digest.s
[2011/05/12 18:41:44 | 000,002,834 | ---- | M] () MD5=DA1E1CE86B6E20F66A558E8B032B2337 -- C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\digest.s

< MD5 for: IGFXDEV.DLL >
[2005/09/20 08:31:28 | 000,135,168 | ---- | M] (Intel Corporation) MD5=09DC1F2A2293E5536FE31D23AF3E8C05 -- C:\Documents and Settings\Cameron\My Documents\Graphics\Win2000\igfxdev.dll
[2005/09/20 10:31:28 | 000,135,168 | ---- | M] (Intel Corporation) MD5=09DC1F2A2293E5536FE31D23AF3E8C05 -- C:\vga\Win2000\igfxdev.dll
[2007/12/19 11:07:04 | 000,208,896 | ---- | M] (Intel Corporation) MD5=F9D61CB86D7C30481276F52C4A9F4616 -- C:\WINDOWS\system32\DRVSTORE\igxp32_0E272D6868335A38C4748E51C535488334E7B295\igfxdev.dll
[2007/12/19 11:07:04 | 000,208,896 | ---- | M] (Intel Corporation) MD5=F9D61CB86D7C30481276F52C4A9F4616 -- C:\WINDOWS\system32\igfxdev.dll

< MD5 for: LOGONUI.EXE >
[2008/04/14 20:00:00 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=2081A5B5E4ABA206A0A8A1A97DF0FB23 -- C:\WINDOWS\system32\dllcache\logonui.exe
[2008/04/14 20:00:00 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=2081A5B5E4ABA206A0A8A1A97DF0FB23 -- C:\WINDOWS\system32\logonui.exe

< MD5 for: LOGONUI.EXE.MANIFEST >
[2011/05/10 06:46:17 | 000,000,488 | ---- | M] () MD5=5D76C3FB736514E1D7C88791E7322784 -- C:\WINDOWS\system32\logonui.exe.manifest

< MD5 for: LOGONUI.EXE-0AF22957.PF >
[2012/04/26 22:09:17 | 000,017,188 | ---- | M] () MD5=F21711A3B61327B0C83A5463D7D4BBAD -- C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf

< MD5 for: MSAPSSPC.DLL >
[2008/04/14 20:00:00 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=F24B12786D60A17008319E3F2AEE7799 -- C:\WINDOWS\system32\dllcache\msapsspc.dll
[2008/04/14 20:00:00 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=F24B12786D60A17008319E3F2AEE7799 -- C:\WINDOWS\system32\msapsspc.dll

< MD5 for: MSNSSPC.DLL >
[2008/04/14 20:00:00 | 000,290,816 | ---- | M] (Microsoft Corporation) MD5=A4388DF80E52695AE92EE5F3F61F1619 -- C:\WINDOWS\system32\dllcache\msnsspc.dll
[2008/04/14 20:00:00 | 000,290,816 | ---- | M] (Microsoft Corporation) MD5=A4388DF80E52695AE92EE5F3F61F1619 -- C:\WINDOWS\system32\msnsspc.dll

< MD5 for: SCHANNEL.DLL >
[2010/06/30 20:31:35 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=30ACE70B3C0242F0D1AC3B4FA708710F -- C:\WINDOWS\$NtUninstallKB2541763$\schannel.dll
[2011/04/30 01:23:45 | 000,151,552 | ---- | M] (Microsoft Corporation) MD5=6FD5EEC3703D7770C9029E774ACC2294 -- C:\WINDOWS\$hf_mig$\KB2541763\SP3QFE\schannel.dll
[2011/11/16 22:21:44 | 000,152,064 | ---- | M] (Microsoft Corporation) MD5=A645A78FCDABAD67067324D7E6CD9F79 -- C:\WINDOWS\system32\dllcache\schannel.dll
[2011/11/16 22:21:44 | 000,152,064 | ---- | M] (Microsoft Corporation) MD5=A645A78FCDABAD67067324D7E6CD9F79 -- C:\WINDOWS\system32\schannel.dll
[2011/04/30 01:25:27 | 000,151,552 | ---- | M] (Microsoft Corporation) MD5=ABEEDD547E939AD827B2E29DEC754206 -- C:\WINDOWS\$NtUninstallKB2585542$\schannel.dll
[2009/06/25 16:25:26 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=BFDECE69E293E6DB4E25DEF862418428 -- C:\WINDOWS\$NtUninstallKB980436$\schannel.dll
[2008/04/14 20:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=C61E8ECFFDBF05FF71D079BBD35396B3 -- C:\WINDOWS\$NtUninstallKB968389$\schannel.dll
[2011/11/16 22:20:51 | 000,152,064 | ---- | M] (Microsoft Corporation) MD5=D444009F7CD704C89F7F9E62396ED4F1 -- C:\WINDOWS\$hf_mig$\KB2585542\SP3QFE\schannel.dll
[2010/06/30 20:23:55 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=E04B6497B6407D2F444E86B30680DC5A -- C:\WINDOWS\$hf_mig$\KB980436\SP3QFE\schannel.dll
[2009/06/25 16:41:11 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=E513BA8BC33FD00F35D69659B478B1DF -- C:\WINDOWS\$hf_mig$\KB968389\SP3QFE\schannel.dll

< MD5 for: SCHANNEL.DLL.000 >
[2009/06/25 16:25:26 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=BFDECE69E293E6DB4E25DEF862418428 -- C:\WINDOWS\$NtUninstallKB980436$\schannel.dll.000

< MD5 for: SCLGNTFY.DLL >
[2008/04/14 20:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=63FF9068E5BDA0BC9ECD38FBBB216E24 -- C:\WINDOWS\system32\dllcache\sclgntfy.dll
[2008/04/14 20:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=63FF9068E5BDA0BC9ECD38FBBB216E24 -- C:\WINDOWS\system32\sclgntfy.dll

< MD5 for: WGALOGON.DLL >
[2009/03/10 22:18:00 | 000,239,496 | ---- | M] (Microsoft Corporation) MD5=02CF580510234E519736559A7F19EA20 -- C:\WINDOWS\system32\dllcache\wgaLogon.dll
[2009/03/10 22:18:00 | 000,239,496 | ---- | M] (Microsoft Corporation) MD5=02CF580510234E519736559A7F19EA20 -- C:\WINDOWS\system32\WgaLogon.dll

< MD5 for: WLNOTIFY.DLL >
[2008/04/14 20:00:00 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=2CC34E8BB667EEF78899546E12649196 -- C:\WINDOWS\system32\dllcache\wlnotify.dll
[2008/04/14 20:00:00 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=2CC34E8BB667EEF78899546E12649196 -- C:\WINDOWS\system32\dllcache\wlnotify.dll
[2008/04/14 20:00:00 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=2CC34E8BB667EEF78899546E12649196 -- C:\WINDOWS\system32\wlnotify.dll
[2008/04/14 20:00:00 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=2CC34E8BB667EEF78899546E12649196 -- C:\WINDOWS\system32\wlnotify.dll

< >

========== Files - Unicode (All) ==========
[2011/06/22 11:01:31 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Cameron\?????) -- C:\Documents and Settings\Cameron\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Cameron\My Documents\wg311t_5_0_setup.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Cameron\My Documents\avg_free_stb_all_2011_1382_cnet.exe:BDU

< End of report >

Hi jacknjaspa,



Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)or Link 2 (http://www.infospyware.net/antimalware/combofix/) to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to "Always ask me where to Save the files".

During the download, before you save it to your desktop, rename Combofix to jgh.exe


It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix



-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------

Double click on ComboFix.exe (jgh.exe in your case) & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.[/b]

Please post back with
combofix log
How is the computer?

Thanks

Hi there its taken a long time but finally gone thoguh to the following;
System file is infected!! Attempting to restore
"C:WINDOWS\system32\drivers\cdrom.sys"
Suceesfully restored:)


It's now been hanging on this for over 15 minutes.....do I just keep waiting?

Hope I haven't stuffed it up. I ended up closing the window as nothing happened for nearly 25 mins.

I had to restart the pc but cant find the combofix.txt file (did search on c drive but nothing there). Have i done something wrong?

Hi jacknjaspa,

Sometimes it takes quite a while for the log especially on a heavily infected machie. Have a look in C:\Qoobox for a file named ComboFix-quarantined-files.txt

If it's there please post it.

Rerun combofix, it may look like it's stalled but if there is any hint of hard drive activity it's still running. It may have fixed somethings in the first run and may run quicker this time.

Post the combofix log when you get it.

Ok. Back home form work & ran it again & just left it alone for half an hour. Came back & log.txt was opened & Im assuming this is the correct file (I hope so & sorry if its not.


ComboFix 12-04-26.01 - Cameron 27/04/2012 18:31:21.2.2 - x86
Running from: c:\documents and settings\Cameron\Desktop\jgh.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.ilg
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe
c:\documents and settings\Cameron.old\WINDOWS
c:\documents and settings\Cameron\My Documents\$AP318.tmp
c:\documents and settings\Cameron\My Documents\$AP3D1.tmp
c:\documents and settings\Cameron\My Documents\pub1DD.tmp
C:\install.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files\Internet Explorer\SET1D2.tmp
c:\program files\Internet Explorer\SET1FE.tmp
c:\program files\RewardsArcade
c:\program files\RewardsArcade\appAPIinternalWrapper.js
c:\program files\RewardsArcade\fb.js
c:\program files\RewardsArcade\jquery.js
c:\program files\RewardsArcade\json.js
c:\program files\RewardsArcade\RewardsArcade.dll
c:\program files\RewardsArcade\RewardsArcade.exe
c:\program files\RewardsArcade\Uninstall.exe
c:\program files\RewardsArcade\UserConfirmation.exe
C:\Thumbs.db
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\SET1C1.tmp
c:\windows\system32\SET1C2.tmp
c:\windows\system32\SET1C6.tmp
c:\windows\system32\SET1C7.tmp
c:\windows\system32\SET1C8.tmp
c:\windows\system32\SET1CC.tmp
c:\windows\system32\SET1CE.tmp
c:\windows\system32\SET203.tmp
c:\windows\system32\SET205.tmp
c:\windows\system32\SET209.tmp
c:\windows\system32\SET20A.tmp
c:\windows\system32\SET20B.tmp
c:\windows\system32\SET20F.tmp
c:\windows\system32\SET210.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
G:\AUTORUN.INF
.
-- Previous Run --
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP407\A0089135.sys
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-26 13:57 . 2012-04-26 13:57 -------- d-----w- C:\_OTL
2012-04-26 13:57 . 2011-07-10 17:14 295248 -c--a-w- c:\windows\system32\dllcache\avgtdix.sys
2012-04-25 13:18 . 2012-04-25 22:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 05:19 . 2012-04-24 05:20 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\NPE
2012-04-24 05:19 . 2012-04-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\COMODO
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\Cameron\Application Data\Comodo
2012-04-23 17:39 . 2012-04-23 17:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2012-04-23 00:07 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\Cameron\Application Data\Uqycux
2012-04-23 00:07 . 2012-04-23 00:07 -------- d-----w- c:\documents and settings\Cameron\Application Data\Rofeen
2012-04-22 15:48 . 2012-04-22 15:48 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\Identities
2012-04-22 15:47 . 2012-04-24 05:12 -------- d-----w- c:\documents and settings\Cameron\Application Data\Ydod
2012-04-22 15:47 . 2012-04-23 00:28 -------- d-----w- c:\documents and settings\Cameron\Application Data\Ypaxad
2012-04-20 00:23 . 2012-04-20 00:38 -------- d-----w- C:\sh4ldr
2012-04-20 00:23 . 2012-04-20 00:23 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21 . 2012-04-20 00:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21 . 2012-04-20 00:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-19 23:48 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41 . 2012-04-17 00:41 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJFAX
2012-04-17 00:40 . 2010-09-13 06:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:40 . 2010-09-13 06:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40 . 2010-09-13 06:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40 . 2010-09-06 09:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:36 . 2012-04-19 02:05 -------- d-----w- c:\documents and settings\Cameron\Application Data\Canon Easy-WebPrint EX
2012-04-17 00:32 . 2010-10-20 21:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:32 . 2012-04-17 00:32 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonBJ
2012-04-17 00:31 . 2010-09-19 21:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-04-17 00:31 . 2010-06-03 06:11 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\program files\CanonBJ
2012-04-07 08:55 . 2012-04-07 08:55 -------- d-----w- C:\found.000
2012-04-07 07:42 . 2012-04-07 07:45 -------- d-----w- C:\big w prints
2012-04-07 07:07 . 2012-04-19 02:23 -------- d-----w- C:\Vuze
2012-04-07 06:48 . 2012-04-07 06:57 -------- d-----w- C:\To Transfer
2012-04-06 00:19 . 2012-04-14 15:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09 . 2012-04-01 03:09 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 14:10 . 2011-04-04 16:59 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-04-25 13:22 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-04-25 13:22 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-14 15:02 . 2011-06-17 23:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01 . 2011-12-15 14:13 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01 . 2011-12-15 14:13 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02 . 2012-02-07 03:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-06 222504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Cameron\Start Menu\Programs\Startup\
My Program.lnk - c:\program files\FingerPrint\FingerPrint.exe [2012-2-15 924728]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-15 1503232]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\FingerPrint\\FingerPrintService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Center\\Plex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [23/06/2009 5:40 PM 127352]
R2 FingerPrint;FingerPrint Service;c:\program files\FingerPrint\FingerPrintService.exe -start --> c:\program files\FingerPrint\FingerPrintService.exe -start [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/04/2012 8:19 AM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/05/2011 7:04 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [15/12/2011 10:13 PM 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
sqlserveragent
AVCSTRM
websensecamreportserver
vsdatant
zendcoreapache
epson_pm_rpcv2_02
MRESP50a64
ami0nt
UPATC
proxyhostdriver
AlKernel
Xponaut_WBD
beatjammusicstreamingserver
s616mgmt
nod32krn
btfirst
cpqdmi
symantecantibotshim
NWSNS
cachemgr
enodpl
HssTrayService
deventagent
sbcssvc
Sk99202k
useraccess
phc600
ibmpmsvc
FETNDIS
rt73
antivirservice
stllssvr
flashcomadmin
papycpu2
pilogsrv
epsonbidirectionalagent
ibmfilter
lxby_device
sit_flt
EagleNT
mfeapfk
videoacceleratorengine
rslinxng
vmparport
BoiHwsetup
usbatapi2000
igniteservice.exe
bthidenum
ltxred
p2psvc
HPFECP20
IWCA
UDFReadr
wpshelper
serialkeys
cq_mem
fcprintservice
lxcj_device
CAMFLT
MSFWHLPR
pcscnsrv
uhcd
bcm43xx
61883
GT680x
oracleorahome92tnslistener
GTF32BUS
ibmpmdrv
IntelC53
FA312
ZuneWlanCfgSvc
spcsutilityservice
tzontservice
enxpsvc
HpqKbFiltr
3dkeybd
pshost
pdlnctdl
wlluc48
KMW_USB
aksusb
wlancfg
hsf_dp
moufiltr
mks_scan
dktknsrv
aswmon2
dot4print
EIO_XP
SE2Cmdm
snapman
Si3114r5
hidgame
dirms_defragmentation
elnkservice
DM9102
pdlnemsg
dnwhodisp
NCPro
upperdev
npfmntor
aslm75
lusbaudio
bhmonitorservice
SiRemFil
whoisd32
tfsnopio
CBN
se44mgmt
opcenum
ANC
appnnode
dlaudfam
AVerBDA
bglivesvc
ASMMAP
clisvc
snac
pepifilter
dtscsi
sprtsvc_ddoctorv2
NWADI
MSCamSvc
2wirepcp
freepops
USB_RNDIS
sandboxu
BrPar
scarddrv
wmccdsls
lxdm_device
StickyMesger
cmigameport
ixiaendpoint
Machnm32
symantecantibotdriver
bridgemp
driverhardwarev2
TMHIDSRV
dsbrokerservice
DCamUSBMke
ntiopnp
NxSysMon
pdengine
besclient
iaimfp2
pmsveh
SiSRaid2
DritekPortIO
sshrmd
sonytvc
pavdrv
nim32
scsiaccess
admjoy
ofcpfwsvc
ntsyslog
netdevio
mcvsrte
pnrouter
SrvcEPIOMngr
backuplauncher
ltmodem5
sbhooksvc
iaimtv2
HSFHWICH
belgium_id_card_service
ccalib8
tversitymediaserver
winachcf
susbser
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
napagent
hkmsvc
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:02]
.
2012-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
SafeBoot-38545416.sys
SafeBoot-51110031.sys
AddRemove-RewardsArcade - c:\program files\RewardsArcade\Uninstall.exe
AddRemove-Smart Fortress 2012 - c:\documents and settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E\F4D55F2C000BBBB74E027CC6D151FC4E.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-27 18:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\0b\0a;9»"
.
Completion time: 2012-04-27 18:48:30
ComboFix-quarantined-files.txt 2012-04-27 10:48
.
Pre-Run: 41,104,412,672 bytes free
Post-Run: 41,070,153,728 bytes free
.
- - End Of File - - 4B6E889FFFC861BD0EBE5A8BAE0C2BC0

I just went & checked the other folder that you told me to check & found the correct 1 (not sure what the last 1 I posted means?)

Pretty sure this is the correct one now.



2012-04-27 10:47:40 . 2012-04-27 10:47:40 1,306 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Smart Fortress 2012.reg.dat
2012-04-27 10:47:40 . 2012-04-27 10:47:40 638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-RewardsArcade.reg.dat
2012-04-27 10:47:31 . 2012-04-27 10:47:31 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-51110031.sys.reg.dat
2012-04-27 10:47:31 . 2012-04-27 10:47:31 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-38545416.sys.reg.dat
2012-04-27 10:47:22 . 2012-04-27 10:47:22 78 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2012-04-27 10:46:42 . 2012-04-27 10:46:42 373 ----a-w- C:\Qoobox\Quarantine\G\av1.zip
2012-04-27 10:46:42 . 2007-10-22 19:54:10 90 ----a-w- C:\Qoobox\Quarantine\G\AUTORUN.INF.vir
2012-04-27 01:30:58 . 2012-04-27 10:45:19 16,593 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-04-27 00:25:58 . 2012-04-27 10:30:04 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-01-02 00:41:15 . 2012-01-02 00:41:15 376,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\Uninstall.exe.vir
2011-11-03 17:39:18 . 2011-11-03 17:39:18 313,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\RewardsArcade.exe.vir
2011-11-03 17:38:44 . 2011-11-03 17:38:44 528,216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\RewardsArcade.dll.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 36,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\appAPIinternalWrapper.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 16,102 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\fb.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 172,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\jquery.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 10,795 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\json.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 2,512,384 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\UserConfirmation.exe.vir
2011-07-30 11:32:26 . 2011-07-30 11:32:24 113,664 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.ilg.vir
2011-07-30 11:29:20 . 2010-03-24 21:12:42 42,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe.vir
2011-07-30 11:23:28 . 2011-07-30 11:32:02 36,864 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe.vir
2011-07-30 11:22:21 . 2009-05-22 09:15:42 316,712 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe.vir
2011-07-30 11:19:54 . 2010-03-24 21:12:42 42,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 30,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 46,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 218,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir
2011-06-16 19:01:01 . 2011-02-22 23:06:28 247,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET1FE.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:28 11,080,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET203.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:28 1,991,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET205.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 602,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET209.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20A.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 5,962,240 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20B.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 1,210,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20F.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 916,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET210.tmp.vir
2011-06-16 05:23:43 . 2011-04-25 16:11:12 602,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C8.tmp.vir
2011-06-16 05:23:43 . 2011-04-25 16:11:12 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C7.tmp.vir
2011-06-16 05:23:42 . 2011-04-25 16:11:11 247,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET1D2.tmp.vir
2011-06-16 05:23:42 . 2011-04-25 16:11:12 916,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C1.tmp.vir
2011-06-16 05:23:41 . 2011-04-25 16:11:11 1,991,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1CC.tmp.vir
2011-06-16 05:23:41 . 2011-04-25 16:11:12 1,211,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C2.tmp.vir
2011-06-16 05:23:41 . 2011-05-30 22:19:48 5,964,800 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C6.tmp.vir
2011-05-12 22:52:39 . 2011-05-12 22:52:39 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
2011-05-12 22:52:39 . 2003-02-20 20:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:08:32 2,482,176 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:09:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:06:24 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:06:20 282,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
2011-04-26 02:11:12 . 2011-04-26 02:11:12 11,081,728 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1CE.tmp.vir
2010-11-14 12:38:53 . 2010-11-14 12:38:55 3,072 ----a-w- C:\Qoobox\Quarantine\C\Thumbs.db.vir
2009-09-04 12:37:03 . 2008-09-02 11:51:48 81,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\pub1DD.tmp.vir
2009-09-04 12:36:52 . 2007-10-15 21:25:35 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\$AP318.tmp.vir
2009-09-04 12:36:52 . 2007-10-17 21:31:19 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\$AP3D1.tmp.vir
2008-04-14 12:00:00 . 2008-04-14 12:00:00 551,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
2008-04-14 12:00:00 . 2008-04-14 12:00:00 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cdrom.sys.vir
2007-11-07 00:03:18 . 2007-11-07 00:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
2006-10-18 13:47:20 . 2006-10-18 13:47:20 8,231,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBE.tmp.vir
2003-02-20 21:16:08 . 2003-02-20 21:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir

Hi jacknjaspa,

You did fine. The first log you posted was the combofix log. It indicates that it was interupted during it's run. The second log is the quarantined files list. I asked for this just in case it was created and you couldn't get combofix to complete it's run.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE



Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"NetSvcs"=-
"NetSvcs"=hex(7):36,74,6F,34,00,41,70,70,4D,67,6D,74,00,41,\
75,64,69,6F,53,72,76,00,42,72,6F,77,73,65,72,00,43,72,79,70,74,53,76,\
63,00,44,4D,53,65,72,76,65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,\
76,65,6E,74,53,79,73,74,65,6D,00,46,61,73,74,55,73,65,72,53,77,69,74,\
63,68,69,6E,67,43,6F,6D,70,61,74,69,62,69,6C,69,74,79,00,48,69,64,53,\
65,72,76,00,49,61,73,00,49,70,72,69,70,00,49,72,6D,6F,6E,00,4C,61,6E,\
6D,61,6E,53,65,72,76,65,72,00,4C,61,6E,6D,61,6E,57,6F,72,6B,73,74,61,\
74,69,6F,6E,00,4D,65,73,73,65,6E,67,65,72,00,4E,65,74,6D,61,6E,00,4E,\
6C,61,00,4E,74,6D,73,73,76,63,00,4E,57,43,57,6F,72,6B,73,74,61,74,69,\
6F,6E,00,4E,77,73,61,70,61,67,65,6E,74,00,52,61,73,61,75,74,6F,00,52,\
61,73,6D,61,6E,00,52,65,6D,6F,74,65,61,63,63,65,73,73,00,53,63,68,65,\
64,75,6C,65,00,53,65,63,6C,6F,67,6F,6E,00,53,45,4E,53,00,53,68,61,72,\
65,64,61,63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,\
73,72,76,00,54,68,65,6D,65,73,00,54,72,6B,57,6B,73,00,57,33,32,54,69,\
6D,65,00,57,5A,43,53,56,43,00,57,6D,69,00,57,6D,64,6D,50,6D,53,70,00,77,\
69,6E,6D,67,6D,74,00,77,73,63,73,76,63,00,78,6D,6C,70,72,6F,76,00,6E,\
61,70,61,67,65,6E,74,00,68,6B,6D,73,76,63,00,42,49,54,53,00,77,75,61,\
75,73,65,72,76,00,53,68,65,6C,6C,48,57,44,65,74,65,63,74,69,6F,6E,00,68,\
65,6C,70,73,76,63,00,57,6D,64,6D,50,6D,53,4E,00,00

Driver::
sqlserveragent
AVCSTRM
websensecamreportserver
vsdatant
zendcoreapache
epson_pm_rpcv2_02
MRESP50a64
ami0nt
UPATC
proxyhostdriver
AlKernel
Xponaut_WBD
beatjammusicstreamingserver
s616mgmt
nod32krn
btfirst
cpqdmi
symantecantibotshim
NWSNS
cachemgr
enodpl
HssTrayService
deventagent
sbcssvc
Sk99202k
useraccess
phc600
ibmpmsvc
FETNDIS
rt73
antivirservice
stllssvr
flashcomadmin
papycpu2
pilogsrv
epsonbidirectionalagent
ibmfilter
lxby_device
sit_flt
EagleNT
mfeapfk
videoacceleratorengine
rslinxng
vmparport
BoiHwsetup
usbatapi2000
igniteservice.exe
bthidenum
ltxred
p2psvc
HPFECP20
IWCA
UDFReadr
wpshelper
serialkeys
cq_mem
fcprintservice
lxcj_device
CAMFLT
MSFWHLPR
pcscnsrv
uhcd
bcm43xx
61883
GT680x
oracleorahome92tnslistener
GTF32BUS
ibmpmdrv
IntelC53
FA312
ZuneWlanCfgSvc
spcsutilityservice
tzontservice
enxpsvc
HpqKbFiltr
3dkeybd
pshost
pdlnctdl
wlluc48
KMW_USB
aksusb
wlancfg
hsf_dp
moufiltr
mks_scan
dktknsrv
aswmon2
dot4print
EIO_XP
SE2Cmdm
snapman
Si3114r5
hidgame
dirms_defragmentation
elnkservice
DM9102
pdlnemsg
dnwhodisp
NCPro
upperdev
npfmntor
aslm75
lusbaudio
bhmonitorservice
SiRemFil
whoisd32
tfsnopio
CBN
se44mgmt
opcenum
ANC
appnnode
dlaudfam
AVerBDA
bglivesvc
ASMMAP
clisvc
snac
pepifilter
dtscsi
sprtsvc_ddoctorv2
NWADI
MSCamSvc
2wirepcp
freepops
USB_RNDIS
sandboxu
BrPar
scarddrv
wmccdsls
lxdm_device
StickyMesger
cmigameport
ixiaendpoint
Machnm32
symantecantibotdriver
bridgemp
driverhardwarev2
TMHIDSRV
dsbrokerservice
DCamUSBMke
ntiopnp
NxSysMon
pdengine
besclient
iaimfp2
pmsveh
SiSRaid2
DritekPortIO
sshrmd
sonytvc
pavdrv
nim32
scsiaccess
admjoy
ofcpfwsvc
ntsyslog
netdevio
mcvsrte
pnrouter
SrvcEPIOMngr
backuplauncher
ltmodem5
sbhooksvc
iaimtv2
HSFHWICH
belgium_id_card_service
ccalib8
tversitymediaserver
winachcf
susbser



In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Please post the combofix log.

How's the computer?

Ok, up & about (I'm in Western Australia) & did what you told me.

Heres the log. You asked hows the computer & seems OK but not sure what I'm looking for. Should I'm run an AVG scan? (FYI No AVG warnings have pooped up.....yet)


ComboFix 12-04-26.01 - Cameron 28/04/2012 6:12.3.2 - x86
Running from: c:\documents and settings\Cameron\Desktop\jgh.exe
Command switches used :: c:\documents and settings\Cameron\Desktop\CFscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_2WIREPCP
-------\Legacy_3DKEYBD
-------\Legacy_61883
-------\Legacy_ADMJOY
-------\Legacy_AKSUSB
-------\Legacy_ALKERNEL
-------\Legacy_AMI0NT
-------\Legacy_ANC
-------\Legacy_ANTIVIRSERVICE
-------\Legacy_APPNNODE
-------\Legacy_ASLM75
-------\Legacy_ASMMAP
-------\Legacy_ASWMON2
-------\Legacy_AVCSTRM
-------\Legacy_AVERBDA
-------\Legacy_BACKUPLAUNCHER
-------\Legacy_BCM43XX
-------\Legacy_BEATJAMMUSICSTREAMINGSERVER
-------\Legacy_BELGIUM_ID_CARD_SERVICE
-------\Legacy_BESCLIENT
-------\Legacy_BGLIVESVC
-------\Legacy_BHMONITORSERVICE
-------\Legacy_BOIHWSETUP
-------\Legacy_BRIDGEMP
-------\Legacy_BRPAR
-------\Legacy_BTFIRST
-------\Legacy_BTHIDENUM
-------\Legacy_CACHEMGR
-------\Legacy_CAMFLT
-------\Legacy_CBN
-------\Legacy_CCALIB8
-------\Legacy_CLISVC
-------\Legacy_CMIGAMEPORT
-------\Legacy_CPQDMI
-------\Legacy_CQ_MEM
-------\Legacy_DCAMUSBMKE
-------\Legacy_DEVENTAGENT
-------\Legacy_DIRMS_DEFRAGMENTATION
-------\Legacy_DKTKNSRV
-------\Legacy_DLAUDFAM
-------\Legacy_DM9102
-------\Legacy_DNWHODISP
-------\Legacy_DOT4PRINT
-------\Legacy_DRITEKPORTIO
-------\Legacy_DRIVERHARDWAREV2
-------\Legacy_DSBROKERSERVICE
-------\Legacy_DTSCSI
-------\Legacy_EAGLENT
-------\Legacy_EIO_XP
-------\Legacy_ELNKSERVICE
-------\Legacy_ENODPL
-------\Legacy_ENXPSVC
-------\Legacy_EPSONBIDIRECTIONALAGENT
-------\Legacy_EPSON_PM_RPCV2_02
-------\Legacy_FA312
-------\Legacy_FCPRINTSERVICE
-------\Legacy_FETNDIS
-------\Legacy_FLASHCOMADMIN
-------\Legacy_FREEPOPS
-------\Legacy_GT680X
-------\Legacy_GTF32BUS
-------\Legacy_HIDGAME
-------\Legacy_HPFECP20
-------\Legacy_HPQKBFILTR
-------\Legacy_HSFHWICH
-------\Legacy_HSF_DP
-------\Legacy_HSSTRAYSERVICE
-------\Legacy_IAIMFP2
-------\Legacy_IAIMTV2
-------\Legacy_IBMFILTER
-------\Legacy_IBMPMDRV
-------\Legacy_IBMPMSVC
-------\Legacy_IGNITESERVICE.EXE
-------\Legacy_INTELC53
-------\Legacy_IWCA
-------\Legacy_IXIAENDPOINT
-------\Legacy_KMW_USB
-------\Legacy_LTMODEM5
-------\Legacy_LTXRED
-------\Legacy_LUSBAUDIO
-------\Legacy_LXBY_DEVICE
-------\Legacy_LXCJ_DEVICE
-------\Legacy_LXDM_DEVICE
-------\Legacy_MACHNM32
-------\Legacy_MCVSRTE
-------\Legacy_MFEAPFK
-------\Legacy_MKS_SCAN
-------\Legacy_MOUFILTR
-------\Legacy_MRESP50A64
-------\Legacy_MSCAMSVC
-------\Legacy_MSFWHLPR
-------\Legacy_NCPRO
-------\Legacy_NETDEVIO
-------\Legacy_NIM32
-------\Legacy_NOD32KRN
-------\Legacy_NPFMNTOR
-------\Legacy_NTIOPNP
-------\Legacy_NTSYSLOG
-------\Legacy_NWADI
-------\Legacy_NWSNS
-------\Legacy_NXSYSMON
-------\Legacy_OFCPFWSVC
-------\Legacy_OPCENUM
-------\Legacy_ORACLEORAHOME92TNSLISTENER
-------\Legacy_P2PSVC
-------\Legacy_PAPYCPU2
-------\Legacy_PAVDRV
-------\Legacy_PCSCNSRV
-------\Legacy_PDENGINE
-------\Legacy_PDLNCTDL
-------\Legacy_PDLNEMSG
-------\Legacy_PEPIFILTER
-------\Legacy_PHC600
-------\Legacy_PILOGSRV
-------\Legacy_PMSVEH
-------\Legacy_PNROUTER
-------\Legacy_PROXYHOSTDRIVER
-------\Legacy_PSHOST
-------\Legacy_RSLINXNG
-------\Legacy_RT73
-------\Legacy_S616MGMT
-------\Legacy_SANDBOXU
-------\Legacy_SBCSSVC
-------\Legacy_SBHOOKSVC
-------\Legacy_SCARDDRV
-------\Legacy_SCSIACCESS
-------\Legacy_SE2CMDM
-------\Legacy_SE44MGMT
-------\Legacy_SERIALKEYS
-------\Legacy_SI3114R5
-------\Legacy_SIREMFIL
-------\Legacy_SISRAID2
-------\Legacy_SIT_FLT
-------\Legacy_SK99202K
-------\Legacy_SNAC
-------\Legacy_SNAPMAN
-------\Legacy_SONYTVC
-------\Legacy_SPCSUTILITYSERVICE
-------\Legacy_SPRTSVC_DDOCTORV2
-------\Legacy_SQLSERVERAGENT
-------\Legacy_SRVCEPIOMNGR
-------\Legacy_SSHRMD
-------\Legacy_STICKYMESGER
-------\Legacy_STLLSSVR
-------\Legacy_SUSBSER
-------\Legacy_SYMANTECANTIBOTDRIVER
-------\Legacy_SYMANTECANTIBOTSHIM
-------\Legacy_TFSNOPIO
-------\Legacy_TMHIDSRV
-------\Legacy_TVERSITYMEDIASERVER
-------\Legacy_TZONTSERVICE
-------\Legacy_UDFREADR
-------\Legacy_UHCD
-------\Legacy_UPATC
-------\Legacy_UPPERDEV
-------\Legacy_USBATAPI2000
-------\Legacy_USB_RNDIS
-------\Legacy_USERACCESS
-------\Legacy_VIDEOACCELERATORENGINE
-------\Legacy_VMPARPORT
-------\Legacy_VSDATANT
-------\Legacy_WEBSENSECAMREPORTSERVER
-------\Legacy_WHOISD32
-------\Legacy_WINACHCF
-------\Legacy_WLANCFG
-------\Legacy_WLLUC48
-------\Legacy_WMCCDSLS
-------\Legacy_WPSHELPER
-------\Legacy_XPONAUT_WBD
-------\Legacy_ZENDCOREAPACHE
-------\Legacy_ZUNEWLANCFGSVC
-------\Service_2wirepcp
-------\Service_3dkeybd
-------\Service_61883
-------\Service_admjoy
-------\Service_aksusb
-------\Service_AlKernel
-------\Service_ami0nt
-------\Service_ANC
-------\Service_antivirservice
-------\Service_appnnode
-------\Service_aslm75
-------\Service_ASMMAP
-------\Service_aswmon2
-------\Service_AVCSTRM
-------\Service_AVerBDA
-------\Service_backuplauncher
-------\Service_bcm43xx
-------\Service_beatjammusicstreamingserver
-------\Service_belgium_id_card_service
-------\Service_besclient
-------\Service_bglivesvc
-------\Service_bhmonitorservice
-------\Service_BoiHwsetup
-------\Service_bridgemp
-------\Service_BrPar
-------\Service_btfirst
-------\Service_bthidenum
-------\Service_cachemgr
-------\Service_CAMFLT
-------\Service_CBN
-------\Service_ccalib8
-------\Service_clisvc
-------\Service_cmigameport
-------\Service_cpqdmi
-------\Service_cq_mem
-------\Service_DCamUSBMke
-------\Service_deventagent
-------\Service_dirms_defragmentation
-------\Service_dlaudfam
-------\Service_DM9102
-------\Service_dnwhodisp
-------\Service_dot4print
-------\Service_DritekPortIO
-------\Service_driverhardwarev2
-------\Service_dsbrokerservice
-------\Service_dtscsi
-------\Service_EagleNT
-------\Service_EIO_XP
-------\Service_elnkservice
-------\Service_enodpl
-------\Service_enxpsvc
-------\Service_epson_pm_rpcv2_02
-------\Service_epsonbidirectionalagent
-------\Service_FA312
-------\Service_fcprintservice
-------\Service_FETNDIS
-------\Service_flashcomadmin
-------\Service_freepops
-------\Service_GT680x
-------\Service_GTF32BUS
-------\Service_hidgame
-------\Service_HPFECP20
-------\Service_HpqKbFiltr
-------\Service_hsf_dp
-------\Service_HSFHWICH
-------\Service_HssTrayService
-------\Service_iaimfp2
-------\Service_iaimtv2
-------\Service_ibmfilter
-------\Service_ibmpmdrv
-------\Service_ibmpmsvc
-------\Service_igniteservice.exe
-------\Service_IntelC53
-------\Service_IWCA
-------\Service_ixiaendpoint
-------\Service_KMW_USB
-------\Service_ltmodem5
-------\Service_ltxred
-------\Service_lusbaudio
-------\Service_lxby_device
-------\Service_lxcj_device
-------\Service_lxdm_device
-------\Service_Machnm32
-------\Service_mcvsrte
-------\Service_mfeapfk
-------\Service_mks_scan
-------\Service_moufiltr
-------\Service_MRESP50a64
-------\Service_MSCamSvc
-------\Service_MSFWHLPR
-------\Service_NCPro
-------\Service_netdevio
-------\Service_nim32
-------\Service_nod32krn
-------\Service_npfmntor
-------\Service_ntiopnp
-------\Service_ntsyslog
-------\Service_NWADI
-------\Service_NWSNS
-------\Service_NxSysMon
-------\Service_ofcpfwsvc
-------\Service_opcenum
-------\Service_oracleorahome92tnslistener
-------\Service_p2psvc
-------\Service_papycpu2
-------\Service_pavdrv
-------\Service_pcscnsrv
-------\Service_pdengine
-------\Service_pdlnctdl
-------\Service_pdlnemsg
-------\Service_pepifilter
-------\Service_phc600
-------\Service_pilogsrv
-------\Service_pmsveh
-------\Service_pnrouter
-------\Service_proxyhostdriver
-------\Service_pshost
-------\Service_rslinxng
-------\Service_rt73
-------\Service_s616mgmt
-------\Service_sandboxu
-------\Service_sbcssvc
-------\Service_sbhooksvc
-------\Service_scarddrv
-------\Service_scsiaccess
-------\Service_SE2Cmdm
-------\Service_se44mgmt
-------\Service_serialkeys
-------\Service_Si3114r5
-------\Service_SiRemFil
-------\Service_SiSRaid2
-------\Service_sit_flt
-------\Service_Sk99202k
-------\Service_snac
-------\Service_snapman
-------\Service_sonytvc
-------\Service_spcsutilityservice
-------\Service_sprtsvc_ddoctorv2
-------\Service_sqlserveragent
-------\Service_SrvcEPIOMngr
-------\Service_sshrmd
-------\Service_StickyMesger
-------\Service_stllssvr
-------\Service_susbser
-------\Service_symantecantibotdriver
-------\Service_symantecantibotshim
-------\Service_tfsnopio
-------\Service_TMHIDSRV
-------\Service_tversitymediaserver
-------\Service_tzontservice
-------\Service_UDFReadr
-------\Service_uhcd
-------\Service_UPATC
-------\Service_upperdev
-------\Service_USB_RNDIS
-------\Service_usbatapi2000
-------\Service_useraccess
-------\Service_videoacceleratorengine
-------\Service_vmparport
-------\Service_vsdatant
-------\Service_websensecamreportserver
-------\Service_whoisd32
-------\Service_winachcf
-------\Service_wlancfg
-------\Service_wlluc48
-------\Service_wmccdsls
-------\Service_wpshelper
-------\Service_Xponaut_WBD
-------\Service_zendcoreapache
-------\Service_ZuneWlanCfgSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-26 13:57 . 2012-04-26 13:57 -------- d-----w- C:\_OTL
2012-04-26 13:57 . 2011-07-10 17:14 295248 -c--a-w- c:\windows\system32\dllcache\avgtdix.sys
2012-04-25 13:18 . 2012-04-25 22:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 05:19 . 2012-04-24 05:20 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\NPE
2012-04-24 05:19 . 2012-04-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\COMODO
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\Cameron\Application Data\Comodo
2012-04-23 17:39 . 2012-04-23 17:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2012-04-23 00:07 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\Cameron\Application Data\Uqycux
2012-04-23 00:07 . 2012-04-23 00:07 -------- d-----w- c:\documents and settings\Cameron\Application Data\Rofeen
2012-04-22 15:48 . 2012-04-22 15:48 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\Identities
2012-04-22 15:47 . 2012-04-24 05:12 -------- d-----w- c:\documents and settings\Cameron\Application Data\Ydod
2012-04-22 15:47 . 2012-04-23 00:28 -------- d-----w- c:\documents and settings\Cameron\Application Data\Ypaxad
2012-04-20 00:23 . 2012-04-20 00:38 -------- d-----w- C:\sh4ldr
2012-04-20 00:23 . 2012-04-20 00:23 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21 . 2012-04-20 00:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21 . 2012-04-20 00:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-19 23:48 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41 . 2012-04-17 00:41 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJFAX
2012-04-17 00:40 . 2010-09-13 06:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:40 . 2010-09-13 06:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40 . 2010-09-13 06:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40 . 2010-09-06 09:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:36 . 2012-04-19 02:05 -------- d-----w- c:\documents and settings\Cameron\Application Data\Canon Easy-WebPrint EX
2012-04-17 00:32 . 2010-10-20 21:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:32 . 2012-04-17 00:32 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonBJ
2012-04-17 00:31 . 2010-09-19 21:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-04-17 00:31 . 2010-06-03 06:11 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\program files\CanonBJ
2012-04-07 08:55 . 2012-04-07 08:55 -------- d-----w- C:\found.000
2012-04-07 07:42 . 2012-04-07 07:45 -------- d-----w- C:\big w prints
2012-04-07 07:07 . 2012-04-19 02:23 -------- d-----w- C:\Vuze
2012-04-07 06:48 . 2012-04-07 06:57 -------- d-----w- C:\To Transfer
2012-04-06 00:19 . 2012-04-14 15:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09 . 2012-04-01 03:09 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 14:10 . 2011-04-04 16:59 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-04-25 13:22 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-04-25 13:22 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-14 15:02 . 2011-06-17 23:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01 . 2011-12-15 14:13 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01 . 2011-12-15 14:13 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02 . 2012-02-07 03:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_10.46.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-27 22:30 . 2012-04-27 22:30 16384 c:\windows\Temp\Perflib_Perfdata_8f8.dat
+ 2012-04-27 22:30 . 2009-10-06 17:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-06 222504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Cameron\Start Menu\Programs\Startup\
My Program.lnk - c:\program files\FingerPrint\FingerPrint.exe [2012-2-15 924728]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-15 1503232]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\FingerPrint\\FingerPrintService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Center\\Plex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [23/06/2009 5:40 PM 127352]
R2 FingerPrint;FingerPrint Service;c:\program files\FingerPrint\FingerPrintService.exe -start --> c:\program files\FingerPrint\FingerPrintService.exe -start [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/04/2012 8:19 AM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/05/2011 7:04 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [15/12/2011 10:13 PM 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:02]
.
2012-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-28 06:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\0b\0a;9»"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6040)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FingerPrint\FingerPrintService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2012-04-28 06:34:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 22:34
ComboFix2.txt 2012-04-27 10:48
.
Pre-Run: 41,058,344,960 bytes free
Post-Run: 40,950,337,536 bytes free
.
- - End Of File - - FD992461C2628152305169762D3AC99F

Spoke to soon, AVG threat detection warnings now popping up again

Hi jacknjaspa,

Please don't run an AVG. Antivrus programs have a habit od detecting and removing parts of the tools we use.

What is AVG detecting and what is the filename and path?

Please follow all previous instructions regarding security programs.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE



Folder::
c:\documents and settings\Cameron\Application Data\Uqycux
c:\documents and settings\Cameron\Application Data\Rofeen
c:\documents and settings\Cameron\Application Data\Ydod
c:\documents and settings\Cameron\Application Data\Ypaxad



In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Next

Download and save to your desktop Malwarebytes Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with
combofix log
MBAM log

Ok I'm not running AVG, when i disabled it earlier it does if form 15 mins so Im assuming it just starts again (not sure.?)

These are the warnings that popped up;
File name C;\windows\system32\VBUS.dll
Threat name idp.trojan.1C8D1A13

File name C;\windows\system32\snapman380.dll
Threat name idp.trojan.1C8D1A13

File name C;\windows\system32\setupnt.dll
Threat name idp.trojan.1C8D1A13

Ill do what you said again & post. (please let me know if i've missed something again or if i should may try to turn off or delete AVG for good?

Hi jacknjaspa,

Please continue with the rest of the instructions. Disabling AVG for the 15 minutes should be ok. It will restart on it's own.

2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ZuneWlanCfgSvc.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,670 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_zendcoreapache.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,646 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Xponaut_WBD.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,514 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wpshelper.reg.dat
2012-04-27 22:26:56 . 2012-04-27 22:26:56 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wmccdsls.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,494 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wlluc48.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wlancfg.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_winachcf.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,482 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_whoisd32.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,682 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_websensecamreportserver.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_vsdatant.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,536 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_vmparport.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,816 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_videoacceleratorengine.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 3,748 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_useraccess.reg.dat
2012-04-27 22:26:55 . 2012-04-27 22:26:55 4,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_usbatapi2000.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,794 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_USB_RNDIS.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_upperdev.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_UPATC.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,566 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_uhcd.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,476 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_UDFReadr.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,580 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_tzontservice.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,622 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_tversitymediaserver.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,552 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_TMHIDSRV.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_tfsnopio.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 4,070 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_symantecantibotshim.reg.dat
2012-04-27 22:26:54 . 2012-04-27 22:26:54 3,634 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_symantecantibotdriver.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,454 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_susbser.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,540 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_stllssvr.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,724 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_StickyMesger.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,592 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sshrmd.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SrvcEPIOMngr.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sqlserveragent.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,630 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sprtsvc_ddoctorv2.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,604 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_spcsutilityservice.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sonytvc.reg.dat
2012-04-27 22:26:53 . 2012-04-27 22:26:53 3,660 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_snapman.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_snac.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Sk99202k.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,494 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sit_flt.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,448 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SiSRaid2.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,572 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SiRemFil.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,662 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Si3114r5.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_serialkeys.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_se44mgmt.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,508 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SE2Cmdm.reg.dat
2012-04-27 22:26:52 . 2012-04-27 22:26:52 3,560 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_scsiaccess.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,540 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_scarddrv.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,472 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sbhooksvc.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,452 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sbcssvc.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,464 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_sandboxu.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,648 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_s616mgmt.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,472 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_rt73.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_rslinxng.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,498 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pshost.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,656 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_proxyhostdriver.reg.dat
2012-04-27 22:26:51 . 2012-04-27 22:26:51 3,512 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pnrouter.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pmsveh.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,490 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pilogsrv.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,458 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_phc600.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,598 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pepifilter.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,476 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pdlnemsg.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,466 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pdlnctdl.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,480 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pdengine.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,944 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pcscnsrv.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_pavdrv.reg.dat
2012-04-27 22:26:50 . 2012-04-27 22:26:50 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_papycpu2.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,566 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_p2psvc.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,646 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_oracleorahome92tnslistener.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_opcenum.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,830 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ofcpfwsvc.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NxSysMon.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,462 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NWSNS.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,538 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NWADI.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ntsyslog.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,494 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ntiopnp.reg.dat
2012-04-27 22:26:49 . 2012-04-27 22:26:49 3,640 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_npfmntor.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_nod32krn.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_nim32.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_netdevio.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,510 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NCPro.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,658 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MSFWHLPR.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MSCamSvc.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,560 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MRESP50a64.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,494 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_moufiltr.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,730 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_mks_scan.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_mfeapfk.reg.dat
2012-04-27 22:26:48 . 2012-04-27 22:26:48 3,546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_mcvsrte.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,832 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Machnm32.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,674 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lxdm_device.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lxcj_device.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,642 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lxby_device.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,514 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_lusbaudio.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,450 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ltxred.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ltmodem5.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_KMW_USB.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,592 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ixiaendpoint.reg.dat
2012-04-27 22:26:47 . 2012-04-27 22:26:47 3,558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_IWCA.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_IntelC53.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,664 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_igniteservice.exe.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,678 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ibmpmsvc.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ibmpmdrv.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,640 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ibmfilter.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,472 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_iaimtv2.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,650 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_iaimfp2.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,678 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_HssTrayService.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,524 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_HSFHWICH.reg.dat
2012-04-27 22:26:46 . 2012-04-27 22:26:46 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_hsf_dp.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,684 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_HpqKbFiltr.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_HPFECP20.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_hidgame.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_GTF32BUS.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_GT680x.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_freepops.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,790 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_flashcomadmin.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,480 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_FETNDIS.reg.dat
2012-04-27 22:26:45 . 2012-04-27 22:26:45 3,658 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_fcprintservice.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,460 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_FA312.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,770 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_epsonbidirectionalagent.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,574 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_epson_pm_rpcv2_02.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,482 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_enxpsvc.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_enodpl.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,524 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_elnkservice.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,568 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_EIO_XP.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,468 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_EagleNT.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dtscsi.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,526 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dsbrokerservice.reg.dat
2012-04-27 22:26:44 . 2012-04-27 22:26:44 3,692 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_driverhardwarev2.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,532 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_DritekPortIO.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dot4print.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dnwhodisp.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,628 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_DM9102.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,538 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dlaudfam.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,622 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_dirms_defragmentation.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,520 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_deventagent.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,490 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_DCamUSBMke.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cq_mem.reg.dat
2012-04-27 22:26:43 . 2012-04-27 22:26:43 3,544 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cpqdmi.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,536 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cmigameport.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,556 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_clisvc.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,520 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ccalib8.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_CBN.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,492 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_CAMFLT.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,480 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_cachemgr.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bthidenum.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,700 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_btfirst.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,670 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_BrPar.reg.dat
2012-04-27 22:26:42 . 2012-04-27 22:26:42 3,588 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bridgemp.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,504 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_BoiHwsetup.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,644 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bhmonitorservice.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,678 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bglivesvc.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,462 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_besclient.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,906 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_belgium_id_card_service.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,686 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_beatjammusicstreamingserver.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,516 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_bcm43xx.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,600 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_backuplauncher.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,502 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_AVerBDA.reg.dat
2012-04-27 22:26:41 . 2012-04-27 22:26:41 3,482 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_AVCSTRM.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,496 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_aswmon2.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,554 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ASMMAP.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,472 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_aslm75.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,490 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_appnnode.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_antivirservice.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,514 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ANC.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,506 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ami0nt.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,556 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_AlKernel.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,532 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_aksusb.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,498 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_admjoy.reg.dat
2012-04-27 22:26:40 . 2012-04-27 22:26:40 3,488 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_61883.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 3,452 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_3dkeybd.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 3,562 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_2wirepcp.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,096 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ZUNEWLANCFGSVC.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,096 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ZENDCOREAPACHE.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,084 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_XPONAUT_WBD.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WPSHELPER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WMCCDSLS.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WLLUC48.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WLANCFG.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WINACHCF.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WHOISD32.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,192 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WEBSENSECAMREPORTSERVER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_VSDATANT.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_VMPARPORT.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,184 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_VIDEOACCELERATORENGINE.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,056 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_USERACCESS.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,080 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_USB_RNDIS.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,138 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_USBATAPI2000.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UPPERDEV.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UPATC.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 992 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UHCD.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_UDFREADR.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,078 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TZONTSERVICE.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,144 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TVERSITYMEDIASERVER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TMHIDSRV.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TFSNOPIO.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,212 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SYMANTECANTIBOTSHIM.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SYMANTECANTIBOTDRIVER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,022 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SUSBSER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_STLLSSVR.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,092 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_STICKYMESGER.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SSHRMD.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,072 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SRVCEPIOMNGR.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SQLSERVERAGENT.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,128 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SPRTSVC_DDOCTORV2.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,136 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SPCSUTILITYSERVICE.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,042 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SONYTVC.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SNAPMAN.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SK99202K.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 998 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SNAC.reg.dat
2012-04-27 22:26:39 . 2012-04-27 22:26:39 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SIT_FLT.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SISRAID2.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SIREMFIL.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,054 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SI3114R5.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,058 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SERIALKEYS.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SE44MGMT.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SE2CMDM.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,058 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SCSIACCESS.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SCARDDRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SBHOOKSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,020 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SBCSSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SANDBOXU.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_S616MGMT.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 994 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_RT73.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_RSLINXNG.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PSHOST.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,106 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PROXYHOSTDRIVER.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PNROUTER.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PMSVEH.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PILOGSRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PHC600.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,062 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PEPIFILTER.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PDLNEMSG.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PDLNCTDL.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PDENGINE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PCSCNSRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PAVDRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_PAPYCPU2.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_P2PSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,214 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ORACLEORAHOME92TNSLISTENER.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_OPCENUM.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,090 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_OFCPFWSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NXSYSMON.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,006 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NWSNS.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,000 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NWADI.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NTSYSLOG.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NTIOPNP.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,044 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPFMNTOR.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NOD32KRN.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,012 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NIM32.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NETDEVIO.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NCPRO.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,050 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MSFWHLPR.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MSCAMSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,058 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MRESP50A64.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MOUFILTR.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MKS_SCAN.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MFEAPFK.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,080 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MACHNM32.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,032 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MCVSRTE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,078 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LXDM_DEVICE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,062 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LXCJ_DEVICE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LXBY_DEVICE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LUSBAUDIO.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LTXRED.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_LTMODEM5.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_KMW_USB.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,078 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IXIAENDPOINT.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IWCA.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_INTELC53.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,126 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IGNITESERVICE.EXE.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,046 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IBMPMSVC.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IBMPMDRV.reg.dat
2012-04-27 22:26:38 . 2012-04-27 22:26:38 1,056 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IBMFILTER.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IAIMTV2.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,030 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_IAIMFP2.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,106 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HSSTRAYSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HSFHWICH.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HSF_DP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,064 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HPQKBFILTR.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HPFECP20.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_HIDGAME.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_GTF32BUS.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_GT680X.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FREEPOPS.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,086 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FLASHCOMADMIN.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FETNDIS.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,108 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FCPRINTSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,004 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_FA312.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,120 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_EPSON_PM_RPCV2_02.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,198 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_EPSONBIDIRECTIONALAGENT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ENXPSVC.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ENODPL.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ELNKSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,020 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_EIO_XP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_EAGLENT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DTSCSI.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,130 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DRIVERHARDWAREV2.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,106 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DSBROKERSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,076 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DRITEKPORTIO.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,048 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DOT4PRINT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,048 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DNWHODISP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DM9102.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DLAUDFAM.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 806 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DKTKNSRV.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DIRMS_DEFRAGMENTATION.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,064 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DEVENTAGENT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,048 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_DCAMUSBMKE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CQ_MEM.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CPQDMI.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CMIGAMEPORT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CLISVC.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CCALIB8.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 990 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CBN.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CAMFLT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_CACHEMGR.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,044 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BTHIDENUM.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,044 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BTFIRST.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BRPAR.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,038 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BRIDGEMP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,050 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BOIHWSETUP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,120 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BHMONITORSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,068 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BGLIVESVC.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,042 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BESCLIENT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,216 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BELGIUM_ID_CARD_SERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,220 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BEATJAMMUSICSTREAMINGSERVER.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BCM43XX.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,098 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BACKUPLAUNCHER.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,024 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AVERBDA.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,026 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AVCSTRM.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ASMMAP.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ASWMON2.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ASLM75.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_APPNNODE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,098 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ANTIVIRSERVICE.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 988 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ANC.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,016 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AMI0NT.reg.dat
2012-04-27 22:26:37 . 2012-04-27 22:26:37 1,042 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ALKERNEL.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_AKSUSB.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,018 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_ADMJOY.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,008 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_61883.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,020 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_3DKEYBD.reg.dat
2012-04-27 22:26:36 . 2012-04-27 22:26:36 1,036 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_2WIREPCP.reg.dat
2012-04-27 22:12:27 . 2012-04-28 01:02:54 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-04-27 10:47:40 . 2012-04-27 10:47:40 1,306 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Smart Fortress 2012.reg.dat
2012-04-27 10:47:40 . 2012-04-27 10:47:40 638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-RewardsArcade.reg.dat
2012-04-27 10:47:31 . 2012-04-27 10:47:31 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-51110031.sys.reg.dat
2012-04-27 10:47:31 . 2012-04-27 10:47:31 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-38545416.sys.reg.dat
2012-04-27 10:47:22 . 2012-04-27 10:47:22 78 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-10.reg.dat
2012-04-27 10:46:42 . 2012-04-27 10:46:42 373 ----a-w- C:\Qoobox\Quarantine\G\av1.zip
2012-04-27 10:46:42 . 2007-10-22 19:54:10 90 ----a-w- C:\Qoobox\Quarantine\G\AUTORUN.INF.vir
2012-04-27 01:30:58 . 2012-04-28 01:17:02 16,497 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-04-27 00:25:58 . 2012-04-28 01:01:33 459 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-04-23 06:07:24 . 2012-04-23 06:07:24 734 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\Application Data\Ypaxad\dowii.xet.vir
2012-04-23 00:27:56 . 2012-04-23 00:27:56 745 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\Application Data\Ypaxad\dowii.tmp.vir
2012-02-26 00:53:08 . 2012-04-23 06:07:24 1,062 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\Application Data\Rofeen\koec.unf.vir
2012-01-02 00:41:15 . 2012-01-02 00:41:15 376,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\Uninstall.exe.vir
2011-11-03 17:39:18 . 2011-11-03 17:39:18 313,176 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\RewardsArcade.exe.vir
2011-11-03 17:38:44 . 2011-11-03 17:38:44 528,216 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\RewardsArcade.dll.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 36,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\appAPIinternalWrapper.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 16,102 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\fb.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 172,584 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\jquery.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 10,795 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\json.js.vir
2011-09-21 00:57:34 . 2011-09-21 00:57:34 2,512,384 ----a-w- C:\Qoobox\Quarantine\C\Program Files\RewardsArcade\UserConfirmation.exe.vir
2011-07-30 11:32:26 . 2011-07-30 11:32:24 113,664 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.ilg.vir
2011-07-30 11:29:20 . 2010-03-24 21:12:42 42,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe.vir
2011-07-30 11:23:28 . 2011-07-30 11:32:02 36,864 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe.vir
2011-07-30 11:22:21 . 2009-05-22 09:15:42 316,712 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe.vir
2011-07-30 11:19:54 . 2010-03-24 21:12:42 42,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS\Application Data\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 30,264 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 46,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir
2011-07-21 10:18:36 . 2011-07-21 10:18:36 218,664 ----a-w- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir
2011-06-16 19:01:01 . 2011-02-22 23:06:28 247,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET1FE.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:28 11,080,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET203.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:28 1,991,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET205.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 602,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET209.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20A.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 5,962,240 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20B.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 1,210,880 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET20F.tmp.vir
2011-06-16 19:01:00 . 2011-02-22 23:06:29 916,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET210.tmp.vir
2011-06-16 05:23:43 . 2011-04-25 16:11:12 602,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C8.tmp.vir
2011-06-16 05:23:43 . 2011-04-25 16:11:12 55,296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C7.tmp.vir
2011-06-16 05:23:42 . 2011-04-25 16:11:11 247,808 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\SET1D2.tmp.vir
2011-06-16 05:23:42 . 2011-04-25 16:11:12 916,480 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C1.tmp.vir
2011-06-16 05:23:41 . 2011-04-25 16:11:11 1,991,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1CC.tmp.vir
2011-06-16 05:23:41 . 2011-04-25 16:11:12 1,211,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C2.tmp.vir
2011-06-16 05:23:41 . 2011-05-30 22:19:48 5,964,800 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C6.tmp.vir
2011-05-12 22:52:39 . 2011-05-12 22:52:39 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.local.vir
2011-05-12 22:52:39 . 2003-02-20 20:42:22 348,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\msvcr71.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:08:32 2,482,176 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorwks.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:09:18 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscorsn.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:06:24 155,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\mscoree.dll.vir
2011-05-12 22:52:39 . 2003-02-20 11:06:20 282,624 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\fusion.dll.vir
2011-04-26 02:11:12 . 2011-04-26 02:11:12 11,081,728 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1CE.tmp.vir
2010-11-14 12:38:53 . 2010-11-14 12:38:55 3,072 ----a-w- C:\Qoobox\Quarantine\C\Thumbs.db.vir
2009-09-04 12:37:03 . 2008-09-02 11:51:48 81,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\pub1DD.tmp.vir
2009-09-04 12:36:52 . 2007-10-15 21:25:35 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\$AP318.tmp.vir
2009-09-04 12:36:52 . 2007-10-17 21:31:19 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Cameron\My Documents\$AP3D1.tmp.vir
2008-04-14 12:00:00 . 2008-04-14 12:00:00 551,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000006_.tmp.dll.vir
2008-04-14 12:00:00 . 2008-04-14 12:00:00 62,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cdrom.sys.vir
2007-11-07 00:03:18 . 2007-11-07 00:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
2006-10-18 13:47:20 . 2006-10-18 13:47:20 8,231,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SETBE.tmp.vir
2003-02-20 21:16:08 . 2003-02-20 21:16:08 49,152 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\URTTemp\regtlib.exe.vir

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.27.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Cameron :: B03F21AE66BF49C [administrator]

28/04/2012 9:38:35 AM
mbam-log-2012-04-28 (09-38-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316841
Time elapsed: 25 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 14
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498 (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Quarantined and deleted successfully.

Files Detected: 57
C:\Documents and Settings\Cameron\Application Data\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Desktop\SoftonicDownloader_for_erunt.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Local Settings\Temp\i4b472809738689536405.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Local Settings\Temp\i4b1979056293502111196.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Local Settings\Temp\khy8gcqy.tmp\installer_toggle_english.exe (PUP.SmsPay.pns) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Application Data\02000000ac7f4ed1579C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Application Data\02000000ac7f4ed1579O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Application Data\02000000ac7f4ed1579P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron.old\Application Data\02000000ac7f4ed1579S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Quarantined and deleted successfully.

(end)

Hi jacknjaspa,

The MBAM log looks good. The log you posted was the qurantine log. The log I need is the combofix log. You can find it on the C:\ drive it is named combofix.txt

Sorry about that. I'm at work, will do when I get home in couple hours

ComboFix 12-04-26.01 - Cameron 28/04/2012 9:02.4.2 - x86
Running from: c:\documents and settings\Cameron\Desktop\jgh.exe
Command switches used :: c:\documents and settings\Cameron\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Cameron\Application Data\Rofeen
c:\documents and settings\Cameron\Application Data\Rofeen\koec.unf
c:\documents and settings\Cameron\Application Data\Uqycux
c:\documents and settings\Cameron\Application Data\Ydod
c:\documents and settings\Cameron\Application Data\Ypaxad
c:\documents and settings\Cameron\Application Data\Ypaxad\dowii.tmp
c:\documents and settings\Cameron\Application Data\Ypaxad\dowii.xet
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-27 22:05 . 2012-04-27 22:34 -------- d-----w- C:\jgh
2012-04-26 13:57 . 2012-04-26 13:57 -------- d-----w- C:\_OTL
2012-04-26 13:57 . 2011-07-10 17:14 295248 -c--a-w- c:\windows\system32\dllcache\avgtdix.sys
2012-04-25 13:18 . 2012-04-25 22:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 05:19 . 2012-04-24 05:20 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\NPE
2012-04-24 05:19 . 2012-04-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\COMODO
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\Cameron\Application Data\Comodo
2012-04-23 17:39 . 2012-04-23 17:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2012-04-22 15:48 . 2012-04-22 15:48 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\Identities
2012-04-20 00:23 . 2012-04-20 00:38 -------- d-----w- C:\sh4ldr
2012-04-20 00:23 . 2012-04-20 00:23 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21 . 2012-04-20 00:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21 . 2012-04-20 00:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-19 23:48 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41 . 2012-04-17 00:41 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJFAX
2012-04-17 00:40 . 2010-09-13 06:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:40 . 2010-09-13 06:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40 . 2010-09-13 06:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40 . 2010-09-06 09:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:36 . 2012-04-19 02:05 -------- d-----w- c:\documents and settings\Cameron\Application Data\Canon Easy-WebPrint EX
2012-04-17 00:32 . 2010-10-20 21:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:32 . 2012-04-17 00:32 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonBJ
2012-04-17 00:31 . 2010-09-19 21:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-04-17 00:31 . 2010-06-03 06:11 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\program files\CanonBJ
2012-04-07 08:55 . 2012-04-07 08:55 -------- d-----w- C:\found.000
2012-04-07 07:42 . 2012-04-07 07:45 -------- d-----w- C:\big w prints
2012-04-07 07:07 . 2012-04-27 23:43 -------- d-----w- C:\Vuze
2012-04-07 06:48 . 2012-04-07 06:57 -------- d-----w- C:\To Transfer
2012-04-06 00:19 . 2012-04-14 15:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09 . 2012-04-01 03:09 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 14:10 . 2011-04-04 16:59 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-04-25 13:22 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-04-25 13:22 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-14 15:02 . 2011-06-17 23:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01 . 2011-12-15 14:13 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01 . 2011-12-15 14:13 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02 . 2012-02-07 03:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_10.46.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-28 01:01 . 2012-04-28 01:01 16384 c:\windows\Temp\Perflib_Perfdata_550.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-06 222504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Cameron\Start Menu\Programs\Startup\
My Program.lnk - c:\program files\FingerPrint\FingerPrint.exe [2012-2-15 924728]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-15 1503232]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\FingerPrint\\FingerPrintService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Center\\Plex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [23/06/2009 5:40 PM 127352]
R2 FingerPrint;FingerPrint Service;c:\program files\FingerPrint\FingerPrintService.exe -start --> c:\program files\FingerPrint\FingerPrintService.exe -start [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/04/2012 8:19 AM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/05/2011 7:04 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [15/12/2011 10:13 PM 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:02]
.
2012-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-28 09:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\0b\0a;9»"
.
Completion time: 2012-04-28 09:19:41
ComboFix-quarantined-files.txt 2012-04-28 01:19
ComboFix2.txt 2012-04-27 22:34
ComboFix3.txt 2012-04-27 10:48
.
Pre-Run: 40,304,840,704 bytes free
Post-Run: 40,337,424,384 bytes free
.
- - End Of File - - 564515F3D5A51A4F672DC22717D35676

Hi jacknjaspa,


Please follow all previous instructions regarding security programs.

Open a new Notepad session
Click the Start button, click run
in the run box type notepad
click ok
In the notepad, Click "Format" and be certain that Word Wrap is not checked.

Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE



File::
C:\windows\system32\us30service.dll
C:\windows\system32\msgame.dll
C:\windows\system32\irbus.dll
C:\windows\system32\PSDNServ.dll
C:\windows\system32\adobeversioncue.dll
C:\windows\system32\pid_0928.dll
C:\windows\system32\fetnd5bv.dll
C:\windows\system32\Machnm32.dll
C:\windows\system32\TeamViewer.dll
C:\windows\system32\DCamUSBSQTECH.dll
C:\windows\system32\WinVd32.dll
C:\windows\system32\sthda.dll
C:\windows\system32\mrpostman.dll
C:\windows\system32\asp.net_2.0.50727.dll
C:\windows\system32\tsircsrv.dll
C:\windows\system32\wusb54gv2svc.dll
C:\windows\system32\rpclocator.dll
C:\windows\system32\nvmd.dll
C:\windows\system32\AdfuUd.dll
C:\windows\system32\nvgts.dll
C:\windows\system32\pctavsvc.dll
C:\windows\system32\cccredmgr.dll
C:\windows\system32\EagleNT.dll
C:\windows\system32\ndasbus.dll
C:\windows\system32\hdaudbus.dll
C:\windows\system32\sentinelprotectionserver.dll
C:\windows\system32\yats32.dll
C:\windows\system32\LMIRfsClientNP.dll
C:\windows\system32\DgiVecp.dll
C:\windows\system32\ccevtmgr.dll
C:\windows\system32\bt.dll
C:\windows\system32\hap17v2k.dll
C:\windows\system32\AdobeActiveFileMonitor6.0.dll
C:\windows\system32\clipsrv.dll
C:\windows\system32\z800mdm.dll
C:\windows\system32\BrScnUsb.dll
C:\windows\system32\sr_service.dll
C:\windows\system32\clnt_clientman.dll
C:\windows\system32\s125mdm.dll
C:\windows\system32\W55U01.dll
C:\windows\system32\psdvdisk.dll
C:\windows\system32\qbposdbservices.dll
C:\windows\system32\NWUSBModem.dll
C:\windows\system32\CDRPDACC.dll
C:\windows\system32\U81xmgmt.dll
C:\windows\system32\Spsmqvsm.dll
C:\windows\system32\lanmanserver.dll
C:\windows\system32\ARCSOFTVIRTUALCAPTURE.dll
C:\windows\system32\tga.dll
C:\windows\system32\NWDHCP.dll
C:\windows\system32\pfmodnt.dll
C:\windows\system32\viaudio.dll
C:\windows\system32\ATMsrvc.dll
C:\windows\system32\ksthunk.dll
C:\windows\system32\bthusb.dll
C:\windows\system32\fsRamDsk.dll
C:\windows\system32\navapel.dll
C:\windows\system32\bt3cusb.dll
C:\windows\system32\p2pimsvc.dll
C:\windows\system32\MREMP50a64.dll
C:\windows\system32\oracle%oracle_home_service%clientcache80.dll
C:\windows\system32\websenselogserver.dll
C:\windows\system32\snareiis.dll
C:\windows\system32\SNP2STD.dll
C:\windows\system32\SetupNT.dll
C:\windows\system32\dnetc.dll
C:\windows\system32\RioS30.dll
C:\windows\system32\lxdm_device.dll
C:\windows\system32\cpsvc.dll
C:\windows\system32\iAimTV5.dll
C:\windows\system32\Wbutton.dll
C:\windows\system32\atitool.dll
C:\windows\system32\bvrp_pci.dll
C:\windows\system32\AmdLLD.dll
C:\windows\system32\CoolerXPDriver.dll
C:\windows\system32\adpu320.dll
C:\windows\system32\asusgsb.dll
C:\windows\system32\NWSNS.dll
C:\windows\system32\RR2Ctrl.dll
C:\windows\system32\ikhlayer.dll
C:\windows\system32\processor.dll
C:\windows\system32\2wirepcp.dll
C:\windows\system32\intelppm.dll
C:\windows\system32\vsbus.dll
C:\windows\system32\backupexecnamingservice.dll
C:\windows\system32\aswrdr.dll
C:\windows\system32\NSSvcMgr.dll
C:\windows\system32\RTLE8023xp.dll
C:\windows\system32\Xyz777s.dll
C:\windows\system32\USB_NDIS_51.dll
C:\windows\system32\amfilter.dll
C:\windows\system32\WUSB54Gv4SVC.dll
C:\windows\system32\bwcsrv.dll
C:\windows\system32\ultra.dll
C:\windows\system32\lwwlicenseservice.dll
C:\windows\system32\SiSRaid.dll
C:\windows\system32\idsvc.dll
C:\windows\system32\NuidFltr.dll
C:\windows\system32\NtMtlFax.dll
C:\windows\system32\wencrservice.dll
C:\windows\system32\ireike.dll
c:\windows\system32\sffdisk.dll
C:\windows\system32\i8042prt.dll
C:\windows\system32\msgame.dll
C:\windows\system32\rt61.dll
C:\windows\system32\spbbcsvc.dll
C:\windows\system32\stirusb.dll
C:\windows\system32\RivaTuner32.dll
C:\windows\system32\btserial.dll
C:\windows\system32\snapman380.dll
C:\windows\system32\lmimirr.dll
C:\windows\system32\TPECioCtl.dll
C:\windows\system32\UWProSys.dll
C:\windows\system32\avcgbfl.dll
C:\windows\system32\dns4meclient.dll
C:\windows\system32\sysaidagent.dll
C:\windows\system32\service.dll
C:\windows\system32\CoachUsb.dll
C:\windows\system32\pdlnshay.dll
C:\windows\system32\ghostsec.dll
C:\windows\system32\DSI_SiUSBXp_3_1.dll
C:\windows\system32\smapint.dll
C:\windows\system32\db2governor.dll
C:\windows\system32\AppnApi.dll
C:\windows\system32\ICAM5USB.dll
C:\windows\system32\om518p.dll
C:\windows\system32\protexislicensing.dll
C:\windows\system32\se59mgmt.dll
C:\windows\system32\ql12160.dll
C:\windows\system32\odysseyIM4.dll
C:\windows\system32\dlcc_device.dll
C:\windows\system32\DSXUSB.dll
C:\windows\system32\ctxcpubal.dll
C:\windows\system32\ipodsrv.dll
C:\windows\system32\NTIDrvr.dll
C:\windows\system32\msk80service.dll
C:\windows\system32\WinFl32.dll
C:\windows\system32\Sunkfiltp.dll
C:\windows\system32\lpx.dll
C:\windows\system32\pdlnafac.dll
C:\windows\system32\x10nets.dll
C:\windows\system32\nvrd64.dll
C:\windows\system32\rdpdr.dll
C:\windows\system32\nvata.dll
C:\windows\system32\retroexplauncher.dll
C:\windows\system32\twotrack.dll
C:\windows\system32\VC6SecS.dll
C:\windows\system32\aswrdr.dll
C:\windows\system32\nvedavt.dll
C:\windows\system32\LHidUsbK.dll
C:\windows\system32\statusagent4.dll
C:\windows\system32\SMNDIS5.dll
C:\windows\system32\edspport.dll
C:\windows\system32\wlancig.dll
C:\windows\system32\pdcomp.dll
C:\windows\system32\uagp35.dll
C:\windows\system32\rspndr.dll
C:\windows\system32\UNDPX2A.dll
C:\windows\system32\traprcvr.dll
C:\windows\system32\TPPWRIF.dll
C:\windows\system32\rimsptsk.dll
C:\windows\system32\pdiddcci.dll
C:\windows\system32\slabser.dll
C:\windows\system32\ppa3.dll
C:\windows\system32\messenger.dll
C:\windows\system32\rksample.dll
C:\windows\system32\roxliveshare9.dll
C:\windows\system32\Defrag32.dll
C:\windows\system32\prismxl.dll
C:\windows\system32\wfxsvc.dll


In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
Click save

Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Please post the combofix log.

How's the computer?

Any more AVG detections?

ComboFix 12-04-26.01 - Cameron 29/04/2012 8:52.6.2 - x86
Running from: c:\documents and settings\Cameron\Desktop\jgh.exe
Command switches used :: c:\documents and settings\Cameron\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\2wirepcp.dll"
"c:\windows\system32\AdfuUd.dll"
"c:\windows\system32\AdobeActiveFileMonitor6.0.dll"
"c:\windows\system32\adobeversioncue.dll"
"c:\windows\system32\adpu320.dll"
"c:\windows\system32\AmdLLD.dll"
"c:\windows\system32\amfilter.dll"
"c:\windows\system32\AppnApi.dll"
"c:\windows\system32\ARCSOFTVIRTUALCAPTURE.dll"
"c:\windows\system32\asp.net_2.0.50727.dll"
"c:\windows\system32\asusgsb.dll"
"c:\windows\system32\aswrdr.dll"
"c:\windows\system32\atitool.dll"
"c:\windows\system32\ATMsrvc.dll"
"c:\windows\system32\avcgbfl.dll"
"c:\windows\system32\backupexecnamingservice.dll"
"c:\windows\system32\BrScnUsb.dll"
"c:\windows\system32\bt.dll"
"c:\windows\system32\bt3cusb.dll"
"c:\windows\system32\bthusb.dll"
"c:\windows\system32\btserial.dll"
"c:\windows\system32\bvrp_pci.dll"
"c:\windows\system32\bwcsrv.dll"
"c:\windows\system32\cccredmgr.dll"
"c:\windows\system32\ccevtmgr.dll"
"c:\windows\system32\CDRPDACC.dll"
"c:\windows\system32\clipsrv.dll"
"c:\windows\system32\clnt_clientman.dll"
"c:\windows\system32\CoachUsb.dll"
"c:\windows\system32\CoolerXPDriver.dll"
"c:\windows\system32\cpsvc.dll"
"c:\windows\system32\ctxcpubal.dll"
"c:\windows\system32\db2governor.dll"
"c:\windows\system32\DCamUSBSQTECH.dll"
"c:\windows\system32\Defrag32.dll"
"c:\windows\system32\DgiVecp.dll"
"c:\windows\system32\dlcc_device.dll"
"c:\windows\system32\dnetc.dll"
"c:\windows\system32\dns4meclient.dll"
"c:\windows\system32\DSI_SiUSBXp_3_1.dll"
"c:\windows\system32\DSXUSB.dll"
"c:\windows\system32\EagleNT.dll"
"c:\windows\system32\edspport.dll"
"c:\windows\system32\fetnd5bv.dll"
"c:\windows\system32\fsRamDsk.dll"
"c:\windows\system32\ghostsec.dll"
"c:\windows\system32\hap17v2k.dll"
"c:\windows\system32\hdaudbus.dll"
"c:\windows\system32\i8042prt.dll"
"c:\windows\system32\iAimTV5.dll"
"c:\windows\system32\ICAM5USB.dll"
"c:\windows\system32\idsvc.dll"
"c:\windows\system32\ikhlayer.dll"
"c:\windows\system32\intelppm.dll"
"c:\windows\system32\ipodsrv.dll"
"c:\windows\system32\irbus.dll"
"c:\windows\system32\ireike.dll"
"c:\windows\system32\ksthunk.dll"
"c:\windows\system32\lanmanserver.dll"
"c:\windows\system32\LHidUsbK.dll"
"c:\windows\system32\lmimirr.dll"
"c:\windows\system32\LMIRfsClientNP.dll"
"c:\windows\system32\lpx.dll"
"c:\windows\system32\lwwlicenseservice.dll"
"c:\windows\system32\lxdm_device.dll"
"c:\windows\system32\Machnm32.dll"
"c:\windows\system32\messenger.dll"
"c:\windows\system32\MREMP50a64.dll"
"c:\windows\system32\mrpostman.dll"
"c:\windows\system32\msgame.dll"
"c:\windows\system32\msk80service.dll"
"c:\windows\system32\navapel.dll"
"c:\windows\system32\ndasbus.dll"
"c:\windows\system32\NSSvcMgr.dll"
"c:\windows\system32\NTIDrvr.dll"
"c:\windows\system32\NtMtlFax.dll"
"c:\windows\system32\NuidFltr.dll"
"c:\windows\system32\nvata.dll"
"c:\windows\system32\nvedavt.dll"
"c:\windows\system32\nvgts.dll"
"c:\windows\system32\nvmd.dll"
"c:\windows\system32\nvrd64.dll"
"c:\windows\system32\NWDHCP.dll"
"c:\windows\system32\NWSNS.dll"
"c:\windows\system32\NWUSBModem.dll"
"c:\windows\system32\odysseyIM4.dll"
"c:\windows\system32\om518p.dll"
"c:\windows\system32\oracle%oracle_home_service%clientcache80.dll"
"c:\windows\system32\p2pimsvc.dll"
"c:\windows\system32\pctavsvc.dll"
"c:\windows\system32\pdcomp.dll"
"c:\windows\system32\pdiddcci.dll"
"c:\windows\system32\pdlnafac.dll"
"c:\windows\system32\pdlnshay.dll"
"c:\windows\system32\pfmodnt.dll"
"c:\windows\system32\pid_0928.dll"
"c:\windows\system32\ppa3.dll"
"c:\windows\system32\prismxl.dll"
"c:\windows\system32\processor.dll"
"c:\windows\system32\protexislicensing.dll"
"c:\windows\system32\PSDNServ.dll"
"c:\windows\system32\psdvdisk.dll"
"c:\windows\system32\qbposdbservices.dll"
"c:\windows\system32\ql12160.dll"
"c:\windows\system32\rdpdr.dll"
"c:\windows\system32\retroexplauncher.dll"
"c:\windows\system32\rimsptsk.dll"
"c:\windows\system32\RioS30.dll"
"c:\windows\system32\RivaTuner32.dll"
"c:\windows\system32\rksample.dll"
"c:\windows\system32\roxliveshare9.dll"
"c:\windows\system32\rpclocator.dll"
"c:\windows\system32\RR2Ctrl.dll"
"c:\windows\system32\rspndr.dll"
"c:\windows\system32\rt61.dll"
"c:\windows\system32\RTLE8023xp.dll"
"c:\windows\system32\s125mdm.dll"
"c:\windows\system32\se59mgmt.dll"
"c:\windows\system32\sentinelprotectionserver.dll"
"c:\windows\system32\service.dll"
"c:\windows\system32\SetupNT.dll"
"c:\windows\system32\sffdisk.dll"
"c:\windows\system32\SiSRaid.dll"
"c:\windows\system32\slabser.dll"
"c:\windows\system32\smapint.dll"
"c:\windows\system32\SMNDIS5.dll"
"c:\windows\system32\snapman380.dll"
"c:\windows\system32\snareiis.dll"
"c:\windows\system32\SNP2STD.dll"
"c:\windows\system32\spbbcsvc.dll"
"c:\windows\system32\Spsmqvsm.dll"
"c:\windows\system32\sr_service.dll"
"c:\windows\system32\statusagent4.dll"
"c:\windows\system32\sthda.dll"
"c:\windows\system32\stirusb.dll"
"c:\windows\system32\Sunkfiltp.dll"
"c:\windows\system32\sysaidagent.dll"
"c:\windows\system32\TeamViewer.dll"
"c:\windows\system32\tga.dll"
"c:\windows\system32\TPECioCtl.dll"
"c:\windows\system32\TPPWRIF.dll"
"c:\windows\system32\traprcvr.dll"
"c:\windows\system32\tsircsrv.dll"
"c:\windows\system32\twotrack.dll"
"c:\windows\system32\U81xmgmt.dll"
"c:\windows\system32\uagp35.dll"
"c:\windows\system32\ultra.dll"
"c:\windows\system32\UNDPX2A.dll"
"c:\windows\system32\us30service.dll"
"c:\windows\system32\USB_NDIS_51.dll"
"c:\windows\system32\UWProSys.dll"
"c:\windows\system32\VC6SecS.dll"
"c:\windows\system32\viaudio.dll"
"c:\windows\system32\vsbus.dll"
"c:\windows\system32\W55U01.dll"
"c:\windows\system32\Wbutton.dll"
"c:\windows\system32\websenselogserver.dll"
"c:\windows\system32\wencrservice.dll"
"c:\windows\system32\wfxsvc.dll"
"c:\windows\system32\WinFl32.dll"
"c:\windows\system32\WinVd32.dll"
"c:\windows\system32\wlancig.dll"
"c:\windows\system32\wusb54gv2svc.dll"
"c:\windows\system32\WUSB54Gv4SVC.dll"
"c:\windows\system32\x10nets.dll"
"c:\windows\system32\Xyz777s.dll"
"c:\windows\system32\yats32.dll"
"c:\windows\system32\z800mdm.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-28 01:47 . 2012-04-28 01:47 -------- d-----w- C:\iso
2012-04-28 01:37 . 2012-04-28 01:37 -------- d-----w- c:\documents and settings\Cameron\Application Data\Malwarebytes
2012-04-28 01:37 . 2012-04-28 01:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2012-04-28 01:37 . 2012-04-28 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-28 01:37 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 22:05 . 2012-04-27 22:34 -------- d-----w- C:\jgh
2012-04-26 13:57 . 2012-04-26 13:57 -------- d-----w- C:\_OTL
2012-04-26 13:57 . 2011-07-10 17:14 295248 -c--a-w- c:\windows\system32\dllcache\avgtdix.sys
2012-04-25 13:18 . 2012-04-25 22:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-24 05:19 . 2012-04-24 05:20 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\NPE
2012-04-24 05:19 . 2012-04-24 05:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\COMODO
2012-04-24 05:08 . 2012-04-24 05:08 -------- d-----w- c:\documents and settings\Cameron\Application Data\Comodo
2012-04-23 17:39 . 2012-04-23 17:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2012-04-22 15:48 . 2012-04-22 15:48 -------- d-----w- c:\documents and settings\Cameron\Local Settings\Application Data\Identities
2012-04-20 00:23 . 2012-04-20 00:38 -------- d-----w- C:\sh4ldr
2012-04-20 00:23 . 2012-04-20 00:23 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21 . 2012-04-20 00:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21 . 2012-04-20 00:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-04-19 23:48 . 2012-04-24 07:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41 . 2012-04-17 00:41 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJFAX
2012-04-17 00:40 . 2010-09-13 06:44 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:40 . 2010-09-13 06:42 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40 . 2010-09-13 06:42 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40 . 2010-09-06 09:03 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:36 . 2012-04-19 02:05 -------- d-----w- c:\documents and settings\Cameron\Application Data\Canon Easy-WebPrint EX
2012-04-17 00:32 . 2010-10-20 21:00 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:32 . 2012-04-17 00:32 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonBJ
2012-04-17 00:31 . 2010-09-19 21:00 74752 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31 . 2010-09-19 21:00 28672 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-04-17 00:31 . 2010-06-03 06:11 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31 . 2010-09-07 01:58 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-17 00:31 . 2012-04-17 00:31 -------- d--h--w- c:\program files\CanonBJ
2012-04-07 08:55 . 2012-04-07 08:55 -------- d-----w- C:\found.000
2012-04-07 07:42 . 2012-04-07 07:45 -------- d-----w- C:\big w prints
2012-04-07 07:07 . 2012-04-28 01:46 -------- d-----w- C:\Vuze
2012-04-07 06:48 . 2012-04-07 06:57 -------- d-----w- C:\To Transfer
2012-04-06 00:19 . 2012-04-14 15:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09 . 2012-04-01 03:09 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 14:10 . 2011-04-04 16:59 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-04-25 13:22 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-04-25 13:22 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-14 15:02 . 2011-06-17 23:36 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01 . 2011-12-15 14:13 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01 . 2011-12-15 14:13 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02 . 2012-02-07 03:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ------w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_10.46.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-29 00:51 . 2012-04-29 00:51 16384 c:\windows\Temp\Perflib_Perfdata_70c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-06 222504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-06 19523104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-25 2569616]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Cameron\Start Menu\Programs\Startup\
My Program.lnk - c:\program files\FingerPrint\FingerPrint.exe [2012-2-15 924728]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-9-15 1503232]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\FingerPrint\\FingerPrintService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\Plex Media Server.exe"=
"c:\\Program Files\\Plex\\Plex Media Server\\PlexScriptHost.exe"=
"c:\\Program Files\\Plex\\Plex Media Center\\Plex.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [23/06/2009 5:40 PM 127352]
R2 FingerPrint;FingerPrint Service;c:\program files\FingerPrint\FingerPrintService.exe -start --> c:\program files\FingerPrint\FingerPrintService.exe -start [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/04/2012 8:19 AM 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/05/2011 7:04 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/03/2012 3:24 PM 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [15/12/2011 10:13 PM 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/05/2008 4:06 PM 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:02]
.
2012-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-28 07:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-29 09:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\0b\0a;9»"
.
Completion time: 2012-04-29 09:08:52
ComboFix-quarantined-files.txt 2012-04-29 01:08
ComboFix2.txt 2012-04-28 01:19
ComboFix3.txt 2012-04-27 22:34
ComboFix4.txt 2012-04-27 10:48
.
Pre-Run: 35,518,259,200 bytes free
Post-Run: 35,518,197,760 bytes free
.
- - End Of File - - DD853BF5336988CE58D449306C09E703

Hi jacknjaspa,

How's the computer? The logs look ok now.

Your java is out of date. Click your start button, open Control panel.
Locate the Java icon (it looks like a coffee cup)
double click it to open it
click the Update tab
Click update now


After the java is updated, reboot your computer if not prompted to.


Next

Next, Double click on OTL.exe
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :



:Services

:Commands
[emptytemp]
[createrestorepoint]


Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.

Please post the OTL fix log.


Next

One more scan to check our handiwork.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply

Note - when ESET doesn't find any threats, no report will be created.

Push the back button.
Push Finish
Re-enable your Antivirus software.



Please post back with the
OTL fix log
ESET log if there was one
Any issues?

OK ran it, when pc rebooted this opened in notepad
04292012_124540.log (cant find otl fix log?) Hope this is what your after?

All processes killed
========== SERVICES/DRIVERS ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Cameron
->Temp folder emptied: 858108 bytes
->Temporary Internet Files folder emptied: 35920 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 5411840 bytes
->Flash cache emptied: 0 bytes

User: Cameron.old
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 109563 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Hi jacknjaspa,

:bigthumb: Yes that's the log. Carry on with the ESET scan.

Ok heres the file. FYI when i enabled AVG agin 5 alerts popped up (i didnt run a scan)


C:\Documents and Settings\Cameron\Local Settings\Application Data\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application
C:\Documents and Settings\Cameron\Local Settings\Temporary Internet Files\Content.IE5\DRB0076F\download-k_4.3%20hack%20pack[2].html HTML/Hoax.FastDownload.A.Gen application
C:\Documents and Settings\Cameron\Local Settings\Temporary Internet Files\Content.IE5\TAFMOCGM\access-denied[2].html HTML/Hoax.FastDownload.A.Gen application
C:\Documents and Settings\Cameron\Local Settings\Temporary Internet Files\Content.IE5\TAFMOCGM\checkout[1].html HTML/Hoax.FastDownload.A.Gen application
C:\Documents and Settings\Cameron\Local Settings\Temporary Internet Files\Content.IE5\TAFMOCGM\en[1].txt HTML/Hoax.FastDownload.A.Gen application
C:\Documents and Settings\Cameron\My Documents\Manuals\installer_sony_vegas_pro_9_0e_(32_bits)_English.exe.download Win32/Toggle application
C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL.vir a variant of Win32/FunWeb.AA application
C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cdrom.sys.vir Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078648.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078649.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078650.dll a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078651.dll Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP339\A0078653.exe probably a variant of Win32/Toolbar.Babylon application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP408\A0092088.exe a variant of Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP410\A0092166.dll Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP410\A0092167.dll Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP410\A0092168.dll Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP410\A0092169.dll Win32/Toolbar.SearchSuite application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP414\A0095575.DLL a variant of Win32/FunWeb.AA application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP414\A0095576.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP414\A0095577.DLL Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP418\A0097765.exe Win32/Adware.MarketScore.A application
C:\System Volume Information\_restore{0D95BA26-366A-429A-9C57-0099E7D1AE60}\RP418\A0098233.exe a variant of Win32/SoftonicDownloader.A application
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0001\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0001\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0001\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0001\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\rtkt0002\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\25.04.2012_21.16.27\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan
C:\TDSSKiller_Quarantine\26.04.2012_06.39.30\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\26.04.2012_06.39.30\rtkt0001\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\26.04.2012_06.39.30\rtkt0002\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\26.04.2012_06.48.21\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\26.04.2012_22.07.36\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan

Hi jacknjaspa,

Most of the ESET detections are files we have quarantined or are in old system restore points. These will be removed when we remove the tools.

Where were the AVG detections?


Open OTL, check the box beside "scan all users" and click Run Scan. Please post the log.

This is what avg is detecting

File name c\windows\system32\snapman380.dll
Threat name idp.trojan.1c8d1a13

OTL logfile created on: 29/04/2012 10:21:31 PM - Run 3
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.36% Memory free
4.87 Gb Paging File | 3.64 Gb Available in Paging File | 74.78% Paging File free
Paging file location(s): C:\pagefile.sys 3100 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 30.72 Gb Free Space | 10.31% Space Free | Partition Type: NTFS
Drive D: | 0.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.86 Gb Total Space | 1.86 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive G: | 149.05 Gb Total Space | 75.93 Gb Free Space | 50.95% Space Free | Partition Type: NTFS

Computer Name: B03F21AE66BF49C | User Name: Cameron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Cameron\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\POWERISO\PWRISOVM.EXE (Power Software Ltd)
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.)
PRC - C:\Program Files\FingerPrint\FingerPrint.exe (Collobos Software)
PRC - C:\Program Files\FingerPrint\FingerPrintService.exe (Collobos Software)
PRC - C:\Program Files\AVG\AVG2012\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files\WinZip\WINZIP32.EXE (WinZip Computing, S.L.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\acs.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Safari\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Safari\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\FingerPrint\libcups2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files\WinZip\UNRAR.DLL ()
MOD - C:\Program Files\WinZip\LHA.DLL ()
MOD - C:\WINDOWS\system32\acs.exe ()


========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FingerPrint) -- C:\Program Files\FingerPrint\FingerPrintService.exe (Collobos Software)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (CinemaNow Service) -- C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Cameron\LOCALS~1\Temp\catchme.sys File not found
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (Power Software Ltd)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\WG311T13.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {D712F12C-ABCF-4523-8C25-371D9A76CF65}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{D712F12C-ABCF-4523-8C25-371D9A76CF65}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\..\SearchScopes,DefaultScope = {D712F12C-ABCF-4523-8C25-371D9A76CF65}
IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\..\SearchScopes\{D712F12C-ABCF-4523-8C25-371D9A76CF65}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en-GB
IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-179605362-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Cameron\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:34:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Documents and Settings\Cameron\Local Settings\Application Data\RewardsArcade\498\Firefox

[2012/02/19 18:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cameron\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2012/04/28 09:18:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.162\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe ()
O4 - Startup: C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\My Program.lnk = C:\Program Files\FingerPrint\FingerPrint.exe (Collobos Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-179605362-842925246-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C9210D3-7F9C-40FF-9F7F-CF323A108DC8}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4A02AAB-A392-4FBC-8929-A0CB65998009}: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\18.0.1025.162\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/03 19:25:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 15:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Desktop\Hack Pack 4.3
[2012/04/29 13:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\PowerISO
[2012/04/29 13:20:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\PowerISO
[2012/04/29 13:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\POWERISO
[2012/04/29 13:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Desktop\Mario.and.Sonic.at.the.London.2012.Olympic.Games.PAL.Wii-GLoBAL
[2012/04/29 13:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Start Menu\Programs\MagicDisc
[2012/04/29 13:06:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/04/29 13:06:36 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2012/04/29 12:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/29 12:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Desktop\New Folder
[2012/04/29 12:18:01 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/29 12:18:00 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/04/29 12:18:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/29 12:17:59 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/29 12:17:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/29 12:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Desktop\Mario and Sonoc at the London Olympics
[2012/04/29 12:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Start Menu\Programs\WinRAR
[2012/04/29 12:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\WinRAR
[2012/04/29 11:36:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/29 08:15:48 | 000,000,000 | ---D | C] -- C:\jgh8813j
[2012/04/28 09:47:31 | 000,000,000 | ---D | C] -- C:\iso
[2012/04/28 09:37:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Malwarebytes
[2012/04/28 09:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/28 09:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2012/04/28 09:37:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/28 09:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/28 09:36:09 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cameron\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/28 09:34:51 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cameron\My Documents\mbam-setup-1.61.0.1400.exe
[2012/04/28 07:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\WinRAR
[2012/04/28 06:05:50 | 000,000,000 | ---D | C] -- C:\jgh
[2012/04/27 08:31:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/27 08:26:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/27 08:26:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/27 08:26:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/27 08:26:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/27 08:25:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/27 08:25:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/27 08:20:40 | 004,477,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Cameron\Desktop\jgh.exe
[2012/04/27 08:18:52 | 000,978,283 | ---- | C] (Swearware) -- C:\Documents and Settings\Cameron\My Documents\jgh.exe.download
[2012/04/26 21:57:31 | 000,295,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\dllcache\avgtdix.sys
[2012/04/26 21:57:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/26 07:37:06 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cameron\Desktop\OTL.exe
[2012/04/25 21:18:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/25 21:16:22 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cameron\Desktop\tdsskiller.exe
[2012/04/25 11:05:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Cameron\Start Menu\Programs\Administrative Tools
[2012/04/25 11:04:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Cameron\Desktop\dds.scr
[2012/04/24 13:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Local Settings\Application Data\NPE
[2012/04/24 13:19:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
[2012/04/24 13:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\COMODO
[2012/04/24 13:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Comodo
[2012/04/22 23:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Local Settings\Application Data\Identities
[2012/04/20 18:29:01 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Cameron\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/04/20 08:34:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cameron\Recent
[2012/04/20 08:23:16 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/04/20 08:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/04/20 08:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/04/20 07:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\F4D55F2C000BBBB74E027CC6D151FC4E
[2012/04/19 11:57:38 | 000,113,072 | ---- | C] (Power Software Ltd) -- C:\WINDOWS\System32\drivers\scdemu.sys
[2012/04/17 08:41:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonIJFAX
[2012/04/17 08:40:16 | 001,347,584 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410C.dll
[2012/04/17 08:40:16 | 000,315,392 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410L.dll
[2012/04/17 08:40:16 | 000,114,688 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410I.dll
[2012/04/17 08:40:16 | 000,106,496 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC410U.dll
[2012/04/17 08:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cameron\Application Data\Canon Easy-WebPrint EX
[2012/04/17 08:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Canon Utilities
[2012/04/17 08:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Canon MX410 series Manual
[2012/04/17 08:32:02 | 000,257,024 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNCALAL.DLL
[2012/04/17 08:32:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
[2012/04/17 08:31:49 | 000,303,104 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLMAL.DLL
[2012/04/17 08:31:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2012/04/17 08:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Canon MX410 series
[2012/04/17 08:31:42 | 000,094,208 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC410O.dll
[2012/04/17 08:31:39 | 000,180,224 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMIUAL.DLL
[2012/04/17 08:31:27 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/04/07 16:55:58 | 000,000,000 | ---D | C] -- C:\found.000
[2012/04/07 15:42:52 | 000,000,000 | ---D | C] -- C:\big w prints
[2012/04/07 15:07:12 | 000,000,000 | ---D | C] -- C:\Vuze
[2012/04/07 14:48:39 | 000,000,000 | ---D | C] -- C:\To Transfer
[2012/04/06 08:19:51 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/03 07:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\iTunes
[2012/04/01 11:09:26 | 000,000,000 | R--D | C] -- C:\g on Home PC (B03f21ae66bf49c)

========== Files - Modified Within 30 Days ==========

[2012/04/29 22:29:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/29 22:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/29 17:52:48 | 096,579,315 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/29 17:52:04 | 000,212,262 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/29 15:38:52 | 000,221,411 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\USBLGX Forwarder.rar
[2012/04/29 15:29:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/29 15:08:19 | 112,798,463 | ---- | M] () -- C:\Documents and Settings\Cameron\My Documents\Hack Pack 4.3_Shadow29091.rar
[2012/04/29 13:58:40 | 001,055,504 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\wii.hack.pack.4.3.full.wma.exe
[2012/04/29 13:20:18 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\PowerISO.lnk
[2012/04/29 13:06:39 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/04/29 13:06:39 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\MagicDisc.lnk
[2012/04/29 12:48:56 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012/04/29 12:48:04 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/29 12:47:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/29 12:42:21 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2012/04/29 12:17:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/29 12:17:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/29 12:17:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/29 12:17:28 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/29 12:17:27 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/04/29 12:17:27 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/28 09:37:28 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/28 09:35:38 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cameron\My Documents\mbam-setup-1.61.0.1400.exe
[2012/04/28 09:35:38 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cameron\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/28 09:18:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/28 07:59:21 | 002,284,697 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\LetterBomb.zip
[2012/04/28 07:29:10 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\Mario and Sonoc at the London Olympics.iso
[2012/04/27 08:31:14 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2012/04/27 08:21:02 | 004,477,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Cameron\Desktop\jgh.exe
[2012/04/27 08:19:04 | 000,978,283 | ---- | M] (Swearware) -- C:\Documents and Settings\Cameron\My Documents\jgh.exe.download
[2012/04/26 22:10:19 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2012/04/26 07:37:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cameron\Desktop\OTL.exe
[2012/04/25 21:27:59 | 000,506,014 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/25 21:27:59 | 000,089,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/25 13:57:46 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cameron\Desktop\tdsskiller.exe
[2012/04/25 02:21:58 | 000,337,321 | ---- | M] () -- C:\Documents and Settings\Cameron\Desktop\FSS-1.exe
[2012/04/24 13:26:43 | 000,000,821 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ccebak
[2012/04/24 10:03:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/23 11:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/20 18:29:02 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Cameron\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/04/19 11:57:38 | 000,113,072 | ---- | M] (Power Software Ltd) -- C:\WINDOWS\System32\drivers\scdemu.sys
[2012/04/17 08:35:44 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Canon Solution Menu EX.lnk
[2012/04/17 08:33:04 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\Cameron\My Documents\Canon MX410 series On-screen Manual.lnk
[2012/04/14 23:02:10 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/14 23:02:10 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/08 16:39:43 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Cameron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 14:01:03 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/03 07:36:13 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/04/29 15:38:51 | 000,221,411 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\USBLGX Forwarder.rar
[2012/04/29 14:48:11 | 112,798,463 | ---- | C] () -- C:\Documents and Settings\Cameron\My Documents\Hack Pack 4.3_Shadow29091.rar
[2012/04/29 13:58:33 | 001,055,504 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\wii.hack.pack.4.3.full.wma.exe
[2012/04/29 13:24:15 | 405,012,479 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\ind-nsmb-pal(compress)(patched)_Fel347.iso
[2012/04/29 13:20:18 | 000,000,725 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\PowerISO.lnk
[2012/04/29 13:06:39 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Cameron\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/04/29 13:06:39 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\MagicDisc.lnk
[2012/04/29 12:42:21 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2012/04/28 09:37:28 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/28 07:59:10 | 002,284,697 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\LetterBomb.zip
[2012/04/28 07:29:10 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\Mario and Sonoc at the London Olympics.iso
[2012/04/27 08:31:14 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2012/04/27 08:31:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/27 08:26:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/27 08:26:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/27 08:26:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/27 08:26:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/27 08:26:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/25 17:35:59 | 000,337,321 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\FSS-1.exe
[2012/04/20 08:31:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/17 08:40:16 | 000,015,104 | ---- | C] () -- C:\WINDOWS\System32\CNC174ED.TBL
[2012/04/17 08:35:44 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Canon Solution Menu EX.lnk
[2012/04/17 08:33:04 | 000,002,010 | ---- | C] () -- C:\Documents and Settings\Cameron\My Documents\Canon MX410 series On-screen Manual.lnk
[2012/04/09 15:48:25 | 646,063,278 | ---- | C] () -- C:\Documents and Settings\Cameron\Desktop\lego.ninjago.masters.of.spinjitzu.s02e01.rise.of.the.snakes.mkv
[2012/04/07 14:01:03 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2012/04/06 08:19:54 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/03 07:36:13 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/03 07:35:41 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2012/02/16 13:58:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/23 19:01:25 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Cameron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/07 20:52:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/06/08 12:44:53 | 000,058,424 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/30 22:03:14 | 000,001,802 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/05/18 11:05:52 | 000,037,879 | ---- | C] () -- C:\Documents and Settings\Cameron\Application Data\Comma Separated Values (DOS).ADR
[2011/05/16 12:38:37 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2011/05/12 18:54:32 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/05/10 22:14:42 | 000,421,206 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\bdinstall.bin
[2011/05/10 14:33:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/10 14:32:28 | 000,276,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/10 07:09:15 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/05/10 07:07:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2011/05/10 06:51:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/10 06:44:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/16 11:44:51 | 000,269,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/10 12:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

========== Files - Unicode (All) ==========
[2011/06/22 11:01:31 | 000,000,000 | ---- | M] ()(C:\Documents and Settings\Cameron\?????) -- C:\Documents and Settings\Cameron\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Cameron\Desktop\ind-nsmb-pal(compress)(patched)_Fel347.iso:SummaryInformation
@Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Cameron\My Documents\wg311t_5_0_setup.exe:BDU
@Alternate Data Stream - 10 bytes -> C:\Documents and Settings\Cameron\My Documents\avg_free_stb_all_2011_1382_cnet.exe:BDU

< End of report >

Hi jacknjaspa,

That was one of files we had in the last combofix fix. I don't know wht combofix didn't see it or remove it.

Let's try this and see if we can uncover them.


Next

Please open OTL.


Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)

In the window under Custom Scans/Fixes copy and paste the following


/md5start
SiSRaid.dll
slabser.dll
smapint.dll
SMNDIS5.dll
snapman380.dll
/md5stop



Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

OTL logfile created on: 29/04/2012 10:47:55 PM - Run 3
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.46% Memory free
4.87 Gb Paging File | 4.12 Gb Available in Paging File | 84.61% Paging File free
Paging file location(s): C:\pagefile.sys 3100 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 30.73 Gb Free Space | 10.31% Space Free | Partition Type: NTFS
Drive D: | 0.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.86 Gb Total Space | 1.86 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive G: | 149.05 Gb Total Space | 75.93 Gb Free Space | 50.95% Space Free | Partition Type: NTFS

Computer Name: B03F21AE66BF49C | User Name: Cameron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< End of report >

Hi jacknjaspa,

None of our tools seem to be able to see the files. Does AVG give you an exact location of the file(s)?

No (but I'm not sure where to look either?)

FYI........other than these keep popping up, pc appears to be running fine

Hi jacknjaspa,

Is there a log or report tab/button in AVG?

When you get a popup from AVG what is all the information in the popup?

We'll try another tool. This may take several minutes to complete.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield
Do not copy the word CODE , please note the script starts with the :

:filefind
us30service.dll
msgame.dll
irbus.dll
PSDNServ.dll
adobeversioncue.dll
pid_0928.dll
fetnd5bv.dll
Machnm32.dll
TeamViewer.dll
DCamUSBSQTECH.dll
WinVd32.dll
sthda.dll
mrpostman.dll
asp.net_2.0.50727.dll
tsircsrv.dll
wusb54gv2svc.dll
rpclocator.dll
nvmd.dll
AdfuUd.dll
nvgts.dll
pctavsvc.dll
cccredmgr.dll
EagleNT.dll
ndasbus.dll
hdaudbus.dll
sentinelprotectionserver.dll
yats32.dll
LMIRfsClientNP.dll
DgiVecp.dll
ccevtmgr.dll
bt.dll
hap17v2k.dll
AdobeActiveFileMonitor6.0.dll
clipsrv.dll
z800mdm.dll
BrScnUsb.dll
sr_service.dll
clnt_clientman.dll
s125mdm.dll
W55U01.dll
psdvdisk.dll
qbposdbservices.dll
NWUSBModem.dll
CDRPDACC.dll
U81xmgmt.dll
Spsmqvsm.dll
lanmanserver.dll
ARCSOFTVIRTUALCAPTURE.dll
tga.dll
NWDHCP.dll
pfmodnt.dll
viaudio.dll
ATMsrvc.dll
ksthunk.dll
bthusb.dll
fsRamDsk.dll
navapel.dll
bt3cusb.dll
p2pimsvc.dll
MREMP50a64.dll
oracle%oracle_home_service%clientcache80.dll
websenselogserver.dll
snareiis.dll
SNP2STD.dll
SetupNT.dll
dnetc.dll
RioS30.dll
lxdm_device.dll
cpsvc.dll
iAimTV5.dll
Wbutton.dll
atitool.dll
bvrp_pci.dll
AmdLLD.dll
CoolerXPDriver.dll
adpu320.dll
asusgsb.dll
NWSNS.dll
RR2Ctrl.dll
ikhlayer.dll
processor.dll
2wirepcp.dll
intelppm.dll
vsbus.dll
backupexecnamingservice.dll
aswrdr.dll
NSSvcMgr.dll
RTLE8023xp.dll
Xyz777s.dll
USB_NDIS_51.dll
amfilter.dll
WUSB54Gv4SVC.dll
bwcsrv.dll
ultra.dll
lwwlicenseservice.dll
SiSRaid.dll
idsvc.dll
NuidFltr.dll
NtMtlFax.dll
wencrservice.dll
ireike.dll
sffdisk.dll
i8042prt.dll
msgame.dll
rt61.dll
spbbcsvc.dll
stirusb.dll
RivaTuner32.dll
btserial.dll
snapman380.dll
lmimirr.dll
TPECioCtl.dll
UWProSys.dll
avcgbfl.dll
dns4meclient.dll
sysaidagent.dll
service.dll
CoachUsb.dll
pdlnshay.dll
ghostsec.dll
DSI_SiUSBXp_3_1.dll
smapint.dll
db2governor.dll
AppnApi.dll
ICAM5USB.dll
om518p.dll
protexislicensing.dll
se59mgmt.dll
ql12160.dll
odysseyIM4.dll
dlcc_device.dll
DSXUSB.dll
ctxcpubal.dll
ipodsrv.dll
NTIDrvr.dll
msk80service.dll
WinFl32.dll
Sunkfiltp.dll
lpx.dll
pdlnafac.dll
x10nets.dll
nvrd64.dll
rdpdr.dll
nvata.dll
retroexplauncher.dll
twotrack.dll
VC6SecS.dll
aswrdr.dll
nvedavt.dll
LHidUsbK.dll
statusagent4.dll
SMNDIS5.dll
edspport.dll
wlancig.dll
pdcomp.dll
uagp35.dll
rspndr.dll
UNDPX2A.dll
traprcvr.dll
TPPWRIF.dll
rimsptsk.dll
pdiddcci.dll
slabser.dll
ppa3.dll
messenger.dll
rksample.dll
roxliveshare9.dll
Defrag32.dll
prismxl.dll
wfxsvc.dllIn the notepad

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt