Solved trojan horse virus , cant remove

davee · 2012/05/26

[Resolved] trojan horse virus , cant remove

hi recently ran my AVG and getting infections AVG removing or healing but not all saying cant remove or unhealedsome of them , plus when browsing can hear hard drive churning away quite rapidly at times the trojan horse that comes up in scans is : trojan horse PSW agent .Avet / ARMw any help would be appreciated ty .cheers Dave

here are logs requested ...
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4423

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/25/2012 5:05:29 PM
mbam-log-2012-05-25 (17-05-29).txt

Scan type: Quick scan
Objects scanned: 132946
Time elapsed: 14 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-26 02:27:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160212A rev.3.AAJ
Running: kd9qsw7v.exe; Driver: C:\DOCUME~1\Dave\LOCALS~1\Temp\pggirfow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xA5A4A004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xA5A4A0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA5A49D76]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA87F9640]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA5A49EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA5A49F56]

---- Kernel code sections - GMER 1.0.15 ----

? RGRCZ@J@ The filename, directory name, or volume label syntax is incorrect. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F2C000, 0x1C5D38, 0xE8000020]
? system32\drivers\xpsec.sys The system cannot find the path specified. !
? system32\drivers\xcpip.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[784] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D69D85
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[784] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D698B1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[784] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D69C37
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[784] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D69A03
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[784] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D69AD6
.text C:\Program Files\AVG\AVG2012\avgtray.exe[788] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02939D85
.text C:\Program Files\AVG\AVG2012\avgtray.exe[788] WS2_32.dll!send 71AB4C27 5 Bytes JMP 029398B1
.text C:\Program Files\AVG\AVG2012\avgtray.exe[788] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02939C37
.text C:\Program Files\AVG\AVG2012\avgtray.exe[788] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02939A03
.text C:\Program Files\AVG\AVG2012\avgtray.exe[788] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02939AD6
.text C:\WINDOWS\system32\winlogon.exe[864] Secur32.dll!LsaLogonUser 77FE33F1 5 Bytes JMP 01662C81
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1384] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01989D85
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1384] WS2_32.dll!send 71AB4C27 5 Bytes JMP 019898B1
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1384] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01989C37
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1384] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01989A03
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[1384] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01989AD6
.text C:\WINDOWS\Explorer.EXE[1812] USER32.dll!DisplayExitWindowsWarnings 7E459F91 5 Bytes JMP 00EB2A93
.text C:\WINDOWS\Explorer.EXE[1812] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DC9D85
.text C:\WINDOWS\Explorer.EXE[1812] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DC98B1
.text C:\WINDOWS\Explorer.EXE[1812] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DC9C37
.text C:\WINDOWS\Explorer.EXE[1812] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DC9A03
.text C:\WINDOWS\Explorer.EXE[1812] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DC9AD6
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2268] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 023B9D85
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2268] WS2_32.dll!send 71AB4C27 5 Bytes JMP 023B98B1
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2268] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 023B9C37
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2268] WS2_32.dll!recv 71AB676F 5 Bytes JMP 023B9A03
.text C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe[2268] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 023B9AD6
.text C:\WINDOWS\System32\alg.exe[2408] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B99D85
.text C:\WINDOWS\System32\alg.exe[2408] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B998B1
.text C:\WINDOWS\System32\alg.exe[2408] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B99C37
.text C:\WINDOWS\System32\alg.exe[2408] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B99A03
.text C:\WINDOWS\System32\alg.exe[2408] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B99AD6
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2564] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 037D9D85
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2564] WS2_32.dll!send 71AB4C27 5 Bytes JMP 037D98B1
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2564] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 037D9C37
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2564] WS2_32.dll!recv 71AB676F 5 Bytes JMP 037D9A03
.text C:\Program Files\AVG\AVG2012\avgwdsvc.exe[2564] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 037D9AD6
.text C:\Program Files\Opera\opera.exe[2780] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03749D85
.text C:\Program Files\Opera\opera.exe[2780] WS2_32.dll!send 71AB4C27 5 Bytes JMP 037498B1
.text C:\Program Files\Opera\opera.exe[2780] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03749C37
.text C:\Program Files\Opera\opera.exe[2780] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03749A03
.text C:\Program Files\Opera\opera.exe[2780] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 03749AD6
.text C:\Program Files\Java\jre6\bin\jqs.exe[2864] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01349D85
.text C:\Program Files\Java\jre6\bin\jqs.exe[2864] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013498B1
.text C:\Program Files\Java\jre6\bin\jqs.exe[2864] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01349C37
.text C:\Program Files\Java\jre6\bin\jqs.exe[2864] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01349A03
.text C:\Program Files\Java\jre6\bin\jqs.exe[2864] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01349AD6
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011E9D85
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011E98B1
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 011E9C37
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011E9A03
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2924] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011E9AD6
.text C:\WINDOWS\system32\ZuneBusEnum.exe[3204] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E09D85
.text C:\WINDOWS\system32\ZuneBusEnum.exe[3204] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E098B1
.text C:\WINDOWS\system32\ZuneBusEnum.exe[3204] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E09C37
.text C:\WINDOWS\system32\ZuneBusEnum.exe[3204] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E09A03
.text C:\WINDOWS\system32\ZuneBusEnum.exe[3204] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E09AD6
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[3384] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E89D85
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[3384] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E898B1
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[3384] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E89C37
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[3384] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E89A03
.text C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe[3384] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E89AD6
.text C:\WINDOWS\System32\dmadmin.exe[3624] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC9D85
.text C:\WINDOWS\System32\dmadmin.exe[3624] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BC98B1
.text C:\WINDOWS\System32\dmadmin.exe[3624] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BC9C37
.text C:\WINDOWS\System32\dmadmin.exe[3624] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BC9A03
.text C:\WINDOWS\System32\dmadmin.exe[3624] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BC9AD6

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP1T1L0-17 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP0T0L0-3 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdePort0 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdePort1 RGRCZ@J@
Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP1T0L0-f RGRCZ@J@

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\runonceex\1428@rdghixrd "C:\ComboFix\CF19866.cfxxe" /c "C:\ComboFix\Combobatch.bat "

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-26 16:25:50
-----------------------------
16:25:50.656 OS Version: Windows 5.1.2600 Service Pack 3
16:25:50.656 Number of processors: 2 586 0x409
16:25:50.656 ComputerName: HOME-8WI9D3OO4Q UserName: Dave
16:25:51.359 Initialize success
16:26:03.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:26:03.421 Disk 0 Vendor: ST3160212A 3.AAJ Size: 152626MB BusType: 3
16:26:03.421 Device owAZEVAoRGRCZ -> DriverStartIo RGRCZ@J@ b9f12864
16:26:03.437 Disk 0 MBR read successfully
16:26:03.437 Disk 0 MBR scan
16:26:03.437 Disk 0 Windows XP default MBR code found via API
16:26:03.437 Disk 0 unknown MBR code
16:26:03.437 Disk 0 MBR hidden
16:26:03.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40000 MB offset 63
16:26:03.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 112624 MB offset 81920160
16:26:03.468 Disk 0 scanning sectors +312575760
16:26:03.500 Disk 0 malicious Win32:MBRoot code @ sector 312575763 !
16:26:03.500 Disk 0 PE file @ sector 312575785 !
16:26:03.500 Disk 0 MBR [Win32:MBRoot] **ROOTKIT**
16:26:03.500 Disk 0 trace - called modules:
16:26:03.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8aad4000]<<
16:26:03.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aacdab8]
16:26:03.515 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aac2030]
16:26:03.515 Scan finished successfully
16:26:22.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dave\Desktop\MBR.dat "
16:26:22.687 The log file has been saved successfully to "C:\Documents and Settings\Dave\Desktop\aswMBR.txt "

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Dave at 16:26:58 on 2012-05-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1316 [GMT 10:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/webhp?hl=en
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [<NO NAME>]
uRun: [ABBYY Screenshot Reader Bonus]
uRun: [EPSON TX120 NX120 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiggp.exe /fu "c:\windows\temp\E_S180.tmp" /EF "HKCU "
uRun: [ctfmon] c:\windows\system32\ctfmon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C687FC78-6223-4254-B99A-EA64B89C1DE1} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-2 116608]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 gupdate1c9c932a0f8aaae;Google Update Service (gupdate1c9c932a0f8aaae);c:\program files\google\update\GoogleUpdate.exe [2009-4-30 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-30 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2001-8-23 14336]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-8 14904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler; [x]
S4 AntiVirService;Avira AntiVir Guard; [x]
.
=============== Created Last 30 ================
.
2012-05-06 06:55:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-06 06:55:16 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-05-13 04:29:00 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-13 04:28:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 06:55:00 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-18 18:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-07 23:44:26 4125344 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-03-18 19:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 16:28:03.81 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/10/2009 11:26:46 AM
System Uptime: 5/26/2012 4:20:06 PM (0 hours ago)
.
Motherboard: | | P4M800Pro-8237
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Socket 775 | 3066/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 12.218 GiB free.
D: is FIXED (NTFS) - 110 GiB total, 27.32 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP441: 3/28/2012 7:18:38 PM - System Checkpoint
RP442: 3/29/2012 5:48:31 PM - Installed Windows XP winusb0100.
RP443: 3/30/2012 5:40:24 PM - Removed Cooliris for Internet Explorer
RP444: 3/30/2012 5:40:50 PM - Removed Bonjour
RP445: 3/31/2012 6:49:57 PM - System Checkpoint
RP446: 4/1/2012 6:59:15 PM - System Checkpoint
RP447: 4/5/2012 10:04:18 PM - System Checkpoint
RP448: 4/8/2012 4:44:30 PM - System Checkpoint
RP449: 4/9/2012 6:12:20 PM - System Checkpoint
RP450: 4/11/2012 1:24:31 PM - System Checkpoint
RP451: 4/12/2012 3:45:04 PM - System Checkpoint
RP452: 4/12/2012 5:07:21 PM - Software Distribution Service 3.0
RP453: 4/14/2012 3:23:06 PM - System Checkpoint
RP454: 4/15/2012 3:46:03 PM - System Checkpoint
RP455: 4/16/2012 4:24:17 PM - System Checkpoint
RP456: 4/17/2012 9:45:46 PM - System Checkpoint
RP457: 4/18/2012 11:39:03 PM - System Checkpoint
RP458: 4/20/2012 1:09:07 PM - System Checkpoint
RP459: 4/22/2012 10:21:18 AM - System Checkpoint
RP460: 4/24/2012 6:41:44 PM - System Checkpoint
RP461: 4/25/2012 8:16:10 PM - System Checkpoint
RP462: 4/26/2012 8:21:05 PM - System Checkpoint
RP463: 4/28/2012 12:40:44 PM - System Checkpoint
RP464: 4/29/2012 1:19:48 PM - System Checkpoint
RP465: 4/30/2012 7:54:52 PM - System Checkpoint
RP466: 5/2/2012 9:45:30 PM - System Checkpoint
RP467: 5/4/2012 5:58:55 PM - System Checkpoint
RP468: 5/5/2012 6:18:19 PM - System Checkpoint
RP469: 5/6/2012 4:54:23 PM - Removed Java(TM) 6 Update 24
RP470: 5/6/2012 4:54:54 PM - Installed Java(TM) 6 Update 32
RP471: 5/9/2012 6:05:58 PM - Installed AVG 2012
RP472: 5/9/2012 6:09:19 PM - Removed AVG 2012
RP473: 5/10/2012 7:48:59 PM - System Checkpoint
RP474: 5/13/2012 1:14:46 PM - Software Distribution Service 3.0
RP475: 5/16/2012 7:20:23 PM - System Checkpoint
RP476: 5/20/2012 1:21:42 PM - System Checkpoint
RP477: 5/22/2012 5:26:04 PM - Restore Operation
RP478: 5/22/2012 5:33:27 PM - Restore Operation
RP479: 5/22/2012 7:47:03 PM - Restore Operation
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG 2012
AVG PC Tuneup 2011
C-Media WDM Audio Driver
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Corel Uninstaller
D-Link VGA Webcam
Dulux MyColour4
DVD Photo Slideshow Pro 7.97
DVDFab 7.0.8.2 (17/07/2010)
e-tax 2009
e-tax 2010
e-tax 2011
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON Scan
EPSON TX120 NX120 Series Manual
EPSON TX120 NX120 Series Printer Uninstall
Express Burn Disc Burning Software
Foxit Reader
Golden Records Vinyl to CD Converter
Google Earth
Google Update Helper
GTK2-Runtime
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 32
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
Nero Suite
NETGEAR WG311v3 PCI Adapter
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Nokia Software Updater
Opera 11.64
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PhotoStage Slideshow Producer
Platform
PowerDVD
Prism Video File Converter
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Secunia PSI
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Segoe UI
Skins
Skype Click to Call
Skypeâ„¢ 5.5
SUPERAntiSpyware Free Edition
Switch Sound File Converter
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
VIA Platform Device Manager
WavePad Sound Editor
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Mobile Device Updater Component
Windows XP Service Pack 3
WinZip
WOT for Internet Explorer
Yahoo!7 Messenger
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
5/25/2012 4:41:24 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
5/22/2012 7:39:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/22/2012 5:57:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/21/2012 7:39:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
5/21/2012 7:39:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2012 7:39:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2012 7:39:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2012 7:39:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2012 7:39:07 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/21/2012 6:46:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/21/2012 10:34:04 PM, error: xcpip [4199] -
5/21/2012 10:34:04 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.1 with the system having network hardware address D4:20:6D:70:B7:2E. Network operations on this system may be disrupted as a result.
5/21/2012 10:29:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/21/2012 10:27:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================

broni · 2012/05/26

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================================================

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

davee · 2012/05/26

hi Broni thanks for the quick reply here is TDSSKiller log..

08:44:38.0062 2152 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
08:44:40.0062 2152 ============================================================
08:44:40.0062 2152 Current date / time: 2012/05/27 08:44:40.0062
08:44:40.0062 2152 SystemInfo:
08:44:40.0062 2152
08:44:40.0062 2152 OS Version: 5.1.2600 ServicePack: 3.0
08:44:40.0062 2152 Product type: Workstation
08:44:40.0062 2152 ComputerName: HOME-8WI9D3OO4Q
08:44:40.0062 2152 UserName: Dave
08:44:40.0062 2152 Windows directory: C:\WINDOWS
08:44:40.0062 2152 System windows directory: C:\WINDOWS
08:44:40.0078 2152 Processor architecture: Intel x86
08:44:40.0078 2152 Number of processors: 2
08:44:40.0078 2152 Page size: 0x1000
08:44:40.0078 2152 Boot type: Normal boot
08:44:40.0078 2152 ============================================================
08:44:40.0953 2152 Drive \Device\Harddisk0\DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
08:44:40.0953 2152 ============================================================
08:44:40.0953 2152 \Device\Harddisk0\DR0:
08:44:40.0953 2152 MBR partitions:
08:44:40.0953 2152 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4E20061
08:44:40.0953 2152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4E200A0, BlocksNum 0xDBF8670
08:44:40.0953 2152 ============================================================
08:44:41.0000 2152 C: <-> \Device\Harddisk0\DR0\Partition0
08:44:41.0031 2152 D: <-> \Device\Harddisk0\DR0\Partition1
08:44:41.0062 2152 ============================================================
08:44:41.0062 2152 Initialize success
08:44:41.0062 2152 ============================================================
08:44:54.0234 2284 ============================================================
08:44:54.0234 2284 Scan started
08:44:54.0234 2284 Mode: Manual;
08:44:54.0234 2284 ============================================================
08:44:54.0484 2284 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:44:54.0484 2284 !SASCORE - ok
08:44:54.0625 2284 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
08:44:54.0640 2284 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
08:44:54.0765 2284 Abiosdsk - ok
08:44:54.0765 2284 abp480n5 - ok
08:44:54.0812 2284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:44:54.0812 2284 ACPI - ok
08:44:54.0843 2284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:44:54.0843 2284 ACPIEC - ok
08:44:54.0859 2284 adpu160m - ok
08:44:54.0906 2284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:44:54.0906 2284 aec - ok
08:44:54.0953 2284 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:44:54.0953 2284 AFD - ok
08:44:54.0968 2284 Aha154x - ok
08:44:54.0968 2284 aic78u2 - ok
08:44:54.0984 2284 aic78xx - ok
08:44:55.0109 2284 ALCXWDM (9a6aa923f00d368c8ad3bd7485d5cdca) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
08:44:55.0140 2284 ALCXWDM - ok
08:44:55.0218 2284 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:44:55.0218 2284 Alerter - ok
08:44:55.0250 2284 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:44:55.0250 2284 ALG - ok
08:44:55.0265 2284 AliIde - ok
08:44:55.0281 2284 amsint - ok
08:44:55.0359 2284 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:44:55.0359 2284 Apple Mobile Device - ok
08:44:55.0390 2284 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:44:55.0390 2284 AppMgmt - ok
08:44:55.0406 2284 asc - ok
08:44:55.0421 2284 asc3350p - ok
08:44:55.0421 2284 asc3550 - ok
08:44:55.0515 2284 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:44:55.0562 2284 aspnet_state - ok
08:44:55.0609 2284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:44:55.0609 2284 AsyncMac - ok
08:44:55.0671 2284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:44:55.0671 2284 atapi - ok
08:44:55.0687 2284 Atdisk - ok
08:44:55.0734 2284 Ati HotKey Poller (471087b5e1e01cc82604e81ea14781d8) C:\WINDOWS\system32\Ati2evxx.exe
08:44:55.0750 2284 Ati HotKey Poller - ok
08:44:55.0796 2284 ATI Smart (b979ba0120b6db757196a8e2e873fe3c) C:\WINDOWS\system32\ati2sgag.exe
08:44:55.0812 2284 ATI Smart - ok
08:44:56.0000 2284 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:44:56.0031 2284 ati2mtag - ok
08:44:56.0125 2284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:44:56.0125 2284 Atmarpc - ok
08:44:56.0156 2284 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:44:56.0156 2284 AudioSrv - ok
08:44:56.0187 2284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:44:56.0187 2284 audstub - ok
08:44:56.0500 2284 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
08:44:56.0531 2284 AVGIDSAgent - ok
08:44:56.0640 2284 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
08:44:56.0640 2284 AVGIDSDriver - ok
08:44:56.0687 2284 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
08:44:56.0687 2284 AVGIDSFilter - ok
08:44:56.0703 2284 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
08:44:56.0718 2284 AVGIDSHX - ok
08:44:56.0734 2284 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
08:44:56.0734 2284 AVGIDSShim - ok
08:44:56.0781 2284 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
08:44:56.0796 2284 Avgldx86 - ok
08:44:56.0812 2284 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
08:44:56.0812 2284 Avgmfx86 - ok
08:44:56.0843 2284 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
08:44:56.0843 2284 Avgrkx86 - ok
08:44:56.0890 2284 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
08:44:56.0890 2284 Avgtdix - ok
08:44:56.0984 2284 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
08:44:56.0984 2284 avgwd - ok
08:44:57.0015 2284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:44:57.0015 2284 Beep - ok
08:44:57.0062 2284 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:44:57.0078 2284 BITS - ok
08:44:57.0093 2284 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:44:57.0109 2284 Browser - ok
08:44:57.0125 2284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:44:57.0125 2284 cbidf2k - ok
08:44:57.0171 2284 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:44:57.0171 2284 CCDECODE - ok
08:44:57.0171 2284 cd20xrnt - ok
08:44:57.0203 2284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:44:57.0203 2284 Cdaudio - ok
08:44:57.0218 2284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:44:57.0218 2284 Cdfs - ok
08:44:57.0250 2284 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:44:57.0250 2284 Cdrom - ok
08:44:57.0265 2284 Changer - ok
08:44:57.0296 2284 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:44:57.0296 2284 cisvc - ok
08:44:57.0312 2284 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:44:57.0312 2284 ClipSrv - ok
08:44:57.0390 2284 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:44:57.0437 2284 clr_optimization_v2.0.50727_32 - ok
08:44:57.0437 2284 CmdIde - ok
08:44:57.0531 2284 cmuda (297cc8a257cbd3c46bbd675ec5e35cc2) C:\WINDOWS\system32\drivers\cmuda.sys
08:44:57.0546 2284 cmuda - ok
08:44:57.0562 2284 COMSysApp - ok
08:44:57.0578 2284 Cpqarray - ok
08:44:57.0609 2284 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:44:57.0609 2284 CryptSvc - ok
08:44:57.0625 2284 dac2w2k - ok
08:44:57.0625 2284 dac960nt - ok
08:44:57.0687 2284 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:44:57.0718 2284 DcomLaunch - ok
08:44:57.0750 2284 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:44:57.0750 2284 Dhcp - ok
08:44:57.0796 2284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:44:57.0796 2284 Disk - ok
08:44:57.0796 2284 dmadmin - ok
08:44:57.0875 2284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:44:57.0890 2284 dmboot - ok
08:44:57.0937 2284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:44:57.0937 2284 dmio - ok
08:44:57.0968 2284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:44:57.0968 2284 dmload - ok
08:44:58.0000 2284 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:44:58.0000 2284 dmserver - ok
08:44:58.0015 2284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:44:58.0031 2284 DMusic - ok
08:44:58.0046 2284 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:44:58.0046 2284 Dnscache - ok
08:44:58.0078 2284 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:44:58.0078 2284 Dot3svc - ok
08:44:58.0093 2284 dpti2o - ok
08:44:58.0125 2284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:44:58.0125 2284 drmkaud - ok
08:44:58.0156 2284 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:44:58.0171 2284 EapHost - ok
08:44:58.0187 2284 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:44:58.0203 2284 ERSvc - ok
08:44:58.0234 2284 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:44:58.0234 2284 Eventlog - ok
08:44:58.0265 2284 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
08:44:58.0265 2284 EventSystem - ok
08:44:58.0296 2284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:44:58.0312 2284 Fastfat - ok
08:44:58.0343 2284 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:44:58.0343 2284 FastUserSwitchingCompatibility - ok
08:44:58.0375 2284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:44:58.0375 2284 Fdc - ok
08:44:58.0390 2284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:44:58.0390 2284 Fips - ok
08:44:58.0406 2284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:44:58.0406 2284 Flpydisk - ok
08:44:58.0437 2284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:44:58.0437 2284 FltMgr - ok
08:44:58.0515 2284 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:44:58.0515 2284 FontCache3.0.0.0 - ok
08:44:58.0546 2284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:44:58.0546 2284 Fs_Rec - ok
08:44:58.0578 2284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:44:58.0578 2284 Ftdisk - ok
08:44:58.0609 2284 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:44:58.0609 2284 GEARAspiWDM - ok
08:44:58.0671 2284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:44:58.0703 2284 Gpc - ok
08:44:58.0781 2284 gupdate1c9c932a0f8aaae (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
08:44:58.0781 2284 gupdate1c9c932a0f8aaae - ok
08:44:58.0796 2284 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
08:44:58.0796 2284 gupdatem - ok
08:44:58.0843 2284 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:44:58.0843 2284 helpsvc - ok
08:44:58.0875 2284 HidServ - ok
08:44:58.0906 2284 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:44:58.0906 2284 hidusb - ok
08:44:58.0937 2284 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:44:58.0937 2284 hkmsvc - ok
08:44:58.0937 2284 hpn - ok
08:44:58.0953 2284 hpt3xx - ok
08:44:59.0000 2284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:44:59.0000 2284 HTTP - ok
08:44:59.0031 2284 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:44:59.0031 2284 HTTPFilter - ok
08:44:59.0046 2284 i2omgmt - ok
08:44:59.0046 2284 i2omp - ok
08:44:59.0093 2284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:44:59.0093 2284 i8042prt - ok
08:44:59.0171 2284 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:44:59.0187 2284 idsvc - ok
08:44:59.0218 2284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:44:59.0234 2284 Imapi - ok
08:44:59.0265 2284 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:44:59.0265 2284 ImapiService - ok
08:44:59.0281 2284 ini910u - ok
08:44:59.0281 2284 IntelIde - ok
08:44:59.0312 2284 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:44:59.0328 2284 intelppm - ok
08:44:59.0343 2284 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:44:59.0343 2284 ip6fw - ok
08:44:59.0375 2284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:44:59.0375 2284 IpFilterDriver - ok
08:44:59.0406 2284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:44:59.0406 2284 IpInIp - ok
08:44:59.0437 2284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:44:59.0437 2284 IpNat - ok
08:44:59.0515 2284 iPod Service (6e27978a4755f4789f912f5f49392f7c) C:\Program Files\iPod\bin\iPodService.exe
08:44:59.0515 2284 iPod Service - ok
08:44:59.0562 2284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:44:59.0562 2284 IPSec - ok
08:44:59.0578 2284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:44:59.0578 2284 IRENUM - ok
08:44:59.0640 2284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:44:59.0640 2284 isapnp - ok
08:44:59.0718 2284 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
08:44:59.0718 2284 JavaQuickStarterService - ok
08:44:59.0750 2284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:44:59.0750 2284 Kbdclass - ok
08:44:59.0765 2284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:44:59.0781 2284 kmixer - ok
08:44:59.0796 2284 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
08:44:59.0796 2284 KMWDFILTER - ok
08:44:59.0828 2284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:44:59.0843 2284 KSecDD - ok
08:44:59.0875 2284 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:44:59.0875 2284 lanmanserver - ok
08:44:59.0921 2284 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:44:59.0921 2284 lanmanworkstation - ok
08:44:59.0921 2284 lbrtfdc - ok
08:44:59.0968 2284 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:44:59.0968 2284 LmHosts - ok
08:44:59.0984 2284 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:45:00.0000 2284 Messenger - ok
08:45:00.0015 2284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:45:00.0015 2284 mnmdd - ok
08:45:00.0046 2284 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
08:45:00.0046 2284 mnmsrvc - ok
08:45:00.0062 2284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:45:00.0078 2284 Modem - ok
08:45:00.0093 2284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:45:00.0093 2284 Mouclass - ok
08:45:00.0125 2284 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:45:00.0125 2284 mouhid - ok
08:45:00.0140 2284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:45:00.0140 2284 MountMgr - ok
08:45:00.0140 2284 mraid35x - ok
08:45:00.0187 2284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:45:00.0187 2284 MRxDAV - ok
08:45:00.0234 2284 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:45:00.0234 2284 MRxSmb - ok
08:45:00.0265 2284 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
08:45:00.0265 2284 MSDTC - ok
08:45:00.0296 2284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:45:00.0296 2284 Msfs - ok
08:45:00.0296 2284 MSIServer - ok
08:45:00.0328 2284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:45:00.0328 2284 MSKSSRV - ok
08:45:00.0343 2284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:45:00.0343 2284 MSPCLOCK - ok
08:45:00.0375 2284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:45:00.0375 2284 MSPQM - ok
08:45:00.0390 2284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:45:00.0390 2284 mssmbios - ok
08:45:00.0421 2284 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:45:00.0421 2284 MSTEE - ok
08:45:00.0453 2284 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:45:00.0468 2284 Mup - ok
08:45:00.0500 2284 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:45:00.0500 2284 NABTSFEC - ok
08:45:00.0531 2284 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:45:00.0531 2284 napagent - ok
08:45:00.0562 2284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:45:00.0562 2284 NDIS - ok
08:45:00.0593 2284 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:45:00.0593 2284 NdisIP - ok
08:45:00.0640 2284 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:45:00.0656 2284 NdisTapi - ok
08:45:00.0671 2284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:45:00.0671 2284 Ndisuio - ok
08:45:00.0687 2284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:45:00.0687 2284 NdisWan - ok
08:45:00.0718 2284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:45:00.0718 2284 NDProxy - ok
08:45:00.0750 2284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:45:00.0750 2284 NetBIOS - ok
08:45:00.0781 2284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:45:00.0781 2284 NetBT - ok
08:45:00.0812 2284 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:45:00.0812 2284 NetDDE - ok
08:45:00.0812 2284 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:45:00.0828 2284 NetDDEdsdm - ok
08:45:00.0859 2284 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:45:00.0859 2284 Netlogon - ok
08:45:00.0906 2284 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:45:00.0921 2284 Netman - ok
08:45:00.0984 2284 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:45:00.0984 2284 NetTcpPortSharing - ok
08:45:01.0031 2284 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:45:01.0031 2284 Nla - ok
08:45:01.0078 2284 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
08:45:01.0078 2284 nmwcd - ok
08:45:01.0093 2284 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
08:45:01.0093 2284 nmwcdc - ok
08:45:01.0125 2284 nosGetPlusHelper - ok
08:45:01.0156 2284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:45:01.0156 2284 Npfs - ok
08:45:01.0218 2284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:45:01.0234 2284 Ntfs - ok
08:45:01.0250 2284 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
08:45:01.0250 2284 NtLmSsp - ok
08:45:01.0296 2284 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:45:01.0296 2284 NtmsSvc - ok
08:45:01.0328 2284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:45:01.0328 2284 Null - ok
08:45:01.0359 2284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:45:01.0359 2284 NwlnkFlt - ok
08:45:01.0375 2284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:45:01.0375 2284 NwlnkFwd - ok
08:45:01.0421 2284 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\WINDOWS\system32\Drivers\ov519vid.sys
08:45:01.0421 2284 ovt519 - ok
08:45:01.0437 2284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:45:01.0437 2284 Parport - ok
08:45:01.0468 2284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:45:01.0468 2284 PartMgr - ok
08:45:01.0515 2284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:45:01.0515 2284 ParVdm - ok
08:45:01.0562 2284 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
08:45:01.0562 2284 pccsmcfd - ok
08:45:01.0593 2284 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:45:01.0593 2284 PCI - ok
08:45:01.0593 2284 PCIDump - ok
08:45:01.0625 2284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:45:01.0625 2284 PCIIde - ok
08:45:01.0640 2284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:45:01.0656 2284 Pcmcia - ok
08:45:01.0687 2284 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
08:45:01.0687 2284 pcouffin - ok
08:45:01.0687 2284 PDCOMP - ok
08:45:01.0703 2284 PDFRAME - ok
08:45:01.0703 2284 PDRELI - ok
08:45:01.0718 2284 PDRFRAME - ok
08:45:01.0734 2284 perc2 - ok
08:45:01.0734 2284 perc2hib - ok
08:45:01.0796 2284 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:45:01.0796 2284 PlugPlay - ok
08:45:01.0812 2284 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:45:01.0812 2284 PolicyAgent - ok
08:45:01.0843 2284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:45:01.0843 2284 PptpMiniport - ok
08:45:01.0859 2284 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:45:01.0859 2284 Processor - ok
08:45:01.0875 2284 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:45:01.0875 2284 ProtectedStorage - ok
08:45:01.0890 2284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:45:01.0890 2284 PSched - ok
08:45:01.0906 2284 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
08:45:01.0921 2284 PSI - ok
08:45:01.0937 2284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:45:01.0937 2284 Ptilink - ok
08:45:01.0968 2284 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:45:01.0968 2284 PxHelp20 - ok
08:45:01.0984 2284 ql1080 - ok
08:45:02.0000 2284 Ql10wnt - ok
08:45:02.0015 2284 ql12160 - ok
08:45:02.0015 2284 ql1240 - ok
08:45:02.0031 2284 ql1280 - ok
08:45:02.0062 2284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:45:02.0062 2284 RasAcd - ok
08:45:02.0109 2284 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:45:02.0109 2284 RasAuto - ok
08:45:02.0125 2284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:45:02.0125 2284 Rasl2tp - ok
08:45:02.0156 2284 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:45:02.0171 2284 RasMan - ok
08:45:02.0171 2284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:45:02.0187 2284 RasPppoe - ok
08:45:02.0187 2284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:45:02.0187 2284 Raspti - ok
08:45:02.0234 2284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:45:02.0234 2284 Rdbss - ok
08:45:02.0265 2284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:45:02.0265 2284 RDPCDD - ok
08:45:02.0281 2284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:45:02.0296 2284 rdpdr - ok
08:45:02.0328 2284 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:45:02.0328 2284 RDPWD - ok
08:45:02.0375 2284 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:45:02.0375 2284 RDSessMgr - ok
08:45:02.0406 2284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:45:02.0406 2284 redbook - ok
08:45:02.0437 2284 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:45:02.0437 2284 RemoteAccess - ok
08:45:02.0468 2284 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:45:02.0484 2284 RemoteRegistry - ok
08:45:02.0515 2284 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
08:45:02.0515 2284 RpcLocator - ok
08:45:02.0562 2284 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:45:02.0562 2284 RpcSs - ok
08:45:02.0609 2284 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
08:45:02.0609 2284 RSVP - ok
08:45:02.0656 2284 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
08:45:02.0656 2284 RTL8023xp - ok
08:45:02.0687 2284 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:45:02.0687 2284 rtl8139 - ok
08:45:02.0734 2284 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:45:02.0734 2284 SamSs - ok
08:45:02.0812 2284 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:45:02.0812 2284 SASDIFSV - ok
08:45:02.0828 2284 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
08:45:02.0828 2284 SASENUM - ok
08:45:02.0859 2284 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
08:45:02.0859 2284 SASKUTIL - ok
08:45:02.0890 2284 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:45:02.0890 2284 SCardSvr - ok
08:45:02.0921 2284 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:45:02.0937 2284 Schedule - ok
08:45:02.0968 2284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:45:02.0968 2284 Secdrv - ok
08:45:03.0000 2284 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:45:03.0000 2284 seclogon - ok
08:45:03.0046 2284 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:45:03.0046 2284 SENS - ok
08:45:03.0062 2284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:45:03.0062 2284 serenum - ok
08:45:03.0093 2284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:45:03.0093 2284 Serial - ok
08:45:03.0171 2284 ServiceLayer (8c1f87f5fdd92229d1754b98f073913f) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
08:45:03.0171 2284 ServiceLayer - ok
08:45:03.0203 2284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:45:03.0203 2284 Sfloppy - ok
08:45:03.0250 2284 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:45:03.0250 2284 SharedAccess - ok
08:45:03.0296 2284 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:45:03.0296 2284 ShellHWDetection - ok
08:45:03.0296 2284 Simbad - ok
08:45:03.0328 2284 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:45:03.0328 2284 SLIP - ok
08:45:03.0343 2284 Sparrow - ok
08:45:03.0359 2284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:45:03.0359 2284 splitter - ok
08:45:03.0390 2284 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:45:03.0406 2284 Spooler - ok
08:45:03.0437 2284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:45:03.0437 2284 sr - ok
08:45:03.0484 2284 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:45:03.0484 2284 srservice - ok
08:45:03.0546 2284 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:45:03.0546 2284 Srv - ok
08:45:03.0562 2284 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:45:03.0578 2284 SSDPSRV - ok
08:45:03.0625 2284 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:45:03.0640 2284 stisvc - ok
08:45:03.0656 2284 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:45:03.0656 2284 streamip - ok
08:45:03.0687 2284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:45:03.0687 2284 swenum - ok
08:45:03.0734 2284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:45:03.0734 2284 swmidi - ok
08:45:03.0734 2284 SwPrv - ok
08:45:03.0750 2284 symc810 - ok
08:45:03.0765 2284 symc8xx - ok
08:45:03.0765 2284 sym_hi - ok
08:45:03.0781 2284 sym_u3 - ok
08:45:03.0812 2284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:45:03.0812 2284 sysaudio - ok
08:45:03.0828 2284 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:45:03.0828 2284 SysmonLog - ok
08:45:03.0859 2284 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:45:03.0859 2284 TapiSrv - ok
08:45:03.0906 2284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:45:03.0906 2284 Tcpip - ok
08:45:03.0937 2284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:45:03.0937 2284 TDPIPE - ok
08:45:03.0968 2284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:45:03.0968 2284 TDTCP - ok
08:45:04.0000 2284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:45:04.0000 2284 TermDD - ok
08:45:04.0046 2284 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:45:04.0062 2284 TermService - ok
08:45:04.0093 2284 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:45:04.0109 2284 Themes - ok
08:45:04.0140 2284 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
08:45:04.0140 2284 TlntSvr - ok
08:45:04.0140 2284 TosIde - ok
08:45:04.0171 2284 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:45:04.0187 2284 TrkWks - ok
08:45:04.0218 2284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:45:04.0218 2284 Udfs - ok
08:45:04.0234 2284 ultra - ok
08:45:04.0281 2284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:45:04.0281 2284 Update - ok
08:45:04.0312 2284 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:45:04.0312 2284 upnphost - ok
08:45:04.0343 2284 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
08:45:04.0343 2284 upperdev - ok
08:45:04.0375 2284 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:45:04.0375 2284 UPS - ok
08:45:04.0421 2284 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:45:04.0421 2284 USBAAPL - ok
08:45:04.0453 2284 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:45:04.0453 2284 usbaudio - ok
08:45:04.0484 2284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:45:04.0484 2284 usbccgp - ok
08:45:04.0515 2284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:45:04.0531 2284 usbehci - ok
08:45:04.0578 2284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:45:04.0578 2284 usbhub - ok
08:45:04.0609 2284 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:45:04.0609 2284 usbprint - ok
08:45:04.0656 2284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:45:04.0656 2284 usbscan - ok
08:45:04.0687 2284 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
08:45:04.0687 2284 usbser - ok
08:45:04.0718 2284 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
08:45:04.0718 2284 UsbserFilt - ok
08:45:04.0765 2284 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:45:04.0765 2284 USBSTOR - ok
08:45:04.0796 2284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:45:04.0796 2284 usbuhci - ok
08:45:04.0812 2284 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:45:04.0812 2284 usbvideo - ok
08:45:04.0828 2284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:45:04.0843 2284 VgaSave - ok
08:45:04.0843 2284 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
08:45:04.0843 2284 viaagp1 - ok
08:45:04.0875 2284 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
08:45:04.0890 2284 ViaIde - ok
08:45:04.0906 2284 viamraid (0363e216e4eb5052969c96608934dbde) C:\WINDOWS\system32\DRIVERS\viamraid.sys
08:45:04.0921 2284 viamraid - ok
08:45:04.0937 2284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:45:04.0953 2284 VolSnap - ok
08:45:04.0984 2284 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:45:04.0984 2284 VSS - ok
08:45:05.0015 2284 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:45:05.0015 2284 W32Time - ok
08:45:05.0078 2284 W8335XP (7455b3c11a1d6a844b53febdb58646e9) C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys
08:45:05.0078 2284 W8335XP - ok
08:45:05.0093 2284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:45:05.0093 2284 Wanarp - ok
08:45:05.0156 2284 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
08:45:05.0156 2284 Wdf01000 - ok
08:45:05.0156 2284 WDICA - ok
08:45:05.0187 2284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:45:05.0187 2284 wdmaud - ok
08:45:05.0218 2284 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:45:05.0218 2284 WebClient - ok
08:45:05.0281 2284 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:45:05.0281 2284 winmgmt - ok
08:45:05.0328 2284 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
08:45:05.0328 2284 WinUSB - ok
08:45:05.0359 2284 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:45:05.0359 2284 WmdmPmSN - ok
08:45:05.0421 2284 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:45:05.0421 2284 Wmi - ok
08:45:05.0453 2284 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
08:45:05.0468 2284 WmiApSrv - ok
08:45:05.0562 2284 WMZuneComm (cac923906c526433e789d76f4f596601) C:\Program Files\Zune\WMZuneComm.exe
08:45:05.0562 2284 WMZuneComm - ok
08:45:05.0609 2284 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:45:05.0609 2284 WpdUsb - ok
08:45:05.0625 2284 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:45:05.0640 2284 wscsvc - ok
08:45:05.0671 2284 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:45:05.0671 2284 WSTCODEC - ok
08:45:05.0703 2284 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:45:05.0703 2284 wuauserv - ok
08:45:05.0734 2284 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:45:05.0734 2284 WudfPf - ok
08:45:05.0781 2284 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:45:05.0781 2284 WudfRd - ok
08:45:05.0812 2284 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
08:45:05.0812 2284 WudfSvc - ok
08:45:05.0875 2284 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:45:05.0875 2284 WZCSVC - ok
08:45:05.0890 2284 xcpip - ok
08:45:05.0921 2284 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:45:05.0937 2284 xmlprov - ok
08:45:05.0937 2284 xpsec - ok
08:45:05.0984 2284 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
08:45:05.0984 2284 zumbus - ok
08:45:06.0015 2284 ZuneBusEnum (7f2ac17f35667661e1f9b8d4ae7cb447) C:\WINDOWS\system32\ZuneBusEnum.exe
08:45:06.0015 2284 ZuneBusEnum - ok
08:45:06.0453 2284 ZuneNetworkSvc (7288e904b5514d601ba004954e4393bb) C:\Program Files\Zune\ZuneNss.exe
08:45:06.0500 2284 ZuneNetworkSvc - ok
08:45:06.0625 2284 ZuneWlanCfgSvc (945eba97cb6c85f5baea4dd2e8410c81) C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
08:45:06.0625 2284 ZuneWlanCfgSvc - ok
08:45:06.0656 2284 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
08:45:06.0656 2284 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
08:45:06.0656 2284 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
08:45:06.0671 2284 Boot (0x1200) (b26d2dbbc244dd2d74e0dbde5d478bbf) \Device\Harddisk0\DR0\Partition0
08:45:06.0671 2284 \Device\Harddisk0\DR0\Partition0 - ok
08:45:06.0687 2284 Boot (0x1200) (3170a273faa81e71feb5f8993d4caa97) \Device\Harddisk0\DR0\Partition1
08:45:06.0687 2284 \Device\Harddisk0\DR0\Partition1 - ok
08:45:06.0687 2284 ============================================================
08:45:06.0687 2284 Scan finished
08:45:06.0687 2284 ============================================================
08:45:06.0718 3840 Detected object count: 1
08:45:06.0718 3840 Actual detected object count: 1
08:45:25.0421 3840 \Device\Harddisk0\DR0\# - copied to quarantine
08:45:25.0421 3840 \Device\Harddisk0\DR0 - copied to quarantine
08:45:25.0453 3840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
08:45:25.0500 3840 \Device\Harddisk0\DR0 - ok
08:45:25.0500 3840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
08:45:35.0687 0784 Deinitialize success

broni · 2012/05/26

Please post new aswMBR log.

davee · 2012/05/26

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-27 12:36:36
-----------------------------
12:36:36.750 OS Version: Windows 5.1.2600 Service Pack 3
12:36:36.750 Number of processors: 2 586 0x409
12:36:36.750 ComputerName: HOME-8WI9D3OO4Q UserName: Dave
12:36:38.062 Initialize success
12:36:48.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:36:48.921 Disk 0 Vendor: ST3160212A 3.AAJ Size: 152626MB BusType: 3
12:36:48.937 Disk 0 MBR read successfully
12:36:48.937 Disk 0 MBR scan
12:36:48.937 Disk 0 Windows XP default MBR code
12:36:48.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 40000 MB offset 63
12:36:48.953 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 112624 MB offset 81920160
12:36:48.953 Disk 0 scanning sectors +312575760
12:36:48.984 Disk 0 malicious Win32:MBRoot code @ sector 312575763 !
12:36:49.062 Disk 0 scanning C:\WINDOWS\system32\drivers
12:36:57.281 Service scanning
12:37:21.109 Modules scanning
12:37:36.343 Disk 0 trace - called modules:
12:37:36.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll viaide.sys PCIIDEX.SYS
12:37:36.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa70ab8]
12:37:36.359 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aac2030]
12:37:36.359 Scan finished successfully
12:37:57.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dave\Desktop\MBR.dat "
12:37:57.359 The log file has been saved successfully to "C:\Documents and Settings\Dave\Desktop\aswMBR2.txt "

broni · 2012/05/26

Very good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

davee · 2012/05/26

here is combo fix log ..

ComboFix 12-05-26.02 - Dave 05/27/2012 13:23:54.12.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1432 [GMT 10:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Dave\Application Data\inst.exe
c:\documents and settings\Dave\Application Data\vso_ts_preview.xml
c:\documents and settings\Dave\WINDOWS
c:\windows\system32\CddbCdda.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\MrvGINA.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-26 22:45 . 2012-05-26 22:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-06 07:17 . 2012-05-06 07:17 -------- d-----w- c:\program files\Common Files\Java
2012-05-06 06:55 . 2012-05-06 06:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-06 06:55 . 2012-05-06 06:55 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 04:29 . 2012-04-07 23:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-13 04:28 . 2011-05-17 06:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 06:55 . 2010-07-23 12:48 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-18 18:50 . 2012-04-18 18:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:14 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2001-08-23 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-07 23:44 . 2012-04-07 23:44 4125344 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-03-18 19:17 . 2010-09-06 16:49 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-01 11:01 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2001-08-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-08-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 05:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-28 3905920]
"ctfmon "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY "= "c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 22:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
path=
backup=
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family & Friends Reminders.LNK]
backup=c:\windows\pss\Corel Family & Friends Reminders.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Dave\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-02 23:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 06:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 09:49 6591800 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 08:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 02:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-12-25 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raid_tool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 17:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 13:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 04:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 02:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService "=2 (0x2)
"AntiVirSchedulerService "=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe "=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe "=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCP:Remote Desktop
"65533:TCP "= 65533:TCP:Services
"52344:TCP "= 52344:TCP:Services
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/2/2010 2:11 PM 116608]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 4:07 PM 759048]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/26/2009 5:31 PM 47360]
S2 gupdate1c9c932a0f8aaae;Google Update Service (gupdate1c9c932a0f8aaae);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:26 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:26 AM 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/23/2001 10:00 PM 14336]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/8/2010 12:05 AM 14904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 12:19 PM 268528]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 06:57]
.
2012-05-04 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-05-14 13:14]
.
2012-05-04 c:\windows\Tasks\goldenDowngrade.job
- c:\program files\NCH Swift Sound\Golden\golden.exe [2011-05-03 10:38]
.
2012-05-04 c:\windows\Tasks\goldenShakeIcon.job
- c:\program files\NCH Swift Sound\Golden\golden.exe [2011-05-03 10:38]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]
.
2012-05-04 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-08-30 11:15]
.
2012-05-04 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-05-14 05:55]
.
2012-05-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 05:23]
.
2012-05-04 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2011-05-03 10:49]
.
2012-05-04 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-05-03 08:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/webhp?hl=en
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ABBYY Screenshot Reader Bonus - (no file)
MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-27 13:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2012-05-27 13:39:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 03:39
.
Pre-Run: 12,979,572,736 bytes free
Post-Run: 12,863,266,816 bytes free
.
- - End Of File - - BED57857A4161A389CD01AB6202EE0B5

broni · 2012/05/26

Uninstall Ask Toolbar, typical foistware.

Then...

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\drivers\xpsec.sys

DDS::
uInternet Settings,ProxyOverride = <local>

Driver::
xpsec
AntiVirSchedulerService

Registry::

ClearJavaCache::
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

davee · 2012/05/26

hi Broni i cant unistall asktool bar as it is not in add remove remove programmes how else can i remove it ???

broni · 2012/05/26

Leave it alone.
We'll take care of its leftovers later.

davee · 2012/05/27

ComboFix 12-05-26.02 - Dave 05/27/2012 14:42:54.13.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1475 [GMT 10:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
FILE ::
"c:\windows\system32\drivers\xpsec.sys "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ANTIVIRSCHEDULERSERVICE
-------\Service_AntiVirSchedulerService
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-26 22:45 . 2012-05-26 22:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-06 07:17 . 2012-05-06 07:17 -------- d-----w- c:\program files\Common Files\Java
2012-05-06 06:55 . 2012-05-06 06:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-06 06:55 . 2012-05-06 06:55 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-13 04:29 . 2012-04-07 23:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-13 04:28 . 2011-05-17 06:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 06:55 . 2010-07-23 12:48 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-18 18:50 . 2012-04-18 18:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:14 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2001-08-23 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-07 23:44 . 2012-04-07 23:44 4125344 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-03-18 19:17 . 2010-09-06 16:49 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-01 11:01 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2001-08-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2001-08-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-27_03.31.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-27 04:49 . 2012-05-27 04:49 16384 c:\windows\temp\Perflib_Perfdata_1f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 05:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-28 3905920]
"ctfmon "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY "= "c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 22:07 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "
path=
backup=
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Family & Friends Reminders.LNK]
backup=c:\windows\pss\Corel Family & Friends Reminders.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dave^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\Dave\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-02 23:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 06:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-22 09:49 6591800 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 08:25 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2001-07-09 00:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-03-23 02:20 227328 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-12-25 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\raid_tool]
2005-04-26 03:22 589824 ----a-r- c:\program files\VIA\RAID\raid_tool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-11 17:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 13:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 04:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 02:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService "=2 (0x2)
"AntiVirSchedulerService "=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe "=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe "=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCP:Remote Desktop
"65533:TCP "= 65533:TCP:Services
"52344:TCP "= 52344:TCP:Services
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 2:07 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/2/2010 2:11 PM 116608]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 4:07 PM 759048]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [5/26/2009 5:31 PM 47360]
S2 gupdate1c9c932a0f8aaae;Google Update Service (gupdate1c9c932a0f8aaae);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:26 AM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2009 11:26 AM 133104]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/23/2001 10:00 PM 14336]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/8/2010 12:05 AM 14904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 12872]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 12:19 PM 268528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 06:57]
.
2012-05-04 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-05-14 13:14]
.
2012-05-04 c:\windows\Tasks\goldenDowngrade.job
- c:\program files\NCH Swift Sound\Golden\golden.exe [2011-05-03 10:38]
.
2012-05-04 c:\windows\Tasks\goldenShakeIcon.job
- c:\program files\NCH Swift Sound\Golden\golden.exe [2011-05-03 10:38]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-30 01:25]
.
2012-05-04 c:\windows\Tasks\photostageShakeIcon.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2011-08-30 11:15]
.
2012-05-04 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-05-14 05:55]
.
2012-05-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 05:23]
.
2012-05-04 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2011-05-03 10:49]
.
2012-05-04 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-05-03 08:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/webhp?hl=en
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-27 14:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2012-05-27 14:55:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 04:55
ComboFix2.txt 2012-05-27 03:39
.
Pre-Run: 12,839,727,104 bytes free
Post-Run: 12,816,420,864 bytes free
.
- - End Of File - - 49D986F659FE5E87FA4EFCBE1B1C3B72

broni · 2012/05/27

Good

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

davee · 2012/05/28

hi Broni computer seems fine ran a AVC scan came up with no threats so proceeded with OTL here are logs ,,

OTL logfile created on: 5/28/2012 7:44:58 PM - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.09% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 11.97 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
Drive D: | 109.99 Gb Total Space | 27.32 Gb Free Space | 24.84% Space Free | Partition Type: NTFS

Computer Name: HOME-8WI9D3OO4Q | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/28 19:42:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/28 11:50:50 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/19 19:39:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2010/09/24 12:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/26 17:55:04 | 001,486,848 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/28 18:48:16 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/08/19 19:36:00 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/19 19:36:00 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/08/04 17:12:47 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2006/04/14 14:12:12 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WlanDll.dll
MOD - [2006/01/26 17:55:04 | 001,486,848 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AntiVirService)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/19 19:39:23 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/09/24 12:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/09/24 12:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/09/24 12:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/09/24 12:19:08 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/08/04 17:10:31 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 17:10:30 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/08 00:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/02/19 13:04:27 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/11 17:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/10/06 15:17:34 | 000,280,576 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WG311v3XP.sys -- (W8335XP) NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)
DRV - [2005/05/18 19:50:30 | 002,319,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 15:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/10/15 17:52:50 | 000,174,530 | R--- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov519vid.sys -- (ovt519)
DRV - [2003/07/02 06:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/webhp?hl=en
IE - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\..\SearchScopes\{5AB006E7-558B-49F2-BC0D-DB0DDCA85848}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en
IE - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\..\SearchScopes\{E00E5FEE-9DAC-452D-B66B-96EF4C932E81}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=au&nt=1
IE - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2012/05/09 18:07:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/16 17:02:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/10/08 16:19:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/09 18:07:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/10/08 16:19:29 | 000,000,000 | ---D | M]

[2009/11/22 09:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions
[2009/11/22 09:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dave\Application Data\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\

O1 HOSTS File: ([2012/05/27 14:49:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-1004336348-1677128483-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C687FC78-6223-4254-B99A-EA64B89C1DE1}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/10 11:24:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 19:41:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2012/05/27 13:21:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/27 13:21:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/27 13:21:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/27 13:21:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/27 13:21:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/27 13:17:22 | 004,528,808 | R--- | C] (Swearware) -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2012/05/27 08:45:24 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/25 16:48:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2012/05/25 16:48:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dave\Desktop\aswMBR.exe
[2012/05/25 16:38:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dave\Recent
[2012/05/23 08:16:44 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dave\Desktop\TDSSKiller.exe
[2012/05/22 22:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\amandas stuff
[2012/05/16 17:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/05/06 17:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/06 16:55:16 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/05/06 16:55:16 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/05/06 16:55:16 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/05/06 16:55:16 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/05/06 16:55:16 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

========== Files - Modified Within 30 Days ==========

[2012/05/28 19:42:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2012/05/28 18:52:30 | 099,290,447 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/28 18:46:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/28 18:46:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/27 14:49:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/27 14:24:44 | 000,034,814 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\dt.dat
[2012/05/27 14:20:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/27 13:18:33 | 004,528,808 | R--- | M] (Swearware) -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2012/05/27 12:37:57 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\MBR.dat
[2012/05/27 08:42:05 | 002,108,352 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\tdsskiller.zip
[2012/05/26 17:02:19 | 000,351,125 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/05/26 16:43:07 | 000,013,006 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\avg.csv
[2012/05/25 16:50:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dave\Desktop\aswMBR.exe
[2012/05/25 16:48:53 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Dave\Desktop\dds.scr
[2012/05/25 16:47:42 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\kd9qsw7v.exe
[2012/05/23 08:16:44 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dave\Desktop\TDSSKiller.exe
[2012/05/22 20:25:50 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/21 22:37:20 | 000,441,410 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/21 22:37:20 | 000,071,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/18 17:36:19 | 035,652,358 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\cityAndColour_settleDown.mp4
[2012/05/18 17:35:19 | 032,775,456 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\cityAndColour_fragileBird.mp4
[2012/05/18 17:32:05 | 022,332,818 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\lav_city_and_colour_2012_05_18.mp3
[2012/05/13 14:29:00 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/13 14:28:59 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/13 14:08:57 | 000,179,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/06 16:55:00 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/05/06 16:55:00 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/05/06 16:55:00 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/05/06 16:55:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/05/06 16:55:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/05/06 16:55:00 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/05/04 19:17:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2012/05/04 19:17:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012/05/04 19:17:03 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/05/04 19:16:58 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2012/05/04 19:16:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\photostageShakeIcon.job
[2012/05/04 19:16:53 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/04 19:16:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/04 19:16:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\goldenShakeIcon.job
[2012/05/04 19:16:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\goldenDowngrade.job
[2012/05/04 19:16:31 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2012/05/04 19:16:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2012/05/27 14:24:44 | 000,034,814 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\dt.dat
[2012/05/27 13:21:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/27 13:21:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/27 13:21:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/27 13:21:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/27 13:21:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/27 08:41:21 | 002,108,352 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\tdsskiller.zip
[2012/05/26 16:40:59 | 000,013,006 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\avg.csv
[2012/05/26 16:26:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\MBR.dat
[2012/05/25 16:47:42 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\kd9qsw7v.exe
[2012/05/18 17:32:04 | 022,332,818 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\lav_city_and_colour_2012_05_18.mp3
[2012/05/18 17:31:54 | 035,652,358 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\cityAndColour_settleDown.mp4
[2012/05/18 17:31:40 | 032,775,456 | ---- | C] () -- C:\Documents and Settings\Dave\My Documents\cityAndColour_fragileBird.mp4
[2012/04/28 15:28:41 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\recently-used.xbel
[2012/02/15 17:01:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/12 09:36:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/11/05 14:50:36 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/16 16:07:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSPublisher_Quark Converter.INI
[2010/07/16 15:45:35 | 000,001,901 | ---- | C] () -- C:\WINDOWS\panose.bin
[2010/07/16 15:37:42 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2010/06/06 11:50:20 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/04/10 11:24:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/22 21:24:58 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2012/03/06 18:16:58 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2012/05/27 14:55:37 | 000,017,636 | ---- | M] () -- C:\ComboFix.txt
[2009/04/10 11:24:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/09 21:26:02 | 000,001,499 | ---- | M] () -- C:\HelpAsst.log
[2009/04/10 11:24:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/10 11:24:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/04/12 13:27:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/13 12:03:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/05/28 18:46:47 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/05/30 09:58:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/08/10 19:47:03 | 000,003,614 | ---- | M] () -- C:\RootRepeal report 08-10-10 (19-47-03).txt
[2012/05/27 08:45:35 | 000,085,092 | ---- | M] () -- C:\TDSSKiller.2.7.37.0_27.05.2012_08.44.38_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/04/10 11:24:41 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/04/23 15:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD6e.DLL
[2004/04/23 15:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP6e.DLL
[2008/07/06 22:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 20:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/04/10 21:13:13 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/04/10 21:13:13 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/04/10 21:13:13 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/04/13 12:14:22 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/04/12 13:52:48 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/04/10 11:30:17 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/05/25 16:50:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dave\Desktop\aswMBR.exe
[2012/05/27 13:18:33 | 004,528,808 | R--- | M] (Swearware) -- C:\Documents and Settings\Dave\Desktop\ComboFix.exe
[2012/05/25 16:47:42 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\kd9qsw7v.exe
[2012/05/28 19:42:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTL.exe
[2012/05/23 08:16:44 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dave\Desktop\TDSSKiller.exe
[2010/08/14 16:10:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/05/04 19:16:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2001/08/23 22:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/05/04 19:16:31 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2012/05/04 19:16:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\goldenDowngrade.job
[2012/05/04 19:16:45 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\goldenShakeIcon.job
[2012/05/04 19:16:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/04 19:16:53 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/04 19:16:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\photostageShakeIcon.job
[2012/05/04 19:16:58 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2012/05/28 18:47:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/05/04 19:17:03 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/05/04 19:17:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012/05/04 19:17:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/12 13:52:48 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Dave\Favorites\Desktop.ini
[2011/05/03 18:47:19 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Dave\Favorites\NCH Audio and Telephony Software.lnk
[2011/08/30 21:15:38 | 000,000,264 | ---- | M] () -- C:\Documents and Settings\Dave\Favorites\NCH Software Download Site.lnk
[2012/03/22 18:42:35 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\Dave\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/06/14 16:32:49 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Dave\Cookies\desktop.ini
[2012/05/28 18:48:23 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Dave\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 10:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2008/04/14 10:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/07/18 04:41:08 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/22 13:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/03 00:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 03:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 10:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001/08/01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2004/07/18 04:41:08 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/07/18 04:41:08 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/07/18 04:41:08 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/18 04:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[2004/02/17 10:51:56 | 001,458,176 | ---- | M] (C-Media Electronics Inc.) -- C:\WINDOWS\system\SmWizard.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

davee · 2012/05/28

here are Extra's

OTL Extras logfile created on: 5/28/2012 7:44:58 PM - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.09% Memory free
3.85 Gb Paging File | 3.21 Gb Available in Paging File | 83.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 11.97 Gb Free Space | 30.64% Space Free | Partition Type: NTFS
Drive D: | 109.99 Gb Total Space | 27.32 Gb Free Space | 24.84% Space Free | Partition Type: NTFS

Computer Name: HOME-8WI9D3OO4Q | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0A8C7880-F199-4807-ABD4-6E695B71A3D7}" = e-tax 2009
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82B4F1D8-FB2E-4A89-B648-0A0596E239CA}" = Nokia Software Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Corel Uninstaller" = Corel Uninstaller
"D-Link VGA Webcam" = D-Link VGA Webcam
"DVD Photo Slideshow Professional" = DVD Photo Slideshow Pro 7.97
"DVDFab 7_is1" = DVDFab 7.0.8.2 (17/07/2010)
"EPSON Scanner" = EPSON Scan
"EPSON TX120 NX120 Series" = EPSON TX120 NX120 Series Printer Uninstall
"EPSON TX120 NX120 Series Manual" = EPSON TX120 NX120 Series Manual
"ExpressBurn" = Express Burn Disc Burning Software
"Foxit Reader" = Foxit Reader
"Golden" = Golden Records Vinyl to CD Converter
"GTK2-Runtime" = GTK2-Runtime
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Opera 11.64.1403" = Opera 11.64
"PhotoStage" = PhotoStage Slideshow Producer
"Prism" = Prism Video File Converter
"Secunia PSI" = Secunia PSI
"Switch" = Switch Sound File Converter
"ToolBox" = NCH Toolbox
"WavePad" = WavePad Sound Editor
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo!7 Messenger" = Yahoo!7 Messenger
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1004336348-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dulux MyColour4" = Dulux MyColour4
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/25/2012 3:17:43 AM | Computer Name = HOME-8WI9D3OO4Q | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb "
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/25/2012 3:17:46 AM | Computer Name = HOME-8WI9D3OO4Q | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb "
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/25/2012 3:17:49 AM | Computer Name = HOME-8WI9D3OO4Q | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb "
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/25/2012 3:17:51 AM | Computer Name = HOME-8WI9D3OO4Q | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb "
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/25/2012 3:17:53 AM | Computer Name = HOME-8WI9D3OO4Q | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb "
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/25/2012 3:17:54 AM | Computer Name = HOME-8WI9D3OO4Q | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb "
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/25/2012 3:17:55 AM | Computer Name = HOME-8WI9D3OO4Q | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb "
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/25/2012 3:17:56 AM | Computer Name = HOME-8WI9D3OO4Q | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb "
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/25/2012 3:17:58 AM | Computer Name = HOME-8WI9D3OO4Q | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb "
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/25/2012 3:17:59 AM | Computer Name = HOME-8WI9D3OO4Q | Source = ESENT | ID = 490
Description = svchost (1276) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb "
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 5/25/2012 2:29:20 AM | Computer Name = HOME-8WI9D3OO4Q | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/25/2012 2:29:20 AM | Computer Name = HOME-8WI9D3OO4Q | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV
SASKUTIL
Tcpip

Error - 5/25/2012 2:29:30 AM | Computer Name = HOME-8WI9D3OO4Q | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 5/25/2012 2:32:45 AM | Computer Name = HOME-8WI9D3OO4Q | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/25/2012 2:41:24 AM | Computer Name = HOME-8WI9D3OO4Q | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 5/25/2012 2:41:46 AM | Computer Name = HOME-8WI9D3OO4Q | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/25/2012 2:42:10 AM | Computer Name = HOME-8WI9D3OO4Q | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/25/2012 5:17:10 AM | Computer Name = HOME-8WI9D3OO4Q | Source = owAZEVAoRGRCZ | ID = 262153
Description =

Error - 5/25/2012 5:17:44 AM | Computer Name = HOME-8WI9D3OO4Q | Source = owAZEVAoRGRCZ | ID = 262153
Description =

Error - 5/25/2012 5:19:31 AM | Computer Name = HOME-8WI9D3OO4Q | Source = owAZEVAoRGRCZ | ID = 262153
Description =

< End of report >

broni · 2012/05/28

Good news

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - File not found [Disabled | Stopped] -- -- (AntiVirService)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5643
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5643
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1004336348-1677128483-839522115-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/05/04 19:17:03 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job


:Services

:Reg

:Files
C:\Program Files\Ask.com

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=========================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

==================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

davee · 2012/05/29

hi here is log ;

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Error: No service named nosGetPlusHelper) getPlus(R was found to stop!
Service\Driver key nosGetPlusHelper) getPlus(R not found.
File C:\Program Files\NOS\bin\getPlus_Helper_3004.dll not found.
Service AntiVirService stopped successfully!
Service AntiVirService deleted successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-1677128483-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1004336348-1677128483-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {9C23D886-43CB-43DE-B2DB-112A68D7E10A}
C:\WINDOWS\Downloaded Program Files\MySpaceUploader2.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C23D886-43CB-43DE-B2DB-112A68D7E10A}\ not found.
Starting removal of ActiveX control {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dave
->Temp folder emptied: 1426 bytes
->Temporary Internet Files folder emptied: 330805 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 684 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 550 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Dave
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Dave
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.43.2 log created on 05292012_191549

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

davee · 2012/05/29

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
AVG PC Tuneup 2011
AVG 2012
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
AVG PC Tuneup 2011
CCleaner
Java(TM) 6 Update 32
Adobe Flash Player 11.2.202.235
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

davee · 2012/05/29

Farbar Service Scanner Version: 27-05-2012
Ran by Dave (administrator) on 29-05-2012 at 19:31:47
Running from "C:\Documents and Settings\Dave\Desktop "
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

**** End of log ****

davee · 2012/05/29

Hi broni here is what ESET scan found .
C:\Documents and Settings\Dave\My Documents\amandas stuff\music downloads\New Folder\Adele - Tired.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan

broni · 2012/05/29

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Log in or Sign up

Solved trojan horse virus , cant remove

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

davee Inactive Thread Starter

davee Inactive Thread Starter

davee Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved trojan horse virus , cant remove

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

davee Inactive Thread Starter

broni Moderator Malware Analyst

davee Inactive Thread Starter

davee Inactive Thread Starter

davee Inactive Thread Starter

davee Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches