17 replies to this topic

[Glirmin]

Latley i have been having Issues with Google redirecting me to sites other than the link is supposed to take me to.
Along wiht that, whenever i log into google and try to go to the search engine, it either apears as if i am logged out, or it wont load the site. It also does this when i try to search for images.

I have also been having Ads start on my computer, but it is just the Audio and will happen without any program open.

Here is the log the intructions said to post.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Jim at 17:49:31 on 2012-07-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1271 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
E:\Program Files\LeapFrog Connect\Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jim\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
E:\Program Files\LeapFrog Connect\CommandService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=108844&mntrId=1b0529e00000000000000016ec2fa0b3
uSearch Page = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Jobs Toolbar: {4abe316f-6a24-4e80-b8f3-3b69c1578ab8} - c:\program files\jobstoolbar\vmntemplateX.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: AlxHelper Class: {f443a627-5009-4323-9c1d-7fd598d0d712} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: Need2Find Bar: {4d1c4e89-a32a-416b-bcdb-33b3ef3617d3} - c:\program files\need2find\bar\1.bin\ND2FNBAR.DLL
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: Jobs Toolbar: {4abe316f-6a24-4e80-b8f3-3b69c1578ab8} - c:\program files\jobstoolbar\vmntemplateX.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Amazon Browser Bar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Spotify Web Helper] "c:\documents and settings\jim\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Monitor] "e:\program files\leapfrog connect\Monitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive

manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: RaptisoftGameLoader - hxxp://www.gamehouse.com/realarcade-webgames/hamsterball/raptisoftgameloader.cab
DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157962516983
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157962579358
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {1D8CE183-1EBB-7FCA-9EAC-FE677F0EAD9D} - c:\documents and settings\jim\application data\bot1.exe
mASetup: {CAA91FDD-EDBE-588A-DB60-B4CBDFFFBE6D} - c:\documents and settings\jim\application data\bot.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\1ig2pwy8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - plugin: c:\documents and settings\all users.windows\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: e:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-21 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-25 29712]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-21 243152]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-1-12 66048]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows\application data\skype\toolbars\skype c2c service\c2c_service.exe

[2012-7-5 3048136]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-9-15 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-9-15 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-9-15 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-9-15 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-9-15 25704]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\drivers\tpcdrdrv.sys --> c:\windows\system32\drivers\tpcdrdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-6-7 1262400]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 250056]
S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2006-3-12 37248]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2011-9-15 16640]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2010-7-7 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2010-7-7 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2010-7-7 39552]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2010-7-7 60416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-21 113120]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-1-12 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-1-12 13532]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-6-16 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]
.
=============== File Associations ===============
.
.scr=SageThumbsImage.scr
.
=============== Created Last 30 ================
.
2012-07-24 05:24:59 -------- d-----w- c:\program files\Oracle
2012-07-24 05:24:31 143872 ----a-w- c:\windows\system32javacpl.cpl
2012-07-21 09:20:34 19424 ----a-w- c:\program files\mozilla firefox\nsu95.tmp\xpcom.dll
2012-07-21 09:12:14 -------- d-----w- c:\program files\Amazon Browser Bar
2012-07-12 04:14:26 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-10 10:32:24 -------- d-----w- c:\program files\MonitorDriver
.
==================== Find3M ====================
.
2012-07-17 02:23:33 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-07-17 02:23:33 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-07-12 04:15:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 04:15:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 05:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 05:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-06 05:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-07 21:55:26 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 19:33:07 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-06-10 19:26:21 62910 -c--a-w- c:\program files\Uninstall.exe
2007-11-15 07:20:14 774144 ----a-w- c:\program files\RngInterstitial.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y080P0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2054B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a20c93c]; MOV EAX, [0x8a20cab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX,

[ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8AAF1AB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000074[0x8AB20968]
5 ACPI[0xB7E64620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8AAF3D98]
\Driver\atapi[0x8A9B2F38] -> IRP_MJ_CREATE -> 0x8A2054B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5;

REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A2052E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 17:51:09.28 ===============

Attached Files

•  attach.txt   30.48K   22 downloads
•  dds.txt   22.95K   4 downloads

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.


Next, please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[Glirmin]

Alright. got it done. but had some trouble with combofix (kept crashing) but it worked the third time.

Here is the dds and combofix log (in that order)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Jim at 22:34:18 on 2012-07-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1406 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
E:\Program Files\LeapFrog Connect\CommandService.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\LeapFrog Connect\Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=108844&mntrId=1b0529e00000000000000016ec2fa0b3
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Jobs Toolbar: {4abe316f-6a24-4e80-b8f3-3b69c1578ab8} - c:\program files\jobstoolbar\vmntemplateX.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: AlxHelper Class: {f443a627-5009-4323-9c1d-7fd598d0d712} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
TB: Need2Find Bar: {4d1c4e89-a32a-416b-bcdb-33b3ef3617d3} - c:\program files\need2find\bar\1.bin\ND2FNBAR.DLL
TB: Jobs Toolbar: {4abe316f-6a24-4e80-b8f3-3b69c1578ab8} - c:\program files\jobstoolbar\vmntemplateX.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Amazon Browser Bar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Monitor] "e:\program files\leapfrog connect\Monitor.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: RaptisoftGameLoader - hxxp://www.gamehouse.com/realarcade-webgames/hamsterball/raptisoftgameloader.cab
DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157962516983
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157962579358
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\1ig2pwy8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - plugin: c:\documents and settings\all users.windows\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: e:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-21 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-25 29712]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-21 243152]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-1-12 66048]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-9-15 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-9-15 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-9-15 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-9-15 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-9-15 25704]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\drivers\tpcdrdrv.sys --> c:\windows\system32\drivers\tpcdrdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-6-7 1262400]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 250056]
S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2006-3-12 37248]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2011-9-15 16640]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2010-7-7 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2010-7-7 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2010-7-7 39552]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2010-7-7 60416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-21 113120]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-1-12 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-1-12 13532]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-6-16 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.scr=SageThumbsImage.scr
.
=============== Created Last 30 ================
.
2012-07-26 05:01:48 -------- d-sha-r- C:\cmdcons
2012-07-26 04:08:55 98816 ----a-w- c:\windows\sed.exe
2012-07-26 04:08:55 518144 ----a-w- c:\windows\SWREG.exe
2012-07-26 04:08:55 256000 ----a-w- c:\windows\PEV.exe
2012-07-26 04:08:55 208896 ----a-w- c:\windows\MBR.exe
2012-07-24 05:24:59 -------- d-----w- c:\program files\Oracle
2012-07-24 05:24:31 143872 ----a-w- c:\windows\system32javacpl.cpl
2012-07-21 09:20:34 19424 ----a-w- c:\program files\mozilla firefox\nsu95.tmp\xpcom.dll
2012-07-21 09:12:14 -------- d-----w- c:\program files\Amazon Browser Bar
2012-07-12 04:14:26 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-10 10:32:24 -------- d-----w- c:\program files\MonitorDriver
.
==================== Find3M ====================
.
2012-07-17 02:23:33 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-07-17 02:23:33 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-07-12 04:15:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 04:15:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 05:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 05:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-06 05:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-07 21:55:26 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 19:33:07 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-06-10 19:26:21 62910 -c--a-w- c:\program files\Uninstall.exe
2007-11-15 07:20:14 774144 ----a-w- c:\program files\RngInterstitial.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y080P0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A1054B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a10c93c]; MOV EAX, [0x8a10cab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8AAEAAB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000076[0x8AA6F9E8]
5 ACPI[0xB7E64620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8AAECD98]
\Driver\atapi[0x8A122760] -> IRP_MJ_CREATE -> 0x8A1054B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1052E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:34:43.34 ===============


ComboFix 12-07-26.04 - Jim 07/25/2012 22:05:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1284 [GMT -7:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users.WINDOWS\Application Data\QuestScan
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe
c:\documents and settings\Guest\Application Data\facemoods.com
c:\documents and settings\Jim\Application Data\alot
c:\documents and settings\Jim\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\Jim\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\Jim\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\Jim\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\Jim\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\Jim\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\Jim\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\Jim\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\Jim\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\Jim\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\Jim\Application Data\alot\Button_201\Button_201.xml
c:\documents and settings\Jim\Application Data\alot\Button_201\Button_201.xml.backup
c:\documents and settings\Jim\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\Jim\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\Jim\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\Jim\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\Jim\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\Jim\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\Jim\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\Jim\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\Jim\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\Jim\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\Jim\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\Jim\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\Jim\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\Jim\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\Jim\Application Data\alot\configurator\configurator.xml
c:\documents and settings\Jim\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\Jim\Application Data\alot\contextMenu\contextMenu.xml
c:\documents and settings\Jim\Application Data\alot\contextMenu\contextMenu.xml.backup
c:\documents and settings\Jim\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\Jim\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\Jim\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\Jim\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\Jim\Application Data\alot\products\products.xml
c:\documents and settings\Jim\Application Data\alot\products\products.xml.backup
c:\documents and settings\Jim\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html
c:\documents and settings\Jim\Application Data\alot\Resources\BrowserSearch\images\favicon.ico
c:\documents and settings\Jim\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Button_0\images\alot_logo_button.png
c:\documents and settings\Jim\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Button_1\images\alot_search_button.png
c:\documents and settings\Jim\Application Data\alot\Resources\Button_10\images\default_1999_print.coupons.com_button.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Button_10\images\default_1999_print.coupons.com_button.png
c:\documents and settings\Jim\Application Data\alot\Resources\Button_2\images\default_1795_default_1795_alot_configure.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Button_2\images\default_1795_default_1795_alot_configure.png
c:\documents and settings\Jim\Application Data\alot\Resources\Button_201\images\default_1589_alot_widget_games.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Button_201\images\default_1589_alot_widget_games.png
c:\documents and settings\Jim\Application Data\alot\Resources\Button_3\images\default_1379_alot_cas_playgames.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Button_3\images\default_1379_alot_cas_playgames.png
c:\documents and settings\Jim\Application Data\alot\Resources\Button_4\images\default_1699_toolbar_alot_icon_cafe.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Button_4\images\default_1699_toolbar_alot_icon_cafe.png
c:\documents and settings\Jim\Application Data\alot\Resources\Button_5\images\default_1103_alot_lottery_dollar.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Button_5\images\default_1103_alot_lottery_dollar.png
c:\documents and settings\Jim\Application Data\alot\Resources\Button_6\images\default_1588_solitaire.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Button_6\images\default_1588_solitaire.png
c:\documents and settings\Jim\Application Data\alot\Resources\Button_7\images\default_1024_alot_games_casual_crosswords.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Button_7\images\default_1024_alot_games_casual_crosswords.png
c:\documents and settings\Jim\Application Data\alot\Resources\Button_8\images\default_1613_alot_online_games_tetriz.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Button_8\images\default_1613_alot_online_games_tetriz.png
c:\documents and settings\Jim\Application Data\alot\Resources\Button_9\images\default_1041_default_1045_alot_mrkt_readersdigest.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Button_9\images\default_1041_default_1045_alot_mrkt_readersdigest.png
c:\documents and settings\Jim\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\contextMenu\images\alot_icon.png
c:\documents and settings\Jim\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png
c:\documents and settings\Jim\Application Data\alot\Resources\Shared\domains.dat
c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\alot_splitter.png
c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\discover.png
c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\spinner.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_bottom.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_caption.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_error_close.bmp
c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp
c:\documents and settings\Jim\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\Jim\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\Jim\Application Data\alot\toolbar.xml
c:\documents and settings\Jim\Application Data\alot\toolbar.xml.backup
c:\documents and settings\Jim\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\documents and settings\Jim\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\documents and settings\Jim\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\Jim\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\documents and settings\Jim\Application Data\alot\Updater\Updater.xml
c:\documents and settings\Jim\Application Data\alot\Updater\Updater.xml.backup
c:\documents and settings\Jim\Application Data\facemoods.com
c:\documents and settings\Jim\Application Data\facemoods.com\facemoods\us\20101003\kywrds.tat
c:\documents and settings\Jim\Application Data\facemoods.com\facemoods\us\20101003\kywrds.ttr
c:\documents and settings\Jim\Application Data\Jim3SQLite3.dll
c:\documents and settings\Jim\Application Data\Jimlog.dat
c:\documents and settings\Jim\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Jim\My Documents\~WRL3973.tmp
c:\documents and settings\Jim\My Documents\ShopToWin
c:\documents and settings\Jim\WINDOWS
C:\install.exe
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\program files\QuestScan
c:\program files\QuestScan\uninstall.exe
c:\windows\system32\setb7.tmp
c:\windows\system32\tmp33.tmp
c:\windows\system32\windows
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-24 05:24 . 2012-07-24 05:24 -------- d-----w- c:\program files\Oracle
2012-07-24 05:24 . 2012-07-24 05:22 143872 ----a-w- c:\windows\system32javacpl.cpl
2012-07-21 09:54 . 2012-07-21 09:54 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-21 09:12 . 2012-07-21 09:12 -------- d-----w- c:\program files\Amazon Browser Bar
2012-07-15 07:40 . 2012-07-15 07:40 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Sun
2012-07-12 04:14 . 2012-07-12 04:14 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-10 10:32 . 2012-07-10 10:33 -------- d-----w- c:\program files\MonitorDriver
2012-07-10 10:32 . 2012-07-10 10:32 -------- d-----w- c:\documents and settings\Jim\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 04:15 . 2012-04-16 09:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 04:15 . 2012-04-16 09:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 05:07 . 2007-04-19 16:16 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 05:06 . 2012-04-08 18:59 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-06 05:06 . 2010-06-08 19:33 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46 . 2009-03-15 18:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2001-08-23 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 22:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2001-08-23 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2001-08-23 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2007-06-21 20:12 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-06-21 20:12 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2006-09-11 08:15 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2006-09-11 08:15 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2005-05-26 11:19 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-06-21 20:12 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2006-09-11 08:15 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2006-09-11 08:15 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2006-09-11 07:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2001-08-23 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-06-21 20:12 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2006-09-11 08:15 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2006-09-11 07:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2007-06-22 15:59 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2006-09-11 08:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2005-05-26 11:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2002-09-23 22:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-01-08 22:23 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 10:18 . 2011-11-24 22:05 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18 . 2011-11-24 22:05 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18 . 2011-11-24 22:05 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18 . 2011-11-24 22:05 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:18 . 2009-08-17 07:57 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18 . 2009-08-17 07:57 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18 . 2008-05-03 05:46 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2008-03-16 00:46 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2008-03-16 00:45 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2004-08-04 07:56 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18 . 2004-08-04 05:29 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 09:40 . 2009-08-17 10:04 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2009-08-17 10:03 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2009-08-17 10:03 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2009-08-17 10:03 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2009-08-17 10:03 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-11 14:42 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-05-04 19:33 . 2010-06-06 01:48 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-04 13:16 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2006-09-11 07:49 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-06-10 19:26 . 2008-06-10 19:26 62910 -c--a-w- c:\program files\Uninstall.exe
2007-11-15 07:20 . 2007-11-15 07:20 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-07-14 00:17 . 2012-07-21 09:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4abe316f-6a24-4e80-b8f3-3b69c1578ab8}]
2011-03-04 10:54 81920 ----a-w- c:\program files\jobstoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
2012-05-10 00:05 1607472 ----a-w- c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4abe316f-6a24-4e80-b8f3-3b69c1578ab8}"= "c:\program files\jobstoolbar\vmntemplateX.dll" [2011-03-04 81920]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll" [2012-05-10 1607472]
.
[HKEY_CLASSES_ROOT\clsid\{4abe316f-6a24-4e80-b8f3-3b69c1578ab8}]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-07 161336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Monitor"="e:\program files\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-1-12 745472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 21:00 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^GameFly.lnk]
path=c:\documents and settings\Jim\Start Menu\Programs\Startup\GameFly.lnk
backup=c:\windows\pss\GameFly.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 15:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-07-12 12:44 9478320 ----a-w- c:\documents and settings\Jim\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-24 06:53 1242448 ----a-w- e:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/21/2009 3:08 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/21/2009 3:08 PM 243152]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 1:59 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 1:59 PM 308136]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/12/2009 5:03 PM 66048]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 11:18 AM 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [9/15/2011 7:18 PM 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [9/15/2011 7:19 PM 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [9/15/2011 7:19 PM 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [9/15/2011 7:19 PM 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [9/15/2011 7:19 PM 25704]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:34 AM 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [6/7/2012 2:59 PM 1262400]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/16/2012 2:10 AM 250056]
S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [3/12/2006 1:11 PM 37248]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [9/15/2011 2:05 PM 16640]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [7/7/2010 12:53 AM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [7/7/2010 12:54 AM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [7/7/2010 12:53 AM 39552]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [7/7/2010 12:53 AM 60416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:34 AM 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/21/2012 2:54 AM 113120]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [1/12/2009 5:03 PM 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [1/12/2009 5:03 PM 13532]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/16/2012 3:39 AM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 04:15]
.
2012-07-24 c:\windows\Tasks\AdobeAAMUpdater-1.0-DUFIS-D-Jim.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-05-05 13:09]
.
2012-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-07-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-14 17:03]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:34]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=108844&mntrId=1b0529e00000000000000016ec2fa0b3
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: RaptisoftGameLoader - hxxp://www.gamehouse.com/realarcade-webgames/hamsterball/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
.
.
------- File Associations -------
.
.scr=SageThumbsImage.scr
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-AdobeBridge - (no file)
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
Notify-AtiExtEvent - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-AdobeBridge - e:\program files\Adobe\Adobe Bridge CS5.1\Bridge.exe
HKLM_ActiveSetup-{1D8CE183-1EBB-7FCA-9EAC-FE677F0EAD9D} - c:\documents and settings\Jim\Application Data\bot1.exe
HKLM_ActiveSetup-{CAA91FDD-EDBE-588A-DB60-B4CBDFFFBE6D} - c:\documents and settings\Jim\Application Data\bot.exe
AddRemove-12345_is1 - e:\program files\WeGame\unins000.exe
AddRemove-15b35190-c6f9-11d9-9669-0800200c9a66_is1 - e:\program files\Turbine\DDO Unlimited\unins000.exe
AddRemove-Audacity 1.3 Beta (Unicode)_is1 - e:\program files\Audacity 1.3 Beta (Unicode)\unins000.exe
AddRemove-Baldur's Gate - c:\program files\Black Isle\Baldur's Gate\Uninst.isu
AddRemove-dimaondtools - e:\program files\Diamond Multimedia\Diamond Tools\uninstall.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe
AddRemove-Free M4a to MP3 Converter_is1 - e:\program files\Free M4a to MP3 Converter\unins000.exe
AddRemove-iSkysoft DRM Removal_is1 - e:\program files\iSkysoft\DRM Removal\unins000.exe
AddRemove-KB913433 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\3.0.0.103\InstWrap.exe
AddRemove-Punch! Home Design - Platinum - e:\progra~1\PUNCH!~1\UNWISE.EXE
AddRemove-RAR Password Cracker - h:\program files\RAR Password Cracker\uninstall.exe
AddRemove-Slingo Quest Egypt - c:\program files\Slingo Quest Egypt\Uninstall.exe
AddRemove-Slingo-Supreme - c:\program files\Slingo-Supreme\Uninstall.exe
AddRemove-Virtual DJ - Atomix Productions - e:\progra~1\VIRTUA~1\UNWISE.EXE
AddRemove-WinGimp-2.0_is1 - c:\program files\GIMP-2.0\setup\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-25 22:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6Y080P0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-17
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A1052E2
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,cc,57,59,1d,a3,38,48,aa,fd,13,\
.
[HKEY_USERS\S-1-5-21-57989841-2025429265-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:94,c5,e7,2e,4a,b8,d8,b9,ed,8f,60,54,17,2a,56,04,e8,5c,78,84,f0,
49,54,43,a3,1d,7c,99,f2,95,50,71,a3,55,33,9b,f0,04,20,fa,22,a8,55,9a,7c,2d,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:de,5e,c5,e5,35,85,69,83,85,07,c1,0b,47,0d,7d,d0,fb,59,e4,6b,99,
0f,f2,91,cc,2e,15,99,50,fa,26,22,28,18,c9,53,0a,e5,bd,3d,0e,66,6e,47,0d,c6,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ
*]
"DisplayName"="?\11\09"
"DeviceDesc"="?\11\09"
"ProviderName"="???\11? H\11??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"d:\\raid\\ati\\sbdrv\\smbus\\smbusati.inf\00"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:de,5e,c5,e5,35,85,69,83,85,07,c1,0b,47,0d,7d,d0,fb,59,e4,6b,99,
0f,f2,91,cc,2e,15,99,50,fa,26,22,28,18,c9,53,0a,e5,bd,3d,0e,66,6e,47,0d,c6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3624)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
e:\program files\SageThumbs\32\SageThumbs.dll
e:\program files\SageThumbs\32\sqlite3.dll
e:\program files\SageThumbs\32\libgfl340.dll
e:\program files\SageThumbs\32\libgfle340.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
e:\program files\LeapFrog Connect\CommandService.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\RunDLL32.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-07-25 22:32:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 05:32
.
Pre-Run: 21,609,213,952 bytes free
Post-Run: 26,667,184,128 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - 6C3B540BFA916F8FAF7130BF97B6E05E

[screen317]

Hi,

Uninstall these two programs:

jobstoolbar
Amazon Browser Bar

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

[Glirmin]

here is the log

14:48:26.0265 4952 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:48:26.0734 4952 ============================================================
14:48:26.0734 4952 Current date / time: 2012/07/26 14:48:26.0734
14:48:26.0734 4952 SystemInfo:
14:48:26.0734 4952
14:48:26.0734 4952 OS Version: 5.1.2600 ServicePack: 3.0
14:48:26.0734 4952 Product type: Workstation
14:48:26.0734 4952 ComputerName: DUFIS-D
14:48:26.0734 4952 UserName: Jim
14:48:26.0734 4952 Windows directory: C:\WINDOWS
14:48:26.0734 4952 System windows directory: C:\WINDOWS
14:48:26.0734 4952 Processor architecture: Intel x86
14:48:26.0734 4952 Number of processors: 2
14:48:26.0734 4952 Page size: 0x1000
14:48:26.0734 4952 Boot type: Normal boot
14:48:26.0734 4952 ============================================================
14:48:30.0312 4952 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:48:30.0328 4952 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:48:30.0328 4952 ============================================================
14:48:30.0328 4952 \Device\Harddisk0\DR0:
14:48:30.0328 4952 MBR partitions:
14:48:30.0328 4952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A7FAD
14:48:30.0328 4952 \Device\Harddisk1\DR1:
14:48:30.0328 4952 MBR partitions:
14:48:30.0328 4952 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
14:48:30.0328 4952 ============================================================
14:48:30.0375 4952 C: <-> \Device\Harddisk0\DR0\Partition0
14:48:30.0390 4952 E: <-> \Device\Harddisk1\DR1\Partition0
14:48:30.0421 4952 ============================================================
14:48:30.0421 4952 Initialize success
14:48:30.0421 4952 ============================================================
14:48:37.0484 5724 ============================================================
14:48:37.0484 5724 Scan started
14:48:37.0484 5724 Mode: Manual;
14:48:37.0484 5724 ============================================================
14:48:37.0890 5724 Abiosdsk - ok
14:48:37.0906 5724 abp480n5 - ok
14:48:37.0937 5724 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:48:37.0953 5724 ACPI - ok
14:48:37.0968 5724 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:48:37.0968 5724 ACPIEC - ok
14:48:38.0062 5724 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:48:38.0062 5724 AdobeFlashPlayerUpdateSvc - ok
14:48:38.0093 5724 adpu160m - ok
14:48:38.0109 5724 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:48:38.0125 5724 aec - ok
14:48:38.0187 5724 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:48:38.0218 5724 AFD - ok
14:48:38.0218 5724 Aha154x - ok
14:48:38.0234 5724 aic78u2 - ok
14:48:38.0234 5724 aic78xx - ok
14:48:38.0437 5724 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
14:48:38.0562 5724 ALCXWDM - ok
14:48:38.0671 5724 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:48:38.0671 5724 Alerter - ok
14:48:38.0703 5724 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:48:38.0703 5724 ALG - ok
14:48:38.0718 5724 AliIde - ok
14:48:38.0750 5724 Alpham (5c6b6686f14b6e9549e320f59fec1469) C:\WINDOWS\system32\DRIVERS\Alpham.sys
14:48:38.0765 5724 Alpham - ok
14:48:38.0812 5724 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:48:38.0828 5724 AmdK8 - ok
14:48:38.0828 5724 amsint - ok
14:48:38.0921 5724 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:48:38.0937 5724 Apple Mobile Device - ok
14:48:38.0984 5724 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:48:39.0000 5724 AppMgmt - ok
14:48:39.0062 5724 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:48:39.0062 5724 Arp1394 - ok
14:48:39.0140 5724 AsAudioDevice_349 (85ece26f326c2d07ba77a60343468272) C:\WINDOWS\system32\drivers\AsAudioDevice_349.sys
14:48:39.0156 5724 AsAudioDevice_349 - ok
14:48:39.0156 5724 asc - ok
14:48:39.0156 5724 asc3350p - ok
14:48:39.0171 5724 asc3550 - ok
14:48:39.0250 5724 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:48:39.0296 5724 aspnet_state - ok
14:48:39.0328 5724 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:48:39.0328 5724 AsyncMac - ok
14:48:39.0343 5724 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:48:39.0343 5724 atapi - ok
14:48:39.0343 5724 Atdisk - ok
14:48:39.0406 5724 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
14:48:39.0421 5724 atksgt - ok
14:48:39.0421 5724 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:48:39.0437 5724 Atmarpc - ok
14:48:39.0468 5724 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:48:39.0468 5724 AudioSrv - ok
14:48:39.0500 5724 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:48:39.0500 5724 audstub - ok
14:48:39.0593 5724 avg9emc (aa054cd537357f03d5ba6aba7562b35f) C:\Program Files\AVG\AVG9\avgemc.exe
14:48:39.0625 5724 avg9emc - ok
14:48:39.0656 5724 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
14:48:39.0671 5724 avg9wd - ok
14:48:39.0812 5724 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
14:48:39.0828 5724 AvgLdx86 - ok
14:48:39.0843 5724 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:48:39.0843 5724 AvgMfx86 - ok
14:48:39.0875 5724 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys
14:48:39.0890 5724 AvgTdiX - ok
14:48:39.0984 5724 BCM43XX (2ee34b694d1ce077678662d7884f6c79) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:48:40.0093 5724 BCM43XX - ok
14:48:40.0140 5724 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:48:40.0140 5724 Beep - ok
14:48:40.0203 5724 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:48:40.0250 5724 BITS - ok
14:48:40.0375 5724 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:48:40.0406 5724 Bonjour Service - ok
14:48:40.0437 5724 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
14:48:40.0437 5724 brfilt - ok
14:48:40.0468 5724 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:48:40.0468 5724 Browser - ok
14:48:40.0484 5724 brparimg (e05d9eda91c1b2c4c4f6f5a6d5b14b58) C:\WINDOWS\system32\DRIVERS\BrParImg.sys
14:48:40.0484 5724 brparimg - ok
14:48:40.0515 5724 BrParWdm (108d5c678411ac5b53d51756177d50a4) C:\WINDOWS\system32\Drivers\BrParwdm.sys
14:48:40.0546 5724 BrParWdm - ok
14:48:40.0562 5724 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
14:48:40.0562 5724 BrSerWDM - ok
14:48:40.0562 5724 catchme - ok
14:48:40.0625 5724 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:48:40.0625 5724 cbidf2k - ok
14:48:40.0625 5724 cd20xrnt - ok
14:48:40.0640 5724 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:48:40.0640 5724 Cdaudio - ok
14:48:40.0656 5724 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:48:40.0656 5724 Cdfs - ok
14:48:40.0687 5724 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:48:40.0703 5724 Cdrom - ok
14:48:40.0703 5724 Changer - ok
14:48:40.0734 5724 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:48:40.0734 5724 cisvc - ok
14:48:40.0750 5724 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:48:40.0750 5724 ClipSrv - ok
14:48:40.0828 5724 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:48:40.0953 5724 clr_optimization_v2.0.50727_32 - ok
14:48:41.0031 5724 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:48:41.0125 5724 clr_optimization_v4.0.30319_32 - ok
14:48:41.0140 5724 CmdIde - ok
14:48:41.0140 5724 COMSysApp - ok
14:48:41.0156 5724 Cpqarray - ok
14:48:41.0203 5724 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:48:41.0203 5724 CryptSvc - ok
14:48:41.0203 5724 dac2w2k - ok
14:48:41.0218 5724 dac960nt - ok
14:48:41.0265 5724 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:48:41.0281 5724 DcomLaunch - ok
14:48:41.0312 5724 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:48:41.0328 5724 Dhcp - ok
14:48:41.0375 5724 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:48:41.0375 5724 Disk - ok
14:48:41.0375 5724 dmadmin - ok
14:48:41.0468 5724 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:48:41.0531 5724 dmboot - ok
14:48:41.0546 5724 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:48:41.0562 5724 dmio - ok
14:48:41.0578 5724 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:48:41.0578 5724 dmload - ok
14:48:41.0609 5724 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:48:41.0609 5724 dmserver - ok
14:48:41.0625 5724 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:48:41.0625 5724 DMusic - ok
14:48:41.0656 5724 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:48:41.0656 5724 Dnscache - ok
14:48:41.0687 5724 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:48:41.0718 5724 Dot3svc - ok
14:48:41.0718 5724 dpti2o - ok
14:48:41.0734 5724 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:48:41.0734 5724 drmkaud - ok
14:48:41.0781 5724 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:48:41.0781 5724 EapHost - ok
14:48:41.0812 5724 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
14:48:41.0843 5724 EAPPkt - ok
14:48:41.0843 5724 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:48:41.0859 5724 ERSvc - ok
14:48:41.0890 5724 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:48:41.0906 5724 Eventlog - ok
14:48:41.0921 5724 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
14:48:41.0953 5724 EventSystem - ok
14:48:42.0015 5724 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:48:42.0015 5724 Fastfat - ok
14:48:42.0046 5724 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:48:42.0062 5724 FastUserSwitchingCompatibility - ok
14:48:42.0078 5724 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:48:42.0093 5724 Fdc - ok
14:48:42.0093 5724 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:48:42.0109 5724 Fips - ok
14:48:42.0234 5724 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:48:42.0265 5724 FLEXnet Licensing Service - ok
14:48:42.0281 5724 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:48:42.0281 5724 Flpydisk - ok
14:48:42.0312 5724 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:48:42.0328 5724 FltMgr - ok
14:48:42.0437 5724 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:48:42.0453 5724 FontCache3.0.0.0 - ok
14:48:42.0468 5724 FreshIO - ok
14:48:42.0500 5724 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:48:42.0500 5724 Fs_Rec - ok
14:48:42.0515 5724 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:48:42.0531 5724 Ftdisk - ok
14:48:42.0546 5724 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:48:42.0562 5724 GEARAspiWDM - ok
14:48:42.0578 5724 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:48:42.0578 5724 Gpc - ok
14:48:42.0578 5724 GTNDIS5 - ok
14:48:42.0671 5724 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:48:42.0671 5724 gupdate - ok
14:48:42.0687 5724 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:48:42.0687 5724 gupdatem - ok
14:48:42.0718 5724 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:48:42.0734 5724 gusvc - ok
14:48:42.0796 5724 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
14:48:42.0796 5724 hamachi - ok
14:48:42.0906 5724 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:48:42.0906 5724 helpsvc - ok
14:48:42.0937 5724 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
14:48:42.0953 5724 HidServ - ok
14:48:42.0953 5724 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:48:42.0953 5724 hidusb - ok
14:48:43.0031 5724 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:48:43.0046 5724 hkmsvc - ok
14:48:43.0046 5724 hpn - ok
14:48:43.0046 5724 hpt3xx - ok
14:48:43.0093 5724 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:48:43.0109 5724 HTTP - ok
14:48:43.0171 5724 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:48:43.0171 5724 HTTPFilter - ok
14:48:43.0171 5724 i2omgmt - ok
14:48:43.0171 5724 i2omp - ok
14:48:43.0203 5724 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:48:43.0218 5724 i8042prt - ok
14:48:43.0312 5724 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:48:43.0343 5724 IDriverT - ok
14:48:43.0500 5724 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:48:43.0531 5724 idsvc - ok
14:48:43.0562 5724 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:48:43.0578 5724 Imapi - ok
14:48:43.0609 5724 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:48:43.0625 5724 ImapiService - ok
14:48:43.0625 5724 ini910u - ok
14:48:43.0640 5724 IntelIde - ok
14:48:43.0687 5724 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:48:43.0703 5724 ip6fw - ok
14:48:43.0718 5724 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:48:43.0718 5724 IpFilterDriver - ok
14:48:43.0734 5724 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:48:43.0750 5724 IpInIp - ok
14:48:43.0781 5724 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:48:43.0796 5724 IpNat - ok
14:48:43.0906 5724 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:48:43.0953 5724 iPod Service - ok
14:48:43.0953 5724 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:48:43.0968 5724 IPSec - ok
14:48:43.0984 5724 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:48:43.0984 5724 IRENUM - ok
14:48:44.0031 5724 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:48:44.0031 5724 isapnp - ok
14:48:44.0078 5724 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys
14:48:44.0078 5724 ivusb - ok
14:48:44.0156 5724 JavaQuickStarterService (4f2143570d2250ca4c4a4c98553c82cd) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
14:48:44.0156 5724 JavaQuickStarterService - ok
14:48:44.0187 5724 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:48:44.0187 5724 Kbdclass - ok
14:48:44.0203 5724 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:48:44.0203 5724 kbdhid - ok
14:48:44.0218 5724 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:48:44.0234 5724 kmixer - ok
14:48:44.0281 5724 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:48:44.0281 5724 KSecDD - ok
14:48:44.0328 5724 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:48:44.0343 5724 lanmanserver - ok
14:48:44.0375 5724 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:48:44.0421 5724 lanmanworkstation - ok
14:48:44.0421 5724 lbrtfdc - ok
14:48:44.0843 5724 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) E:\Program Files\LeapFrog Connect\CommandService.exe
14:48:45.0296 5724 LeapFrog Connect Device Service - ok
14:48:45.0328 5724 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
14:48:45.0328 5724 lirsgt - ok
14:48:45.0343 5724 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:48:45.0343 5724 LmHosts - ok
14:48:45.0375 5724 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:48:45.0375 5724 Messenger - ok
14:48:45.0406 5724 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
14:48:45.0406 5724 mf - ok
14:48:45.0437 5724 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:48:45.0453 5724 mnmdd - ok
14:48:45.0484 5724 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
14:48:45.0484 5724 mnmsrvc - ok
14:48:45.0500 5724 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:48:45.0500 5724 Modem - ok
14:48:45.0562 5724 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
14:48:45.0578 5724 motccgp - ok
14:48:45.0609 5724 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
14:48:45.0609 5724 motccgpfl - ok
14:48:45.0640 5724 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
14:48:45.0656 5724 motmodem - ok
14:48:45.0687 5724 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
14:48:45.0703 5724 motport - ok
14:48:45.0703 5724 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:48:45.0703 5724 Mouclass - ok
14:48:45.0734 5724 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:48:45.0734 5724 mouhid - ok
14:48:45.0750 5724 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:48:45.0750 5724 MountMgr - ok
14:48:45.0843 5724 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:48:45.0859 5724 MozillaMaintenance - ok
14:48:45.0875 5724 mraid35x - ok
14:48:45.0890 5724 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:48:45.0906 5724 MRxDAV - ok
14:48:45.0968 5724 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:48:45.0984 5724 MRxSmb - ok
14:48:46.0031 5724 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
14:48:46.0031 5724 MSDTC - ok
14:48:46.0062 5724 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:48:46.0062 5724 Msfs - ok
14:48:46.0062 5724 MSIServer - ok
14:48:46.0109 5724 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:48:46.0109 5724 MSKSSRV - ok
14:48:46.0140 5724 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:48:46.0140 5724 MSPCLOCK - ok
14:48:46.0156 5724 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:48:46.0156 5724 MSPQM - ok
14:48:46.0171 5724 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:48:46.0171 5724 mssmbios - ok
14:48:46.0187 5724 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:48:46.0187 5724 Mup - ok
14:48:46.0234 5724 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:48:46.0281 5724 napagent - ok
14:48:46.0281 5724 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:48:46.0296 5724 NDIS - ok
14:48:46.0312 5724 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:48:46.0328 5724 NdisTapi - ok
14:48:46.0343 5724 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:48:46.0343 5724 Ndisuio - ok
14:48:46.0359 5724 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:48:46.0375 5724 NdisWan - ok
14:48:46.0421 5724 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:48:46.0421 5724 NDProxy - ok
14:48:46.0468 5724 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:48:46.0484 5724 NetBIOS - ok
14:48:46.0500 5724 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:48:46.0515 5724 NetBT - ok
14:48:46.0562 5724 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:48:46.0578 5724 NetDDE - ok
14:48:46.0578 5724 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:48:46.0593 5724 NetDDEdsdm - ok
14:48:46.0625 5724 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:48:46.0640 5724 Netlogon - ok
14:48:46.0656 5724 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:48:46.0671 5724 Netman - ok
14:48:46.0781 5724 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:48:46.0796 5724 NetTcpPortSharing - ok
14:48:46.0843 5724 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:48:46.0859 5724 NIC1394 - ok
14:48:46.0906 5724 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:48:46.0906 5724 Nla - ok
14:48:46.0937 5724 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:48:46.0937 5724 Npfs - ok
14:48:47.0000 5724 npkcmsvc (b28873f1a04dffd29d03d6eb201f9e49) C:\Nexon\Mabinogi\npkcmsvc.exe
14:48:47.0015 5724 npkcmsvc - ok
14:48:47.0031 5724 npkcrypt - ok
14:48:47.0046 5724 npkcusb - ok
14:48:47.0109 5724 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:48:47.0125 5724 Ntfs - ok
14:48:47.0140 5724 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
14:48:47.0156 5724 NtLmSsp - ok
14:48:47.0203 5724 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:48:47.0234 5724 NtmsSvc - ok
14:48:47.0265 5724 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:48:47.0265 5724 Null - ok
14:48:48.0062 5724 nv (7b5a17bd54bb9142843dbe99a1caaed8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:48:48.0703 5724 nv - ok
14:48:48.0843 5724 NVSvc (5150b108ea88831e1c599603d8b89621) C:\WINDOWS\system32\nvsvc32.exe
14:48:48.0859 5724 NVSvc - ok
14:48:49.0015 5724 nvUpdatusService (83e8ab7bb3c8956c53fec071c94f0bbb) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:48:49.0062 5724 nvUpdatusService - ok
14:48:49.0156 5724 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:48:49.0156 5724 NwlnkFlt - ok
14:48:49.0187 5724 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:48:49.0187 5724 NwlnkFwd - ok
14:48:49.0250 5724 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:48:49.0250 5724 ohci1394 - ok
14:48:49.0281 5724 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
14:48:49.0312 5724 PalmUSBD - ok
14:48:49.0328 5724 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:48:49.0328 5724 Parport - ok
14:48:49.0343 5724 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:48:49.0343 5724 PartMgr - ok
14:48:49.0390 5724 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:48:49.0390 5724 ParVdm - ok
14:48:49.0421 5724 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:48:49.0437 5724 PCI - ok
14:48:49.0437 5724 PCIDump - ok
14:48:49.0500 5724 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:48:49.0500 5724 PCIIde - ok
14:48:49.0531 5724 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:48:49.0531 5724 Pcmcia - ok
14:48:49.0531 5724 PDCOMP - ok
14:48:49.0546 5724 PDFRAME - ok
14:48:49.0546 5724 PDRELI - ok
14:48:49.0546 5724 PDRFRAME - ok
14:48:49.0562 5724 perc2 - ok
14:48:49.0562 5724 perc2hib - ok
14:48:49.0609 5724 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:48:49.0609 5724 PlugPlay - ok
14:48:49.0625 5724 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:48:49.0625 5724 PolicyAgent - ok
14:48:49.0640 5724 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:48:49.0656 5724 PptpMiniport - ok
14:48:49.0656 5724 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:48:49.0671 5724 Processor - ok
14:48:49.0671 5724 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:48:49.0671 5724 ProtectedStorage - ok
14:48:49.0687 5724 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:48:49.0687 5724 PSched - ok
14:48:49.0703 5724 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:48:49.0703 5724 Ptilink - ok
14:48:49.0734 5724 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:48:49.0734 5724 PxHelp20 - ok
14:48:49.0734 5724 ql1080 - ok
14:48:49.0734 5724 Ql10wnt - ok
14:48:49.0750 5724 ql12160 - ok
14:48:49.0750 5724 ql1240 - ok
14:48:49.0765 5724 ql1280 - ok
14:48:49.0781 5724 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:48:49.0781 5724 RasAcd - ok
14:48:49.0812 5724 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:48:49.0828 5724 RasAuto - ok
14:48:49.0828 5724 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:48:49.0843 5724 Rasl2tp - ok
14:48:49.0890 5724 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:48:49.0890 5724 RasMan - ok
14:48:49.0906 5724 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:48:49.0921 5724 RasPppoe - ok
14:48:49.0921 5724 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:48:49.0921 5724 Raspti - ok
14:48:49.0968 5724 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:48:49.0968 5724 Rdbss - ok
14:48:49.0984 5724 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:48:49.0984 5724 RDPCDD - ok
14:48:50.0015 5724 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:48:50.0031 5724 rdpdr - ok
14:48:50.0078 5724 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
14:48:50.0093 5724 RDPWD - ok
14:48:50.0125 5724 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:48:50.0125 5724 RDSessMgr - ok
14:48:50.0187 5724 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:48:50.0187 5724 redbook - ok
14:48:50.0234 5724 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:48:50.0234 5724 RemoteAccess - ok
14:48:50.0281 5724 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:48:50.0281 5724 RemoteRegistry - ok
14:48:50.0390 5724 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\Cyberlink\Shared files\RichVideo.exe
14:48:50.0406 5724 RichVideo - ok
14:48:50.0453 5724 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
14:48:50.0468 5724 RpcLocator - ok
14:48:50.0515 5724 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:48:50.0515 5724 RpcSs - ok
14:48:50.0562 5724 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
14:48:50.0578 5724 RSVP - ok
14:48:50.0703 5724 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
14:48:50.0734 5724 RTL8023xp - ok
14:48:50.0781 5724 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
14:48:50.0828 5724 RTLWUSB - ok
14:48:50.0843 5724 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:48:50.0843 5724 SamSs - ok
14:48:50.0875 5724 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
14:48:50.0875 5724 sbp2port - ok
14:48:50.0906 5724 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:48:50.0921 5724 SCardSvr - ok
14:48:50.0984 5724 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:48:51.0000 5724 Schedule - ok
14:48:51.0031 5724 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:48:51.0031 5724 Secdrv - ok
14:48:51.0046 5724 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:48:51.0046 5724 seclogon - ok
14:48:51.0093 5724 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:48:51.0093 5724 SENS - ok
14:48:51.0109 5724 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:48:51.0109 5724 serenum - ok
14:48:51.0125 5724 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:48:51.0125 5724 Serial - ok
14:48:51.0156 5724 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:48:51.0156 5724 Sfloppy - ok
14:48:51.0187 5724 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:48:51.0218 5724 SharedAccess - ok
14:48:51.0250 5724 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:48:51.0250 5724 ShellHWDetection - ok
14:48:51.0250 5724 Simbad - ok
14:48:51.0296 5724 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
14:48:51.0312 5724 SjyPkt - ok
14:48:51.0687 5724 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:48:51.0812 5724 Skype C2C Service - ok
14:48:51.0953 5724 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
14:48:51.0968 5724 SkypeUpdate - ok
14:48:52.0218 5724 Sparrow - ok
14:48:52.0234 5724 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:48:52.0234 5724 splitter - ok
14:48:52.0265 5724 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:48:52.0296 5724 Spooler - ok
14:48:52.0359 5724 sptd (0022cfff1a41e5ce3a764050a7ddf22a) C:\WINDOWS\System32\Drivers\sptd.sys
14:48:52.0375 5724 sptd - ok
14:48:52.0390 5724 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:48:52.0390 5724 sr - ok
14:48:52.0437 5724 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:48:52.0453 5724 srservice - ok
14:48:52.0500 5724 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:48:52.0515 5724 Srv - ok
14:48:52.0546 5724 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:48:52.0546 5724 SSDPSRV - ok
14:48:52.0593 5724 Steam Client Service - ok
14:48:52.0640 5724 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:48:52.0671 5724 stisvc - ok
14:48:52.0687 5724 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:48:52.0687 5724 swenum - ok
14:48:52.0796 5724 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:48:52.0828 5724 SwitchBoard - ok
14:48:52.0843 5724 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:48:52.0859 5724 swmidi - ok
14:48:52.0859 5724 SwPrv - ok
14:48:52.0875 5724 symc810 - ok
14:48:52.0875 5724 symc8xx - ok
14:48:52.0875 5724 sym_hi - ok
14:48:52.0890 5724 sym_u3 - ok
14:48:52.0921 5724 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:48:52.0921 5724 sysaudio - ok
14:48:52.0953 5724 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:48:52.0968 5724 SysmonLog - ok
14:48:53.0000 5724 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:48:53.0015 5724 TapiSrv - ok
14:48:53.0078 5724 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:48:53.0093 5724 Tcpip - ok
14:48:53.0125 5724 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:48:53.0125 5724 TDPIPE - ok
14:48:53.0140 5724 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:48:53.0140 5724 TDTCP - ok
14:48:53.0171 5724 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:48:53.0171 5724 TermDD - ok
14:48:53.0203 5724 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:48:53.0234 5724 TermService - ok
14:48:53.0281 5724 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:48:53.0281 5724 Themes - ok
14:48:53.0312 5724 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
14:48:53.0328 5724 TlntSvr - ok
14:48:53.0328 5724 TosIde - ok
14:48:53.0343 5724 tpcdrdrv - ok
14:48:53.0390 5724 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:48:53.0406 5724 TrkWks - ok
14:48:53.0437 5724 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:48:53.0437 5724 Udfs - ok
14:48:53.0453 5724 ultra - ok
14:48:53.0531 5724 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:48:53.0562 5724 Update - ok
14:48:53.0578 5724 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:48:53.0593 5724 upnphost - ok
14:48:53.0625 5724 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:48:53.0640 5724 UPS - ok
14:48:53.0687 5724 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:48:53.0703 5724 USBAAPL - ok
14:48:53.0734 5724 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:48:53.0734 5724 usbaudio - ok
14:48:53.0750 5724 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:48:53.0750 5724 usbccgp - ok
14:48:53.0765 5724 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:48:53.0781 5724 usbehci - ok
14:48:53.0781 5724 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:48:53.0796 5724 usbhub - ok
14:48:53.0812 5724 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:48:53.0812 5724 usbohci - ok
14:48:53.0828 5724 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:48:53.0828 5724 usbscan - ok
14:48:53.0843 5724 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:48:53.0843 5724 USBSTOR - ok
14:48:53.0875 5724 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:48:53.0875 5724 VgaSave - ok
14:48:53.0875 5724 ViaIde - ok
14:48:53.0890 5724 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:48:53.0890 5724 VolSnap - ok
14:48:53.0937 5724 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:48:53.0968 5724 VSS - ok
14:48:54.0015 5724 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:48:54.0031 5724 W32Time - ok
14:48:54.0062 5724 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:48:54.0062 5724 Wanarp - ok
14:48:54.0109 5724 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
14:48:54.0125 5724 WDC_SAM - ok
14:48:54.0234 5724 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
14:48:54.0250 5724 WDDMService - ok
14:48:54.0296 5724 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:48:54.0343 5724 Wdf01000 - ok
14:48:54.0437 5724 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
14:48:54.0609 5724 WDFME - ok
14:48:54.0734 5724 WDICA - ok
14:48:54.0765 5724 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:48:54.0765 5724 wdmaud - ok
14:48:54.0890 5724 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
14:48:54.0953 5724 WDSC - ok
14:48:54.0984 5724 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:48:55.0000 5724 WebClient - ok
14:48:55.0015 5724 WINFLASH - ok
14:48:55.0093 5724 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:48:55.0109 5724 winmgmt - ok
14:48:55.0140 5724 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:48:55.0156 5724 WmdmPmSN - ok
14:48:55.0234 5724 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:48:55.0265 5724 Wmi - ok
14:48:55.0296 5724 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
14:48:55.0312 5724 WmiApSrv - ok
14:48:55.0437 5724 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:48:55.0484 5724 WMPNetworkSvc - ok
14:48:55.0546 5724 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:48:55.0562 5724 WpdUsb - ok
14:48:55.0703 5724 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:48:55.0750 5724 WPFFontCache_v0400 - ok
14:48:55.0796 5724 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:48:55.0796 5724 WS2IFSL - ok
14:48:55.0843 5724 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
14:48:55.0859 5724 WsAudio_DeviceS(1) - ok
14:48:55.0875 5724 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
14:48:55.0875 5724 WsAudio_DeviceS(2) - ok
14:48:55.0890 5724 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
14:48:55.0906 5724 WsAudio_DeviceS(3) - ok
14:48:55.0921 5724 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
14:48:55.0921 5724 WsAudio_DeviceS(4) - ok
14:48:55.0953 5724 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
14:48:55.0968 5724 WsAudio_DeviceS(5) - ok
14:48:56.0000 5724 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:48:56.0015 5724 wscsvc - ok
14:48:56.0046 5724 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:48:56.0046 5724 wuauserv - ok
14:48:56.0078 5724 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:48:56.0078 5724 WudfPf - ok
14:48:56.0109 5724 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:48:56.0125 5724 WudfRd - ok
14:48:56.0156 5724 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:48:56.0156 5724 WudfSvc - ok
14:48:56.0218 5724 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:48:56.0234 5724 WZCSVC - ok
14:48:56.0265 5724 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:48:56.0281 5724 xmlprov - ok
14:48:56.0296 5724 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:48:56.0312 5724 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:48:56.0312 5724 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:48:56.0328 5724 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
14:48:59.0640 5724 \Device\Harddisk1\DR1 - ok
14:48:59.0640 5724 Boot (0x1200) (008fdcbe0d81be7095aa970d8aed2d0b) \Device\Harddisk0\DR0\Partition0
14:48:59.0640 5724 \Device\Harddisk0\DR0\Partition0 - ok
14:48:59.0640 5724 Boot (0x1200) (bf1b769e2afc4dc10a89f1ecd4f5379d) \Device\Harddisk1\DR1\Partition0
14:48:59.0656 5724 \Device\Harddisk1\DR1\Partition0 - ok
14:48:59.0656 5724 ============================================================
14:48:59.0656 5724 Scan finished
14:48:59.0656 5724 ============================================================
14:48:59.0656 4848 Detected object count: 1
14:48:59.0656 4848 Actual detected object count: 1
14:49:12.0859 4848 \Device\Harddisk0\DR0\# - copied to quarantine
14:49:12.0859 4848 \Device\Harddisk0\DR0 - copied to quarantine
14:49:12.0906 4848 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:49:12.0906 4848 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:49:12.0906 4848 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:49:12.0921 4848 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:49:12.0921 4848 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:49:12.0937 4848 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:49:13.0046 4848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:49:13.0078 4848 \Device\Harddisk0\DR0 - ok
14:49:14.0140 4848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:49:17.0968 5720 Deinitialize success

[screen317]

Hi,

My apologies for the delay.

Looks like the infections were hit hard.

To be sure, please grab fresh copies of ComboFix and TDSSKiller, run them, and post their logs.

Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan
  Wait for the scan to finish
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

[Glirmin]

Alright. did what you said. found some threats with the online scanner. but on the performance side, everything has been running smoothly and the symptoms (Google redirecting and the disembodied ads) have disappeared. Thanks for all the help, couldnt have done this without it .

Here are4 the logs in order
(Combo, TDSS, ESET, Security Check)

ComboFix 12-07-30.01 - Jim 07/30/2012 15:01:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1036 [GMT -7:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-26 21:49 . 2012-07-26 21:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-24 05:24 . 2012-07-24 05:24 -------- d-----w- c:\program files\Oracle
2012-07-24 05:24 . 2012-07-24 05:22 143872 ----a-w- c:\windows\system32javacpl.cpl
2012-07-21 09:54 . 2012-07-21 09:54 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-07-15 07:40 . 2012-07-15 07:40 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Sun
2012-07-10 10:32 . 2012-07-10 10:33 -------- d-----w- c:\program files\MonitorDriver
2012-07-10 10:32 . 2012-07-10 10:32 -------- d-----w- c:\documents and settings\Jim\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 22:14 . 2012-04-16 09:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 22:14 . 2012-04-16 09:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 05:07 . 2007-04-19 16:16 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-06 05:06 . 2012-04-08 18:59 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-06 05:06 . 2010-06-08 19:33 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 20:46 . 2009-03-15 18:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2001-08-23 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2007-05-15 22:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2001-08-23 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2001-08-23 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 22:19 . 2007-06-21 20:12 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-06-21 20:12 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2006-09-11 08:15 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2006-09-11 08:15 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2005-05-26 11:19 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-06-21 20:12 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2006-09-11 08:15 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2006-09-11 08:15 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2006-09-11 07:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2001-08-23 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2007-06-21 20:12 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2006-09-11 08:15 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2006-09-11 07:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2007-06-22 15:59 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 22:18 . 2006-09-11 08:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2005-05-26 11:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2002-09-23 22:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-01-08 22:23 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 10:18 . 2011-11-24 22:05 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:18 . 2011-11-24 22:05 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:18 . 2011-11-24 22:05 17543168 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:18 . 2011-11-24 22:05 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:18 . 2009-08-17 07:57 2530624 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:18 . 2009-08-17 07:57 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:18 . 2008-05-03 05:46 6012928 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:18 . 2008-03-16 00:46 18771968 ----a-w- c:\windows\system32\nvoglnt.dll
2012-05-15 10:18 . 2008-03-16 00:45 2359808 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:18 . 2004-08-04 07:56 4373248 ----a-w- c:\windows\system32\nv4_disp.dll
2012-05-15 10:18 . 2004-08-04 05:29 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-15 09:40 . 2009-08-17 10:04 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-05-15 09:40 . 2009-08-17 10:03 15504192 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:40 . 2009-08-17 10:03 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-05-15 09:40 . 2009-08-17 10:03 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-05-15 09:40 . 2009-08-17 10:03 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-11 14:42 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-05-04 19:33 . 2010-06-06 01:48 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-04 13:16 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2006-09-11 07:49 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-06-10 19:26 . 2008-06-10 19:26 62910 -c--a-w- c:\program files\Uninstall.exe
2007-11-15 07:20 . 2007-11-15 07:20 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-07-14 00:17 . 2012-07-21 09:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-26_05.24.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-28 00:39 . 2012-07-28 00:39 16384 c:\windows\Temp\Perflib_Perfdata_718.dat
+ 2012-07-26 22:14 . 2012-07-26 22:14 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
+ 2012-07-26 21:14 . 2012-07-26 21:14 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
+ 2012-07-26 21:14 . 2012-07-26 21:14 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll
+ 2012-04-16 09:10 . 2012-07-26 22:14 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-16 09:10 . 2012-07-12 04:15 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-26 22:14 . 2012-07-26 22:14 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-07 161336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Monitor"="e:\program files\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-1-12 745472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 21:00 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^GameFly.lnk]
path=c:\documents and settings\Jim\Start Menu\Programs\Startup\GameFly.lnk
backup=c:\windows\pss\GameFly.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 15:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-07-12 12:44 9478320 ----a-w- c:\documents and settings\Jim\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-24 06:53 1242448 ----a-w- e:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/21/2009 3:08 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/21/2009 3:08 PM 243152]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 1:59 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 1:59 PM 308136]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/12/2009 5:03 PM 66048]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 11:18 AM 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [9/15/2011 7:18 PM 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [9/15/2011 7:19 PM 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [9/15/2011 7:19 PM 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [9/15/2011 7:19 PM 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [9/15/2011 7:19 PM 25704]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:34 AM 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [6/7/2012 2:59 PM 1262400]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/16/2012 2:10 AM 250056]
S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [3/12/2006 1:11 PM 37248]
S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [9/15/2011 2:05 PM 16640]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [7/7/2010 12:53 AM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [7/7/2010 12:54 AM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [7/7/2010 12:53 AM 39552]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [7/7/2010 12:53 AM 60416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:34 AM 135664]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/21/2012 2:54 AM 113120]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [1/12/2009 5:03 PM 167808]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [1/12/2009 5:03 PM 13532]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/16/2012 3:39 AM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 22:14]
.
2012-07-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-DUFIS-D-Jim.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-05-05 13:09]
.
2012-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-07-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-14 17:03]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:34]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=108844&mntrId=1b0529e00000000000000016ec2fa0b3
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: RaptisoftGameLoader - hxxp://www.gamehouse.com/realarcade-webgames/hamsterball/raptisoftgameloader.cab
FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
.
.
------- File Associations -------
.
.scr=SageThumbsImage.scr
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F443A627-5009-4323-9C1D-7FD598D0D712} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-30 15:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,cc,57,59,1d,a3,38,48,aa,fd,13,\
.
[HKEY_USERS\S-1-5-21-57989841-2025429265-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:94,c5,e7,2e,4a,b8,d8,b9,ed,8f,60,54,17,2a,56,04,e8,5c,78,84,f0,
49,54,43,a3,1d,7c,99,f2,95,50,71,a3,55,33,9b,f0,04,20,fa,22,a8,55,9a,7c,2d,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:de,5e,c5,e5,35,85,69,83,85,07,c1,0b,47,0d,7d,d0,fb,59,e4,6b,99,
0f,f2,91,cc,2e,15,99,50,fa,26,22,28,18,c9,53,0a,e5,bd,3d,0e,66,6e,47,0d,c6,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ
*]
"DisplayName"="?\11\09"
"DeviceDesc"="?\11\09"
"ProviderName"="???\11? H\11??"
"MFG"="???"
"ReinstallString"=".10.1000.5"
"DeviceInstanceIds"=multi:"d:\\raid\\ati\\sbdrv\\smbus\\smbusati.inf\00"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:de,5e,c5,e5,35,85,69,83,85,07,c1,0b,47,0d,7d,d0,fb,59,e4,6b,99,
0f,f2,91,cc,2e,15,99,50,fa,26,22,28,18,c9,53,0a,e5,bd,3d,0e,66,6e,47,0d,c6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(12024)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
e:\program files\SageThumbs\32\SageThumbs.dll
e:\program files\SageThumbs\32\sqlite3.dll
e:\program files\SageThumbs\32\libgfl340.dll
e:\program files\SageThumbs\32\libgfle340.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-07-30 15:15:30
ComboFix-quarantined-files.txt 2012-07-30 22:15
ComboFix2.txt 2012-07-26 05:32
.
Pre-Run: 26,640,621,568 bytes free
Post-Run: 26,619,232,256 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - FA54A8D3FE01A305981BE7C23C794EB3

15:17:24.0984 12708 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:17:26.0156 12708 ============================================================
15:17:26.0156 12708 Current date / time: 2012/07/30 15:17:26.0156
15:17:26.0156 12708 SystemInfo:
15:17:26.0156 12708
15:17:26.0156 12708 OS Version: 5.1.2600 ServicePack: 3.0
15:17:26.0156 12708 Product type: Workstation
15:17:26.0156 12708 ComputerName: DUFIS-D
15:17:26.0156 12708 UserName: Jim
15:17:26.0156 12708 Windows directory: C:\WINDOWS
15:17:26.0156 12708 System windows directory: C:\WINDOWS
15:17:26.0156 12708 Processor architecture: Intel x86
15:17:26.0156 12708 Number of processors: 2
15:17:26.0156 12708 Page size: 0x1000
15:17:26.0156 12708 Boot type: Normal boot
15:17:26.0156 12708 ============================================================
15:17:28.0281 12708 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:17:28.0296 12708 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:17:28.0500 12708 ============================================================
15:17:28.0500 12708 \Device\Harddisk0\DR0:
15:17:28.0500 12708 MBR partitions:
15:17:28.0500 12708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A7FAD
15:17:28.0500 12708 \Device\Harddisk1\DR1:
15:17:28.0500 12708 MBR partitions:
15:17:28.0500 12708 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
15:17:28.0500 12708 ============================================================
15:17:28.0531 12708 C: <-> \Device\Harddisk0\DR0\Partition0
15:17:28.0562 12708 E: <-> \Device\Harddisk1\DR1\Partition0
15:17:28.0562 12708 ============================================================
15:17:28.0562 12708 Initialize success
15:17:28.0562 12708 ============================================================
15:17:33.0296 8008 ============================================================
15:17:33.0296 8008 Scan started
15:17:33.0296 8008 Mode: Manual;
15:17:33.0296 8008 ============================================================
15:17:35.0281 8008 Abiosdsk - ok
15:17:35.0281 8008 abp480n5 - ok
15:17:35.0328 8008 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:17:35.0328 8008 ACPI - ok
15:17:35.0375 8008 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:17:35.0375 8008 ACPIEC - ok
15:17:35.0437 8008 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:17:35.0437 8008 AdobeFlashPlayerUpdateSvc - ok
15:17:35.0453 8008 adpu160m - ok
15:17:35.0468 8008 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:17:35.0468 8008 aec - ok
15:17:35.0500 8008 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:17:35.0500 8008 AFD - ok
15:17:35.0515 8008 Aha154x - ok
15:17:35.0515 8008 aic78u2 - ok
15:17:35.0515 8008 aic78xx - ok
15:17:35.0734 8008 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:17:35.0765 8008 ALCXWDM - ok
15:17:35.0859 8008 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:17:35.0859 8008 Alerter - ok
15:17:35.0890 8008 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:17:35.0890 8008 ALG - ok
15:17:35.0890 8008 AliIde - ok
15:17:35.0921 8008 Alpham (5c6b6686f14b6e9549e320f59fec1469) C:\WINDOWS\system32\DRIVERS\Alpham.sys
15:17:35.0921 8008 Alpham - ok
15:17:35.0937 8008 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:17:35.0937 8008 AmdK8 - ok
15:17:35.0953 8008 amsint - ok
15:17:36.0046 8008 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:17:36.0046 8008 Apple Mobile Device - ok
15:17:36.0093 8008 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:17:36.0093 8008 AppMgmt - ok
15:17:36.0125 8008 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:17:36.0125 8008 Arp1394 - ok
15:17:36.0171 8008 AsAudioDevice_349 (85ece26f326c2d07ba77a60343468272) C:\WINDOWS\system32\drivers\AsAudioDevice_349.sys
15:17:36.0171 8008 AsAudioDevice_349 - ok
15:17:36.0171 8008 asc - ok
15:17:36.0187 8008 asc3350p - ok
15:17:36.0187 8008 asc3550 - ok
15:17:36.0296 8008 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:17:36.0296 8008 aspnet_state - ok
15:17:36.0312 8008 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:17:36.0312 8008 AsyncMac - ok
15:17:36.0328 8008 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:17:36.0328 8008 atapi - ok
15:17:36.0343 8008 Atdisk - ok
15:17:36.0390 8008 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
15:17:36.0390 8008 atksgt - ok
15:17:36.0406 8008 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:17:36.0406 8008 Atmarpc - ok
15:17:36.0437 8008 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:17:36.0437 8008 AudioSrv - ok
15:17:36.0453 8008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:17:36.0453 8008 audstub - ok
15:17:36.0609 8008 avg9emc (aa054cd537357f03d5ba6aba7562b35f) C:\Program Files\AVG\AVG9\avgemc.exe
15:17:36.0609 8008 avg9emc - ok
15:17:36.0640 8008 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
15:17:36.0640 8008 avg9wd - ok
15:17:36.0796 8008 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
15:17:36.0796 8008 AvgLdx86 - ok
15:17:36.0812 8008 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\System32\Drivers\avgmfx86.sys
15:17:36.0812 8008 AvgMfx86 - ok
15:17:36.0859 8008 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys
15:17:36.0859 8008 AvgTdiX - ok
15:17:36.0937 8008 BCM43XX (2ee34b694d1ce077678662d7884f6c79) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:17:36.0953 8008 BCM43XX - ok
15:17:37.0015 8008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:17:37.0015 8008 Beep - ok
15:17:37.0046 8008 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:17:37.0062 8008 BITS - ok
15:17:37.0187 8008 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:17:37.0187 8008 Bonjour Service - ok
15:17:37.0218 8008 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
15:17:37.0218 8008 brfilt - ok
15:17:37.0250 8008 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:17:37.0250 8008 Browser - ok
15:17:37.0265 8008 brparimg (e05d9eda91c1b2c4c4f6f5a6d5b14b58) C:\WINDOWS\system32\DRIVERS\BrParImg.sys
15:17:37.0265 8008 brparimg - ok
15:17:37.0281 8008 BrParWdm (108d5c678411ac5b53d51756177d50a4) C:\WINDOWS\system32\Drivers\BrParwdm.sys
15:17:37.0281 8008 BrParWdm - ok
15:17:37.0296 8008 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
15:17:37.0296 8008 BrSerWDM - ok
15:17:37.0406 8008 catchme - ok
15:17:37.0437 8008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:17:37.0437 8008 cbidf2k - ok
15:17:37.0453 8008 cd20xrnt - ok
15:17:37.0453 8008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:17:37.0453 8008 Cdaudio - ok
15:17:37.0484 8008 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:17:37.0500 8008 Cdfs - ok
15:17:37.0531 8008 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:17:37.0531 8008 Cdrom - ok
15:17:37.0531 8008 Changer - ok
15:17:37.0546 8008 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:17:37.0546 8008 cisvc - ok
15:17:37.0578 8008 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:17:37.0578 8008 ClipSrv - ok
15:17:37.0656 8008 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:17:37.0671 8008 clr_optimization_v2.0.50727_32 - ok
15:17:37.0781 8008 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:17:37.0781 8008 clr_optimization_v4.0.30319_32 - ok
15:17:37.0781 8008 CmdIde - ok
15:17:37.0796 8008 COMSysApp - ok
15:17:37.0796 8008 Cpqarray - ok
15:17:37.0843 8008 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:17:37.0843 8008 CryptSvc - ok
15:17:37.0843 8008 dac2w2k - ok
15:17:37.0843 8008 dac960nt - ok
15:17:37.0890 8008 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:17:37.0906 8008 DcomLaunch - ok
15:17:37.0921 8008 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:17:37.0921 8008 Dhcp - ok
15:17:37.0937 8008 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:17:37.0937 8008 Disk - ok
15:17:37.0937 8008 dmadmin - ok
15:17:37.0984 8008 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:17:37.0984 8008 dmboot - ok
15:17:38.0000 8008 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:17:38.0000 8008 dmio - ok
15:17:38.0031 8008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:17:38.0031 8008 dmload - ok
15:17:38.0062 8008 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:17:38.0062 8008 dmserver - ok
15:17:38.0078 8008 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:17:38.0078 8008 DMusic - ok
15:17:38.0109 8008 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:17:38.0109 8008 Dnscache - ok
15:17:38.0140 8008 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:17:38.0156 8008 Dot3svc - ok
15:17:38.0156 8008 dpti2o - ok
15:17:38.0187 8008 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:17:38.0187 8008 drmkaud - ok
15:17:38.0218 8008 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:17:38.0218 8008 EapHost - ok
15:17:38.0250 8008 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
15:17:38.0250 8008 EAPPkt - ok
15:17:38.0250 8008 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:17:38.0250 8008 ERSvc - ok
15:17:38.0265 8008 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:17:38.0265 8008 Eventlog - ok
15:17:38.0296 8008 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
15:17:38.0296 8008 EventSystem - ok
15:17:38.0312 8008 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:17:38.0312 8008 Fastfat - ok
15:17:38.0343 8008 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:17:38.0359 8008 FastUserSwitchingCompatibility - ok
15:17:38.0359 8008 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:17:38.0359 8008 Fdc - ok
15:17:38.0375 8008 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:17:38.0375 8008 Fips - ok
15:17:38.0484 8008 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:17:38.0484 8008 FLEXnet Licensing Service - ok
15:17:38.0531 8008 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:17:38.0531 8008 Flpydisk - ok
15:17:38.0562 8008 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:17:38.0562 8008 FltMgr - ok
15:17:38.0656 8008 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:17:38.0656 8008 FontCache3.0.0.0 - ok
15:17:38.0687 8008 FreshIO - ok
15:17:38.0734 8008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:17:38.0734 8008 Fs_Rec - ok
15:17:38.0734 8008 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:17:38.0734 8008 Ftdisk - ok
15:17:38.0765 8008 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
15:17:38.0765 8008 GEARAspiWDM - ok
15:17:38.0765 8008 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:17:38.0781 8008 Gpc - ok
15:17:38.0781 8008 GTNDIS5 - ok
15:17:38.0859 8008 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:17:38.0859 8008 gupdate - ok
15:17:38.0859 8008 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:17:38.0859 8008 gupdatem - ok
15:17:38.0921 8008 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:17:38.0921 8008 gusvc - ok
15:17:38.0968 8008 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
15:17:38.0968 8008 hamachi - ok
15:17:39.0031 8008 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:17:39.0031 8008 helpsvc - ok
15:17:39.0062 8008 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:17:39.0062 8008 HidServ - ok
15:17:39.0078 8008 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:17:39.0078 8008 hidusb - ok
15:17:39.0109 8008 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:17:39.0109 8008 hkmsvc - ok
15:17:39.0109 8008 hpn - ok
15:17:39.0125 8008 hpt3xx - ok
15:17:39.0171 8008 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:17:39.0171 8008 HTTP - ok
15:17:39.0203 8008 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:17:39.0203 8008 HTTPFilter - ok
15:17:39.0203 8008 i2omgmt - ok
15:17:39.0218 8008 i2omp - ok
15:17:39.0250 8008 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:17:39.0250 8008 i8042prt - ok
15:17:39.0359 8008 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:17:39.0359 8008 IDriverT - ok
15:17:39.0484 8008 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:17:39.0484 8008 idsvc - ok
15:17:39.0531 8008 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:17:39.0531 8008 Imapi - ok
15:17:39.0593 8008 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:17:39.0593 8008 ImapiService - ok
15:17:39.0609 8008 ini910u - ok
15:17:39.0609 8008 IntelIde - ok
15:17:39.0640 8008 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:17:39.0640 8008 ip6fw - ok
15:17:39.0671 8008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:17:39.0671 8008 IpFilterDriver - ok
15:17:39.0687 8008 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:17:39.0687 8008 IpInIp - ok
15:17:39.0718 8008 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:17:39.0718 8008 IpNat - ok
15:17:39.0828 8008 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
15:17:39.0843 8008 iPod Service - ok
15:17:39.0859 8008 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:17:39.0859 8008 IPSec - ok
15:17:39.0875 8008 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:17:39.0875 8008 IRENUM - ok
15:17:39.0906 8008 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:17:39.0906 8008 isapnp - ok
15:17:39.0937 8008 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys
15:17:39.0937 8008 ivusb - ok
15:17:40.0015 8008 JavaQuickStarterService (4f2143570d2250ca4c4a4c98553c82cd) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
15:17:40.0015 8008 JavaQuickStarterService - ok
15:17:40.0015 8008 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:17:40.0015 8008 Kbdclass - ok
15:17:40.0031 8008 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:17:40.0031 8008 kbdhid - ok
15:17:40.0046 8008 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:17:40.0046 8008 kmixer - ok
15:17:40.0078 8008 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:17:40.0078 8008 KSecDD - ok
15:17:40.0125 8008 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:17:40.0125 8008 lanmanserver - ok
15:17:40.0156 8008 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:17:40.0156 8008 lanmanworkstation - ok
15:17:40.0156 8008 lbrtfdc - ok
15:17:40.0531 8008 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) E:\Program Files\LeapFrog Connect\CommandService.exe
15:17:40.0578 8008 LeapFrog Connect Device Service - ok
15:17:40.0609 8008 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
15:17:40.0609 8008 lirsgt - ok
15:17:40.0609 8008 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:17:40.0625 8008 LmHosts - ok
15:17:40.0640 8008 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:17:40.0640 8008 Messenger - ok
15:17:40.0671 8008 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
15:17:40.0671 8008 mf - ok
15:17:40.0718 8008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:17:40.0718 8008 mnmdd - ok
15:17:40.0765 8008 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
15:17:40.0765 8008 mnmsrvc - ok
15:17:40.0781 8008 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:17:40.0781 8008 Modem - ok
15:17:40.0812 8008 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
15:17:40.0812 8008 motccgp - ok
15:17:40.0875 8008 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
15:17:40.0875 8008 motccgpfl - ok
15:17:40.0921 8008 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
15:17:40.0921 8008 motmodem - ok
15:17:40.0953 8008 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
15:17:40.0953 8008 motport - ok
15:17:40.0984 8008 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:17:40.0984 8008 Mouclass - ok
15:17:41.0031 8008 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:17:41.0031 8008 mouhid - ok
15:17:41.0046 8008 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:17:41.0046 8008 MountMgr - ok
15:17:41.0156 8008 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:17:41.0156 8008 MozillaMaintenance - ok
15:17:41.0156 8008 mraid35x - ok
15:17:41.0187 8008 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:17:41.0187 8008 MRxDAV - ok
15:17:41.0218 8008 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:17:41.0234 8008 MRxSmb - ok
15:17:41.0265 8008 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
15:17:41.0265 8008 MSDTC - ok
15:17:41.0296 8008 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:17:41.0296 8008 Msfs - ok
15:17:41.0296 8008 MSIServer - ok
15:17:41.0328 8008 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:17:41.0328 8008 MSKSSRV - ok
15:17:41.0343 8008 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:17:41.0343 8008 MSPCLOCK - ok
15:17:41.0343 8008 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:17:41.0359 8008 MSPQM - ok
15:17:41.0375 8008 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:17:41.0375 8008 mssmbios - ok
15:17:41.0421 8008 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:17:41.0421 8008 Mup - ok
15:17:41.0468 8008 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:17:41.0468 8008 napagent - ok
15:17:41.0484 8008 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:17:41.0484 8008 NDIS - ok
15:17:41.0515 8008 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:17:41.0515 8008 NdisTapi - ok
15:17:41.0515 8008 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:17:41.0515 8008 Ndisuio - ok
15:17:41.0531 8008 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:17:41.0531 8008 NdisWan - ok
15:17:41.0562 8008 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:17:41.0562 8008 NDProxy - ok
15:17:41.0578 8008 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:17:41.0578 8008 NetBIOS - ok
15:17:41.0593 8008 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:17:41.0593 8008 NetBT - ok
15:17:41.0625 8008 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:17:41.0625 8008 NetDDE - ok
15:17:41.0625 8008 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:17:41.0625 8008 NetDDEdsdm - ok
15:17:41.0656 8008 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:17:41.0656 8008 Netlogon - ok
15:17:41.0687 8008 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:17:41.0687 8008 Netman - ok
15:17:41.0796 8008 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:17:41.0796 8008 NetTcpPortSharing - ok
15:17:41.0828 8008 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:17:41.0828 8008 NIC1394 - ok
15:17:41.0859 8008 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:17:41.0875 8008 Nla - ok
15:17:41.0890 8008 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:17:41.0890 8008 Npfs - ok
15:17:41.0953 8008 npkcmsvc (b28873f1a04dffd29d03d6eb201f9e49) C:\Nexon\Mabinogi\npkcmsvc.exe
15:17:41.0953 8008 npkcmsvc - ok
15:17:41.0968 8008 npkcrypt - ok
15:17:41.0968 8008 npkcusb - ok
15:17:42.0031 8008 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:17:42.0031 8008 Ntfs - ok
15:17:42.0046 8008 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
15:17:42.0046 8008 NtLmSsp - ok
15:17:42.0078 8008 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:17:42.0078 8008 NtmsSvc - ok
15:17:42.0125 8008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:17:42.0125 8008 Null - ok
15:17:42.0687 8008 nv (7b5a17bd54bb9142843dbe99a1caaed8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:17:42.0796 8008 nv - ok
15:17:42.0937 8008 NVSvc (5150b108ea88831e1c599603d8b89621) C:\WINDOWS\system32\nvsvc32.exe
15:17:42.0937 8008 NVSvc - ok
15:17:43.0046 8008 nvUpdatusService (83e8ab7bb3c8956c53fec071c94f0bbb) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:17:43.0062 8008 nvUpdatusService - ok
15:17:43.0140 8008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:17:43.0140 8008 NwlnkFlt - ok
15:17:43.0156 8008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:17:43.0156 8008 NwlnkFwd - ok
15:17:43.0187 8008 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:17:43.0187 8008 ohci1394 - ok
15:17:43.0218 8008 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys
15:17:43.0218 8008 PalmUSBD - ok
15:17:43.0250 8008 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:17:43.0250 8008 Parport - ok
15:17:43.0265 8008 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:17:43.0265 8008 PartMgr - ok
15:17:43.0312 8008 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:17:43.0312 8008 ParVdm - ok
15:17:43.0328 8008 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:17:43.0328 8008 PCI - ok
15:17:43.0328 8008 PCIDump - ok
15:17:43.0375 8008 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:17:43.0375 8008 PCIIde - ok
15:17:43.0406 8008 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:17:43.0406 8008 Pcmcia - ok
15:17:43.0406 8008 PDCOMP - ok
15:17:43.0421 8008 PDFRAME - ok
15:17:43.0421 8008 PDRELI - ok
15:17:43.0437 8008 PDRFRAME - ok
15:17:43.0437 8008 perc2 - ok
15:17:43.0437 8008 perc2hib - ok
15:17:43.0500 8008 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:17:43.0500 8008 PlugPlay - ok
15:17:43.0515 8008 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:17:43.0515 8008 PolicyAgent - ok
15:17:43.0531 8008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:17:43.0531 8008 PptpMiniport - ok
15:17:43.0546 8008 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:17:43.0546 8008 Processor - ok
15:17:43.0546 8008 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:17:43.0546 8008 ProtectedStorage - ok
15:17:43.0562 8008 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:17:43.0562 8008 PSched - ok
15:17:43.0593 8008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:17:43.0593 8008 Ptilink - ok
15:17:43.0625 8008 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:17:43.0625 8008 PxHelp20 - ok
15:17:43.0640 8008 ql1080 - ok
15:17:43.0640 8008 Ql10wnt - ok
15:17:43.0640 8008 ql12160 - ok
15:17:43.0656 8008 ql1240 - ok
15:17:43.0656 8008 ql1280 - ok
15:17:43.0703 8008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:17:43.0703 8008 RasAcd - ok
15:17:43.0750 8008 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:17:43.0750 8008 RasAuto - ok
15:17:43.0750 8008 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:17:43.0750 8008 Rasl2tp - ok
15:17:43.0812 8008 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:17:43.0812 8008 RasMan - ok
15:17:43.0812 8008 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:17:43.0812 8008 RasPppoe - ok
15:17:43.0828 8008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:17:43.0828 8008 Raspti - ok
15:17:43.0843 8008 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:17:43.0859 8008 Rdbss - ok
15:17:43.0859 8008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:17:43.0859 8008 RDPCDD - ok
15:17:43.0875 8008 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:17:43.0875 8008 rdpdr - ok
15:17:43.0921 8008 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
15:17:43.0921 8008 RDPWD - ok
15:17:43.0953 8008 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:17:43.0953 8008 RDSessMgr - ok
15:17:43.0984 8008 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:17:43.0984 8008 redbook - ok
15:17:44.0015 8008 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:17:44.0015 8008 RemoteAccess - ok
15:17:44.0046 8008 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:17:44.0046 8008 RemoteRegistry - ok
15:17:44.0140 8008 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\Cyberlink\Shared files\RichVideo.exe
15:17:44.0156 8008 RichVideo - ok
15:17:44.0203 8008 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
15:17:44.0203 8008 RpcLocator - ok
15:17:44.0250 8008 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:17:44.0250 8008 RpcSs - ok
15:17:44.0312 8008 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
15:17:44.0312 8008 RSVP - ok
15:17:44.0359 8008 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
15:17:44.0359 8008 RTL8023xp - ok
15:17:44.0406 8008 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
15:17:44.0406 8008 RTLWUSB - ok
15:17:44.0421 8008 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:17:44.0421 8008 SamSs - ok
15:17:44.0453 8008 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
15:17:44.0453 8008 sbp2port - ok
15:17:44.0484 8008 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:17:44.0484 8008 SCardSvr - ok
15:17:44.0515 8008 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:17:44.0515 8008 Schedule - ok
15:17:44.0531 8008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:17:44.0531 8008 Secdrv - ok
15:17:44.0546 8008 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:17:44.0546 8008 seclogon - ok
15:17:44.0578 8008 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:17:44.0578 8008 SENS - ok
15:17:44.0593 8008 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:17:44.0593 8008 serenum - ok
15:17:44.0593 8008 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:17:44.0593 8008 Serial - ok
15:17:44.0656 8008 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:17:44.0656 8008 Sfloppy - ok
15:17:44.0687 8008 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:17:44.0687 8008 SharedAccess - ok
15:17:44.0750 8008 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:17:44.0750 8008 ShellHWDetection - ok
15:17:44.0765 8008 Simbad - ok
15:17:44.0796 8008 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
15:17:44.0796 8008 SjyPkt - ok
15:17:45.0093 8008 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:17:45.0109 8008 Skype C2C Service - ok
15:17:45.0234 8008 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
15:17:45.0234 8008 SkypeUpdate - ok
15:17:45.0343 8008 Sparrow - ok
15:17:45.0359 8008 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:17:45.0359 8008 splitter - ok
15:17:45.0390 8008 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:17:45.0390 8008 Spooler - ok
15:17:45.0437 8008 sptd (0022cfff1a41e5ce3a764050a7ddf22a) C:\WINDOWS\System32\Drivers\sptd.sys
15:17:45.0453 8008 sptd - ok
15:17:45.0453 8008 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:17:45.0453 8008 sr - ok
15:17:45.0484 8008 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:17:45.0484 8008 srservice - ok
15:17:45.0531 8008 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:17:45.0531 8008 Srv - ok
15:17:45.0562 8008 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:17:45.0562 8008 SSDPSRV - ok
15:17:45.0609 8008 Steam Client Service - ok
15:17:45.0640 8008 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:17:45.0640 8008 stisvc - ok
15:17:45.0656 8008 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:17:45.0656 8008 swenum - ok
15:17:45.0718 8008 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:17:45.0734 8008 SwitchBoard - ok
15:17:45.0750 8008 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:17:45.0750 8008 swmidi - ok
15:17:45.0750 8008 SwPrv - ok
15:17:45.0765 8008 symc810 - ok
15:17:45.0765 8008 symc8xx - ok
15:17:45.0765 8008 sym_hi - ok
15:17:45.0781 8008 sym_u3 - ok
15:17:45.0843 8008 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:17:45.0843 8008 sysaudio - ok
15:17:45.0875 8008 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:17:45.0875 8008 SysmonLog - ok
15:17:45.0906 8008 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:17:45.0906 8008 TapiSrv - ok
15:17:45.0953 8008 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:17:45.0953 8008 Tcpip - ok
15:17:46.0000 8008 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:17:46.0000 8008 TDPIPE - ok
15:17:46.0000 8008 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:17:46.0000 8008 TDTCP - ok
15:17:46.0031 8008 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:17:46.0031 8008 TermDD - ok
15:17:46.0062 8008 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:17:46.0062 8008 TermService - ok
15:17:46.0093 8008 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:17:46.0093 8008 Themes - ok
15:17:46.0125 8008 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
15:17:46.0140 8008 TlntSvr - ok
15:17:46.0140 8008 TosIde - ok
15:17:46.0140 8008 tpcdrdrv - ok
15:17:46.0171 8008 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:17:46.0171 8008 TrkWks - ok
15:17:46.0187 8008 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:17:46.0187 8008 Udfs - ok
15:17:46.0187 8008 ultra - ok
15:17:46.0218 8008 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:17:46.0218 8008 Update - ok
15:17:46.0250 8008 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:17:46.0250 8008 upnphost - ok
15:17:46.0281 8008 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:17:46.0281 8008 UPS - ok
15:17:46.0312 8008 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:17:46.0328 8008 USBAAPL - ok
15:17:46.0328 8008 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:17:46.0328 8008 usbaudio - ok
15:17:46.0343 8008 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:17:46.0343 8008 usbccgp - ok
15:17:46.0359 8008 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:17:46.0359 8008 usbehci - ok
15:17:46.0359 8008 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:17:46.0359 8008 usbhub - ok
15:17:46.0375 8008 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:17:46.0375 8008 usbohci - ok
15:17:46.0390 8008 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:17:46.0390 8008 usbscan - ok
15:17:46.0406 8008 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:17:46.0406 8008 USBSTOR - ok
15:17:46.0421 8008 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:17:46.0421 8008 VgaSave - ok
15:17:46.0421 8008 ViaIde - ok
15:17:46.0437 8008 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:17:46.0437 8008 VolSnap - ok
15:17:46.0468 8008 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:17:46.0484 8008 VSS - ok
15:17:46.0500 8008 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:17:46.0500 8008 W32Time - ok
15:17:46.0515 8008 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:17:46.0515 8008 Wanarp - ok
15:17:46.0562 8008 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
15:17:46.0562 8008 WDC_SAM - ok
15:17:46.0656 8008 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
15:17:46.0656 8008 WDDMService - ok
15:17:46.0718 8008 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:17:46.0718 8008 Wdf01000 - ok
15:17:46.0812 8008 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
15:17:46.0828 8008 WDFME - ok
15:17:46.0937 8008 WDICA - ok
15:17:46.0953 8008 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:17:46.0953 8008 wdmaud - ok
15:17:47.0000 8008 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
15:17:47.0000 8008 WDSC - ok
15:17:47.0015 8008 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:17:47.0015 8008 WebClient - ok
15:17:47.0031 8008 WINFLASH - ok
15:17:47.0093 8008 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:17:47.0093 8008 winmgmt - ok
15:17:47.0140 8008 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:17:47.0140 8008 WmdmPmSN - ok
15:17:47.0203 8008 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:17:47.0203 8008 Wmi - ok
15:17:47.0234 8008 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
15:17:47.0234 8008 WmiApSrv - ok
15:17:47.0343 8008 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:17:47.0359 8008 WMPNetworkSvc - ok
15:17:47.0406 8008 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:17:47.0406 8008 WpdUsb - ok
15:17:47.0531 8008 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:17:47.0546 8008 WPFFontCache_v0400 - ok
15:17:47.0578 8008 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:17:47.0578 8008 WS2IFSL - ok
15:17:47.0609 8008 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
15:17:47.0609 8008 WsAudio_DeviceS(1) - ok
15:17:47.0625 8008 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
15:17:47.0625 8008 WsAudio_DeviceS(2) - ok
15:17:47.0625 8008 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
15:17:47.0625 8008 WsAudio_DeviceS(3) - ok
15:17:47.0640 8008 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
15:17:47.0656 8008 WsAudio_DeviceS(4) - ok
15:17:47.0687 8008 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
15:17:47.0687 8008 WsAudio_DeviceS(5) - ok
15:17:47.0734 8008 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:17:47.0734 8008 wscsvc - ok
15:17:47.0734 8008 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:17:47.0750 8008 wuauserv - ok
15:17:47.0765 8008 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:17:47.0765 8008 WudfPf - ok
15:17:47.0796 8008 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:17:47.0796 8008 WudfRd - ok
15:17:47.0812 8008 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:17:47.0812 8008 WudfSvc - ok
15:17:47.0875 8008 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:17:47.0875 8008 WZCSVC - ok
15:17:47.0921 8008 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:17:47.0921 8008 xmlprov - ok
15:17:47.0953 8008 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:17:48.0296 8008 \Device\Harddisk0\DR0 - ok
15:17:48.0328 8008 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
15:17:51.0656 8008 \Device\Harddisk1\DR1 - ok
15:17:51.0656 8008 Boot (0x1200) (008fdcbe0d81be7095aa970d8aed2d0b) \Device\Harddisk0\DR0\Partition0
15:17:51.0656 8008 \Device\Harddisk0\DR0\Partition0 - ok
15:17:51.0656 8008 Boot (0x1200) (bf1b769e2afc4dc10a89f1ecd4f5379d) \Device\Harddisk1\DR1\Partition0
15:17:51.0656 8008 \Device\Harddisk1\DR1\Partition0 - ok
15:17:51.0671 8008 ============================================================
15:17:51.0671 8008 Scan finished
15:17:51.0671 8008 ============================================================
15:17:51.0671 7896 Detected object count: 0
15:17:51.0671 7896 Actual detected object count: 0
15:17:57.0484 6664 Deinitialize success

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5d73789d4f46c748a4fbebaf3c228684
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 01:35:12
# local_time=2012-07-30 06:35:12 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 75448845 75448845 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=304728
# found=21
# cleaned=20
# scan_time=11186
C:\Documents and Settings\Jim\My Documents\Downloads\cnet2_rpc412_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jim\My Documents\Downloads\HotAndMean-Lizz_Tayler,_Missy_Martinez_&_Dani_Daniels_(What_It's_Like_To_Be_A_Lesbian).exe Win32/Adware.1ClickDownload.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\1ClickDownload\uninstall.exe Win32/Adware.1ClickDownload application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Netscape\Netscape Browser\chrome\m3ntstbr.jar Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A3EE3C0C-BD20-4C89-8C87-AC00B2960B06}\RP2139\A0579819.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A3EE3C0C-BD20-4C89-8C87-AC00B2960B06}\RP2155\A0586104.exe Win32/Adware.1ClickDownload application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A3EE3C0C-BD20-4C89-8C87-AC00B2960B06}\RP2155\A0586105.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A3EE3C0C-BD20-4C89-8C87-AC00B2960B06}\RP2155\A0586106.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A3EE3C0C-BD20-4C89-8C87-AC00B2960B06}\RP2155\A0586107.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} Win32/Toolbar.Babylon application 00000000000000000000000000000000 I

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 6 Update 26
Java™ 7 Update 5
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Development Kit 7
Adobe Flash Player 11.3.300.268
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 18% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

[screen317]

Hi,

Looks like the infection is gone.

Still some things to do left.

Before we proceed, know that you antivirus (AVG 9.0) is incredibly outdated. I highly recommend uninstalling it and installing either AVG 2012 (link below), or another free antivirus (links below).




Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.



After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

1ClickDownloader
ALOT Toolbar
Amazon Browser Bar
AVG Free 9.0
Babylon toolbar on IE
Google Toolbar for Internet Explorer
iLivid
Java™ 6 Update 2
Java™ 6 Update 26
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 7 Update 5
Java™ SE Development Kit 7
Java™ SE Runtime Environment 6 Update 1
JavaFX 2.1.1
Jobs Toolbar
king.com (remove only)
Need2Find Bar
Netscape Browser (remove only)
RAR Password Cracker 4.12
Yontoo Layers Client 1.10.01


Restart your computer.

Get the latest version of Java.


It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials (what I use)
AntiVir
avast!
Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.


Reboot after.

Let me know what issues remain.

[Glirmin]

Thanks again for all the help.

the only issues i am having is that the Add/Remove Programs wont get rid of iLivid or Need2Find Bar.

everything else went smooth and computer is running great

[screen317]

Hi,

What do they say when you try to remove them?


Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

[Glirmin]

its juist that after it says it is finished unitalling, they are still installed. will edit with log

[Glirmin]

# AdwCleaner v1.800 - Logfile created 08/02/2012 at 15:01:23
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jim - DUFIS-D
# Running from : C:\Documents and Settings\Jim\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Jim\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Jim\Local Settings\Application Data\Babylon
Folder Found : C:\Documents and Settings\Jim\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Jim\Local Settings\Application Data\Ilivid Player
Folder Found : C:\Documents and Settings\Jim\Local Settings\Application Data\MyPlayCity
Folder Found : C:\DOCUME~1\Jim\LOCALS~1\Temp\avg@toolbar
Folder Found : C:\Documents and Settings\Jim\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Jim\Application Data\Babylon
Folder Found : C:\Documents and Settings\Jim\Application Data\Bandoo
Folder Found : C:\Documents and Settings\Jim\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\Jim\Application Data\searchquband
Folder Found : C:\Documents and Settings\Jim\Application Data\Searchqutoolbar
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Ilivid
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Windows iLivid Toolbar
Folder Found : C:\Program Files\Common Files\AVG Secure Search
File Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla Firefox\.autoreg
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Uninstall.exe

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2086743
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\facemoods.com
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\PriceGong
Key Found : HKCU\Software\MyPlayCity
Key Found : HKCU\Software\Need2Find
Key Found : HKCU\Software\searchqutoolbar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\AskBarDis
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin
Key Found : HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\facemoods.com
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pricegong
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\Need2FindBar Uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MyPlayCity
Key Found : HKLM\SOFTWARE\Need2Find
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\Wise Solutions
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416B-BCDB-33B3EF3617D3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{630D6140-04C5-4DB0-B27A-020D766FF09B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Found : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Found : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_ss&affID=108844&mntrId=1b0529e00000000000000016ec2fa0b3
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={803F610C-07B4-45CB-AD26-F14CA3E7AB23}&mid=a086091b27f80fb33ccdd16c91ea11e6-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=AVG&pr=fr&d=2012-08-01 16:50:34&v=11.0.0.10&sap=nt

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users.WINDOWS\\Application [...]
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B7e5c4451-10d5-4563-90db-3dac62dc6f36%[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found : "description": "The fastest way to search the web.",
Found : "explicit_host": [ "hxxp://igor.facemoods.com/*", "hxxp://reports.facemoods.com/*" ],
Found : "css": [ "style/facemoods_chrome_1.0.1.css" ],
Found : "name": "Facemoods",
Found : "permissions": [ "tabs", "hxxp://igor.facemoods.com/", "hxxp://reports.facemoods.com/[...]
Found : "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml",
Found : "homepage": "hxxp://search.babylon.com/?babsrc=HP_ss&affID=108844&mntrId=1b0529e00000000000000016[...]

*************************

AdwCleaner[R1].txt - [22105 octets] - [02/08/2012 15:01:23]

########## EOF - C:\AdwCleaner[R1].txt - [22234 octets] ##########

[screen317]

Hi,

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

[Glirmin]

# AdwCleaner v1.800 - Logfile created 08/06/2012 at 10:48:20
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jim - DUFIS-D
# Running from : C:\Documents and Settings\Jim\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\BitTorrentBar
Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\MyPlayCity
Folder Deleted : C:\DOCUME~1\Jim\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\DOCUME~1\Jim\LOCALS~1\Temp\CT2790392
Folder Deleted : C:\Documents and Settings\Jim\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Jim\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Jim\Application Data\Bandoo
Folder Deleted : C:\Documents and Settings\Jim\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\Jim\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Jim\Application Data\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\CT2790392
Folder Deleted : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\Smartbar
Folder Deleted : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Ilivid
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\BitTorrentBar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Windows iLivid Toolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Uninstall.exe

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2086743
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BitTorrentBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\PriceGong
Key Deleted : HKCU\Software\MyPlayCity
Key Deleted : HKCU\Software\Need2Find
Key Deleted : HKCU\Software\searchqutoolbar
Key Deleted : HKCU\Software\Smartbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\AskBarDis
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\bandoo
Key Deleted : HKLM\SOFTWARE\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin
Key Deleted : HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\facemoods.com
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pricegong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\Need2FindBar Uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MyPlayCity
Key Deleted : HKLM\SOFTWARE\Need2Find
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Wise Solutions
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416B-BCDB-33B3EF3617D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{630D6140-04C5-4DB0-B27A-020D766FF09B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DA3D4F6-E52F-4A0A-895B-094EFD53EC13}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2FBFA93D-1AC1-4580-9DC7-A287283AE885}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={803F610C-07B4-45CB-AD26-F14CA3E7AB23}&mid=a086091b27f80fb33ccdd16c91ea11e6-06ce4fc639803a2e3563922518183d8e94088cb9&lang=en&ds=AVG&pr=fr&d=2012-08-01 16:50:34&v=11.1.0.12&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\prefs.js

Deleted : user_pref("CT2790392.1000234.TWC_TMP_city", "LANCASTER");
Deleted : user_pref("CT2790392.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT2790392.1000234.TWC_locId", "ASXX0964");
Deleted : user_pref("CT2790392.1000234.TWC_location", "Lancaster, Australia");
Deleted : user_pref("CT2790392.1000234.TWC_region", "US");
Deleted : user_pref("CT2790392.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT2790392.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT2790392.1000234.weatherData", "{\"icon\":\"44.png\",\"temperature\":\"59°F\",\"temperat[...]
Deleted : user_pref("CT2790392.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2790392.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2790392.FirstTime", "true");
Deleted : user_pref("CT2790392.FirstTimeFF3", "true");
Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT279[...]
Deleted : user_pref("CT2790392.UserID", "UN58445079210294646");
Deleted : user_pref("CT2790392.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2790392.autoDisableScopes", -1);
Deleted : user_pref("CT2790392.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT2790392.cbcountry_001", "US");
Deleted : user_pref("CT2790392.cbfirsttime", "Thu Aug 02 2012 22:53:00 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT2790392.embeddedsData", "[{\"appId\":\"129298377186388102\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2790392.enableAlerts", "always");
Deleted : user_pref("CT2790392.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2790392.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2790392.fixPageNotFoundError", "true");
Deleted : user_pref("CT2790392.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2790392.fixUrls", true);
Deleted : user_pref("CT2790392.installId", "fft929.tmp.exe");
Deleted : user_pref("CT2790392.installType", "XPE");
Deleted : user_pref("CT2790392.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2790392.isNewTabEnabled", true);
Deleted : user_pref("CT2790392.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2790392.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2790392.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT2790392.keyword", true);
Deleted : user_pref("CT2790392.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.youtube.com%[...]
Deleted : user_pref("CT2790392.openThankYouPage", "true");
Deleted : user_pref("CT2790392.openUninstallPage", "FALSE");
Deleted : user_pref("CT2790392.scriptSource", "hxxp://127.0.0.1:10000/gui/");
Deleted : user_pref("CT2790392.search.searchAppId", "129298377186388102");
Deleted : user_pref("CT2790392.search.searchCount", "0");
Deleted : user_pref("CT2790392.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2790392.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2790392.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2790392.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2790392.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT2790392.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343973176525");
Deleted : user_pref("CT2790392.serviceLayer_services_appTracking_lastUpdate", "1343973179225");
Deleted : user_pref("CT2790392.serviceLayer_services_appsMetadata_lastUpdate", "1343973176203");
Deleted : user_pref("CT2790392.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343973177382");
Deleted : user_pref("CT2790392.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343973179074");
Deleted : user_pref("CT2790392.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343973177697");
Deleted : user_pref("CT2790392.serviceLayer_services_searchAPI_lastUpdate", "1343973174750");
Deleted : user_pref("CT2790392.serviceLayer_services_serviceMap_lastUpdate", "1343973174096");
Deleted : user_pref("CT2790392.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343973177447");
Deleted : user_pref("CT2790392.serviceLayer_services_toolbarSettings_lastUpdate", "1343973175020");
Deleted : user_pref("CT2790392.serviceLayer_services_translation_lastUpdate", "1343973176398");
Deleted : user_pref("CT2790392.settingsINI", true);
Deleted : user_pref("CT2790392.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2790392.smartbar.CTID", "CT2790392");
Deleted : user_pref("CT2790392.smartbar.Uninstall", "0");
Deleted : user_pref("CT2790392.smartbar.homepage", true);
Deleted : user_pref("CT2790392.smartbar.toolbarName", "BitTorrentBar ");
Deleted : user_pref("CT2790392.startPage", "TRUE");
Deleted : user_pref("CT2790392.toolbarBornServerTime", "3-8-2012");
Deleted : user_pref("CT2790392.toolbarCurrentServerTime", "3-8-2012");
Deleted : user_pref("CT2790392.toolbarDisabled", "true");
Deleted : user_pref("CT2790392.url_history0001", "hxxps://www.google.com:::clickhandler:::1343973525662,,,hxxp[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7B7e5c4451-10[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2790392");
Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users.WINDOWS\\Application [...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com?cid=%7B7e5c4451-10d5-4563-90db-3dac62d[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B7e5c4451-10d5-4563-90db-3dac62dc6f36%[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",
Deleted : "explicit_host": [ "hxxp://igor.facemoods.com/*", "hxxp://reports.facemoods.com/*" ],
Deleted : "css": [ "style/facemoods_chrome_1.0.1.css" ],
Deleted : "name": "Facemoods",
Deleted : "permissions": [ "tabs", "hxxp://igor.facemoods.com/", "hxxp://reports.facemoods.com/[...]
Deleted : "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml",
Deleted : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48" ]
Deleted : "homepage": "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48",

*************************

AdwCleaner[R1].txt - [22236 octets] - [02/08/2012 15:01:23]
AdwCleaner[S1].txt - [31391 octets] - [06/08/2012 10:48:20]

########## EOF - C:\AdwCleaner[S1].txt - [31520 octets] ##########

[screen317]

Hi,

• Please double click on adwcleaner.exe to run the tool.
  
• Click on Uninstall.
  
• Confirm with Yes.

Reboot.

How are things running now?

[Glirmin]

things are running great. all problems are gone.
Thank You Very Much.
i really appreciate the help

[screen317]

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
  
• Yellow for caution
  
• Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!


Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?




Safe surfing,

-screen317

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.