1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer Redirecting but Can't Find TDSServe.sys file! HELP!

Discussion in 'Virus & Other Malware Removal' started by loppy loo, Mar 13, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. loppy loo

    loppy loo Thread Starter

    Joined:
    Sep 4, 2005
    Messages:
    56
    I need help please! My computer started redirecting out of the blue today. I did a search and the most likely culprut seems to be the Goodle redirect virus but all of the directions for removing this point to a tdsserve file that I do not see in my device manager. Your help would be greatly appreciated!!!


    Additional information: we tried to download AVG anti-virus and it downloaded AVG link scanner. Strangely, we have it on out laptop so we downloaded it on toe a usb drive. The laptop reads the file as anti-virus but the desktop (the sick one) reads it as link scanner...same file...WTF!
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    Following stupid out of date generic advice from the net in malware cases is the quickest way to really muck up your computer.

    follow advice here and post the logs those programs make
     
  3. loppy loo

    loppy loo Thread Starter

    Joined:
    Sep 4, 2005
    Messages:
    56
    Here are the logs:
    Hijack This:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:16:35 AM, on 3/14/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\providerComcast\bin\tgsrvc.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Documents and Settings\user\My Documents\Downloads\HijackThis.exe
    C:\WINDOWS\System32\svchost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3090128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3090128
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjM4MjI2NDQ3LUJBKzEtS1YzKzctWEwrMS1UNC1WNzg2KzEtRkwxMCsxLUxJQysyLUREVCs2NDQzOC1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzEtRjEwTTEyQisxLVRCVlVQRysxMi1GMTBNMTJGVCsxLVRCTisxLUYxME0xMlRBKzItVklQMTIrMS1GMTBNMTJSKzEtRjEwTTEyUjIrMQ"&"prod=90"&"ver=10.0.1424
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1363221656591
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1341956803578
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} (Java Plug-in 1.6.0_33) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Google Update Service (gupdate1ca1075d1d2959c) (gupdate1ca1075d1d2959c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    O23 - Service: SupportSoft Repair Service (providercomcast) (tgsrvc_providercomcast) - SupportSoft, Inc. - C:\Program Files\providerComcast\bin\tgsrvc.exe
    O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

    --
    End of file - 10650 bytes

    DDS:
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_39
    Run by user at 11:19:50 on 2013-03-14
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.1487 [GMT -7:00]
    .
    AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ================
    .
    C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\providerComcast\bin\tgsrvc.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://xfinity.comcast.net/
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
    uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3090128
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
    BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - <orphaned>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjM4MjI2NDQ3LUJBKzEtS1YzKzctWEwrMS1UNC1WNzg2KzEtRkwxMCsxLUxJQysyLUREVCs2NDQzOC1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzEtRjEwTTEyQisxLVRCVlVQRysxMi1GMTBNMTJGVCsxLVRCTisxLUYxME0xMlRBKzItVklQMTIrMS1GMTBNMTJSKzEtRjEwTTEyUjIrMQ"&"prod=90"&"ver=10.0.1424
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: mswsock.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1363221656591
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341956803578
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    TCP: Interfaces\{EB82E77B-8F84-41F1-B883-322EE81BA578} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - <Clsid value has no data>
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
    Notify: igfxcui - igfxdev.dll
    Notify: NavLogon - <no file>
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.152\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\uapxa64h.default-1343232836250\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
    FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
    FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
    FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
    FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\uapxa64h.default-1343232836250\extensions\[email protected]\plugins\npLMI64.dll
    FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\uapxa64h.default-1343232836250\extensions\[email protected]\plugins\npRACtrl.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin10171.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
    FF - plugin: c:\program files\glance27\npglance.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2013-02-13 09:16; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
    FF - ExtSQL: 2013-02-13 09:28; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\firefox\Ext
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 195296]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-11-22 14776]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-9 33112]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-11-18 465216]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-18 54752]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
    R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2009-1-28 8960]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-11-26 1225312]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-11-26 659040]
    R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providercomcast\bin\tgsrvc.exe [2008-5-2 148768]
    R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-3-13 968880]
    R3 glancedrv;glancedrv;c:\windows\system32\drivers\glancedrv.sys [2010-2-6 34080]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-28 116224]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1ca1075d1d2959c;Google Update Service (gupdate1ca1075d1d2959c);c:\program files\google\update\GoogleUpdate.exe [2009-7-29 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
    S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.SYS [2004-10-27 22144]
    S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2009-1-28 11264]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-1-28 16640]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-9-24 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-9-24 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-9-24 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-9-24 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-9-24 25704]
    S4 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-5-28 401920]
    S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    .
    =============== Created Last 30 ================
    .
    2013-03-14 01:01:09 -------- d-----w- c:\documents and settings\user\local settings\application data\Updater19962
    2013-03-14 01:01:08 -------- d-----w- c:\documents and settings\user\local settings\application data\Supreme Savings
    2013-03-14 00:48:10 -------- d-----w- c:\program files\AVG Secure Search
    2013-03-14 00:46:27 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
    2013-03-14 00:45:02 -------- d-----w- c:\documents and settings\user\local settings\application data\MFAData
    2013-02-27 21:29:54 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
    2013-02-27 21:10:39 -------- d-----w- c:\documents and settings\user\Adobe Acrobat XI Pro
    2013-02-27 21:06:08 -------- d-----w- c:\documents and settings\user\application data\com.adobe.downloadassistant.AdobeDownloadAssistant
    2013-02-15 22:31:23 186432 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2013-02-13 23:29:12 -------- d-----w- c:\program files\Cisco Systems
    2013-02-13 17:29:47 -------- d-----w- c:\documents and settings\user\application data\RealNetworks
    2013-02-13 17:28:41 -------- d-----w- c:\program files\RealNetworks
    2013-02-13 17:28:38 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks
    2013-02-13 17:28:13 -------- d-----w- c:\program files\common files\xing shared
    2013-02-13 17:16:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .
    ==================== Find3M ====================
    .
    2013-03-14 00:47:58 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-03-01 04:01:39 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-03-01 04:01:38 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-13 17:27:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-02-13 17:27:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2013-02-13 17:16:02 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-02-13 17:16:02 473520 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-31 19:24:26 174592 ----a-w- c:\windows\system32\framedyn.dll
    2013-01-31 19:24:26 122880 ----a-w- c:\windows\system32\jacob.dll
    2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-20 23:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2013-01-07 01:32:34 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:45:12 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:32:36 1876224 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40:59 385024 ----a-w- c:\windows\system32\html.iec
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 11:21:06.68 ===============

    Attach:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/30/2009 12:20:20 PM
    System Uptime: 3/13/2013 7:45:07 PM (16 hours ago)
    .
    Motherboard: Dell Inc. | | 0P301D
    Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 2792/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 361.988 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1419: 12/14/2012 4:13:27 PM - Software Distribution Service 3.0
    RP1420: 12/15/2012 6:54:15 PM - Software Distribution Service 3.0
    RP1421: 12/16/2012 7:04:27 PM - Software Distribution Service 3.0
    RP1422: 12/17/2012 7:10:42 PM - System Checkpoint
    RP1423: 12/17/2012 8:24:24 PM - Software Distribution Service 3.0
    RP1424: 12/18/2012 8:39:00 PM - System Checkpoint
    RP1425: 12/19/2012 8:22:09 AM - Software Distribution Service 3.0
    RP1426: 12/20/2012 8:35:57 AM - System Checkpoint
    RP1427: 12/20/2012 10:06:00 AM - Software Distribution Service 3.0
    RP1428: 12/21/2012 8:15:26 AM - Software Distribution Service 3.0
    RP1429: 12/21/2012 7:41:06 PM - Software Distribution Service 3.0
    RP1430: 12/22/2012 8:10:20 PM - Software Distribution Service 3.0
    RP1431: 12/24/2012 8:28:57 AM - Software Distribution Service 3.0
    RP1432: 12/25/2012 9:51:40 AM - Software Distribution Service 3.0
    RP1433: 12/26/2012 3:05:27 PM - Software Distribution Service 3.0
    RP1434: 12/27/2012 3:16:45 PM - Software Distribution Service 3.0
    RP1435: 12/28/2012 5:24:11 PM - Software Distribution Service 3.0
    RP1436: 12/29/2012 5:26:59 PM - System Checkpoint
    RP1437: 12/29/2012 7:50:47 PM - Software Distribution Service 3.0
    RP1438: 12/31/2012 9:51:15 AM - Software Distribution Service 3.0
    RP1439: 1/1/2013 6:22:37 PM - Software Distribution Service 3.0
    RP1440: 1/2/2013 6:38:32 PM - Software Distribution Service 3.0
    RP1441: 1/3/2013 6:51:59 PM - Software Distribution Service 3.0
    RP1442: 1/3/2013 7:16:12 PM - Software Distribution Service 3.0
    RP1443: 1/3/2013 7:18:15 PM - Software Distribution Service 3.0
    RP1444: 1/3/2013 7:18:57 PM - Software Distribution Service 3.0
    RP1445: 1/4/2013 7:19:36 PM - System Checkpoint
    RP1446: 1/5/2013 8:15:45 AM - Software Distribution Service 3.0
    RP1447: 1/6/2013 11:05:04 AM - Software Distribution Service 3.0
    RP1448: 1/7/2013 11:42:05 AM - Software Distribution Service 3.0
    RP1449: 1/8/2013 7:25:42 PM - Software Distribution Service 3.0
    RP1450: 1/9/2013 7:42:24 PM - System Checkpoint
    RP1451: 1/9/2013 8:38:33 PM - Software Distribution Service 3.0
    RP1452: 1/10/2013 10:52:13 AM - Software Distribution Service 3.0
    RP1453: 1/11/2013 8:15:48 AM - Software Distribution Service 3.0
    RP1454: 1/12/2013 8:18:13 AM - Software Distribution Service 3.0
    RP1455: 1/13/2013 8:33:13 AM - Software Distribution Service 3.0
    RP1456: 1/14/2013 10:09:40 AM - Software Distribution Service 3.0
    RP1457: 1/14/2013 12:25:32 PM - Software Distribution Service 3.0
    RP1458: 1/14/2013 12:32:08 PM - Software Distribution Service 3.0
    RP1459: 1/15/2013 4:33:21 PM - Software Distribution Service 3.0
    RP1460: 1/16/2013 6:42:01 PM - Software Distribution Service 3.0
    RP1461: 1/17/2013 7:17:57 PM - Software Distribution Service 3.0
    RP1462: 1/19/2013 8:14:46 AM - Software Distribution Service 3.0
    RP1463: 1/20/2013 8:49:10 AM - Software Distribution Service 3.0
    RP1464: 1/21/2013 11:57:56 AM - System Checkpoint
    RP1465: 1/21/2013 5:30:04 PM - Software Distribution Service 3.0
    RP1466: 1/22/2013 6:49:15 PM - System Checkpoint
    RP1467: 1/23/2013 11:17:09 AM - Software Distribution Service 3.0
    RP1468: 1/24/2013 11:34:53 AM - System Checkpoint
    RP1469: 1/24/2013 4:46:21 PM - Software Distribution Service 3.0
    RP1470: 1/25/2013 5:00:15 PM - System Checkpoint
    RP1471: 1/26/2013 9:49:25 AM - Software Distribution Service 3.0
    RP1472: 1/26/2013 4:25:21 PM - Installed TurboTax 2012 wrapper
    RP1473: 1/27/2013 5:16:54 PM - System Checkpoint
    RP1474: 1/27/2013 7:51:42 PM - Software Distribution Service 3.0
    RP1475: 1/28/2013 3:48:20 PM - Restore Operation
    RP1476: 1/29/2013 12:35:58 AM - Software Distribution Service 3.0
    RP1477: 1/30/2013 6:46:57 PM - Software Distribution Service 3.0
    RP1478: 1/31/2013 7:55:23 PM - System Checkpoint
    RP1479: 2/1/2013 8:55:53 AM - Software Distribution Service 3.0
    RP1480: 2/2/2013 8:45:53 AM - Software Distribution Service 3.0
    RP1481: 2/3/2013 10:27:51 AM - Software Distribution Service 3.0
    RP1482: 2/4/2013 11:23:01 AM - System Checkpoint
    RP1483: 2/5/2013 8:31:54 AM - Software Distribution Service 3.0
    RP1484: 2/6/2013 10:13:12 AM - Software Distribution Service 3.0
    RP1485: 2/7/2013 11:30:25 AM - System Checkpoint
    RP1486: 2/7/2013 7:23:42 PM - Software Distribution Service 3.0
    RP1487: 2/8/2013 8:10:35 PM - System Checkpoint
    RP1488: 2/9/2013 6:07:23 PM - Software Distribution Service 3.0
    RP1489: 2/10/2013 6:13:40 PM - Software Distribution Service 3.0
    RP1490: 2/10/2013 7:40:15 PM - Software Distribution Service 3.0
    RP1491: 2/12/2013 11:11:49 AM - Software Distribution Service 3.0
    RP1492: 2/12/2013 6:34:46 PM - Installed TurboTax 2012 woriper
    RP1493: 2/13/2013 9:02:12 AM - Software Distribution Service 3.0
    RP1494: 2/13/2013 9:52:34 AM - Software Distribution Service 3.0
    RP1495: 2/13/2013 9:59:00 AM - Software Distribution Service 3.0
    RP1496: 2/14/2013 1:04:04 PM - Software Distribution Service 3.0
    RP1497: 2/15/2013 2:13:37 PM - System Checkpoint
    RP1498: 2/16/2013 10:05:17 AM - Software Distribution Service 3.0
    RP1499: 2/17/2013 1:57:44 PM - System Checkpoint
    RP1500: 2/17/2013 5:02:30 PM - Software Distribution Service 3.0
    RP1501: 2/17/2013 8:06:17 PM - Software Distribution Service 3.0
    RP1502: 2/18/2013 8:41:21 PM - Software Distribution Service 3.0
    RP1503: 2/20/2013 8:39:57 AM - Software Distribution Service 3.0
    RP1504: 2/21/2013 8:43:38 AM - System Checkpoint
    RP1505: 2/21/2013 12:06:04 PM - Software Distribution Service 3.0
    RP1506: 2/22/2013 2:56:22 PM - System Checkpoint
    RP1507: 2/22/2013 8:48:26 PM - Software Distribution Service 3.0
    RP1508: 2/23/2013 9:39:24 PM - System Checkpoint
    RP1509: 2/24/2013 9:47:58 AM - Software Distribution Service 3.0
    RP1510: 2/25/2013 6:21:30 PM - Software Distribution Service 3.0
    RP1511: 2/26/2013 6:26:35 PM - System Checkpoint
    RP1512: 2/27/2013 12:00:01 PM - Software Distribution Service 3.0
    RP1513: 2/27/2013 1:26:45 PM - Installed Adobe Acrobat XI Pro.
    RP1514: 2/27/2013 1:38:58 PM - Removed Adobe Acrobat XI Pro.
    RP1515: 2/27/2013 1:40:59 PM - Removed Adobe Download Assistant
    RP1516: 2/28/2013 4:41:37 PM - Software Distribution Service 3.0
    RP1517: 3/1/2013 4:47:51 PM - System Checkpoint
    RP1518: 3/1/2013 6:07:41 PM - Software Distribution Service 3.0
    RP1519: 3/2/2013 6:56:46 PM - System Checkpoint
    RP1520: 3/3/2013 10:35:44 AM - Software Distribution Service 3.0
    RP1521: 3/3/2013 8:23:13 PM - Software Distribution Service 3.0
    RP1522: 3/4/2013 9:51:21 PM - System Checkpoint
    RP1523: 3/5/2013 12:20:51 PM - Software Distribution Service 3.0
    RP1524: 3/6/2013 2:27:32 PM - System Checkpoint
    RP1525: 3/7/2013 2:00:11 AM - Software Distribution Service 3.0
    RP1526: 3/8/2013 1:59:32 AM - Software Distribution Service 3.0
    RP1527: 3/9/2013 1:59:07 AM - Software Distribution Service 3.0
    RP1528: 3/10/2013 2:59:17 AM - Software Distribution Service 3.0
    RP1529: 3/10/2013 8:26:44 PM - Software Distribution Service 3.0
    RP1530: 3/11/2013 2:59:34 AM - Software Distribution Service 3.0
    RP1531: 3/12/2013 2:59:30 AM - Software Distribution Service 3.0
    RP1532: 3/13/2013 2:59:43 AM - Software Distribution Service 3.0
    RP1533: 3/13/2013 5:46:58 PM - Installed AVG 2013
    RP1534: 3/13/2013 7:33:21 PM - Removed AVG 2013
    RP1535: 3/13/2013 7:34:18 PM - Removed AVG 2012
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.6)
    Advanced SystemCare 6
    Amazon Games & Software Downloader
    Amazon MP3 Downloader 1.0.17
    Amazon Music Importer
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 2.0.2
    Autumn's Treasures - The Jade Coin
    AVG Security Toolbar
    Bejeweled 2 Deluxe
    Big Fish Games: Game Manager
    Bonjour
    Brother HL-2140
    Browser Address Error Redirector
    Can You See What I See?
    Canon Easy-PhotoPrint EX
    Canon MP Navigator EX 4.1
    Canon MX410 series MP Drivers
    Canon MX410 series User Registration
    Canon My Printer
    Canon Solution Menu EX
    Canon Speed Dial Utility
    CCleaner
    Chainz 2 - Relinked
    Chuzzle Deluxe
    Cisco Connect
    Comcast User Setup
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    Dark Parables: Curse of Briar Rose
    Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
    Dell Driver Download Manager
    Diagnostics Utility
    Dropbox
    Echocontact 3.2
    Empress of the Deep - The Darkest Secret
    Escape Rosecliff Island
    Explore the World
    Faded Reality
    Family Feud
    Family Feud (remove only)
    Flux Family Secrets: The Ripple Effect
    Free Video to MP3 Converter version 4.1
    Glance 2.7
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 5.1.0.880
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Intel(R) Graphics Media Accelerator Driver
    IntelĀ® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 39
    Java(TM) 6 Update 7
    Junk Mail filter update
    Legalsounds Download Manager
    LiveUpdate (Symantec Corporation)
    Malwarebytes Anti-Malware version 1.70.0.1100
    Masquerade Mysteries: The Case of the Copycat Curator
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Midnight Mysteries: Salem Witch Trials
    Mozilla Firefox 19.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 6.0 Parser (KB927977)
    Napster
    Napster Burn Engine
    Napster Download Manager
    OGA Notifier 2.0.0048.0
    Packet8 Virtual Office Softalk 1.5.20
    Penny Dreadfuls&#8482; Sweeney Todd
    PhotoScape
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    PowerDVD
    PuppetShow: Mystery of Joyville &#8482;
    QuickTime
    RealArcade
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Rhapsody
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Secunia PSI (3.0.0.6001)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB960714)
    Segoe UI
    Skype&#8482; 6.1
    Smart Defrag 2
    Sonic CinePlayer Decoder Pack
    Special Enquiry Detail: The Hand that Feeds
    Spybot - Search & Destroy
    Super Pop & Drop
    TCRE Installer
    TextTwist 2
    Treasure Seekers: Follow the Ghosts
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 woriper
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 woriper
    TurboTax 2011 wrapper
    TurboTax 2012
    TurboTax 2012 WinPerFedFormset
    TurboTax 2012 WinPerReleaseEngine
    TurboTax 2012 WinPerTaxSupport
    TurboTax 2012 woriper
    TurboTax 2012 wrapper
    Uninstall 1.0.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Windows Internet Explorer 8 (KB2362765)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB2632503)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Verint Multimedia Support Package
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Presentation Foundation
    XML Paper Specification Shared Components Pack 1.0
    Xul Installer
    Xul7 Installer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/13/2013 5:22:36 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    3/13/2013 5:22:36 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================

    Ark:

    GMER 2.1.19155 - http://www.gmer.net
    Rootkit scan 2013-03-14 11:55:05
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST350041 rev.CC44 465.76GB
    Running: hzy3f0rt.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kwdyapob.sys


    ---- System - GMER 2.1 ----

    SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xA1FE31AE]

    ---- Kernel code sections - GMER 2.1 ----

    ? C:\DOCUME~1\user\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

    ---- User code sections - GMER 2.1 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[1844] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL
    .text C:\program files\real\realplayer\update\realsched.exe[2396] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0153D180 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3180] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01886B9C C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3180] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01886B79 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3180] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 0154F84B C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3180] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01886AFA C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3180] CRYPT32.dll!CryptMsgCountersignEncoded + 27A 77A92F42 7 Bytes JMP 03A0EE40
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3180] CRYPT32.dll!CertComparePublicKeyInfo + 1E8 77A9B761 7 Bytes JMP 03A0EEB0
    .text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[6256] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7108] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E982 C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[7108] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 1045EE7F C:\Program Files\Mozilla Firefox\xul.dll
    .text C:\WINDOWS\System32\svchost.exe[7812] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 008C000A
    .text C:\WINDOWS\System32\svchost.exe[7812] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 008B000A
    .text C:\WINDOWS\System32\svchost.exe[7812] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 008A000A

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys

    Device mrxsmb.sys
    Device 8D351D20

    AttachedDevice fltMgr.sys

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS
    ---- Processes - GMER 2.1 ----

    Library c:\windows\system32\y (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1296] 0x45670000
    Library c:\windows\system32\y (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1304] 0x45670000

    ---- EOF - GMER 2.1 ----
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  5. loppy loo

    loppy loo Thread Starter

    Joined:
    Sep 4, 2005
    Messages:
    56
    No threats found! So nothing was fixed. Here is the log anyhow...

    14:03:34.0515 4572 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    14:03:34.0953 4572 ============================================================
    14:03:34.0953 4572 Current date / time: 2013/03/14 14:03:34.0953
    14:03:34.0953 4572 SystemInfo:
    14:03:34.0953 4572
    14:03:34.0953 4572 OS Version: 5.1.2600 ServicePack: 3.0
    14:03:34.0953 4572 Product type: Workstation
    14:03:34.0953 4572 ComputerName: DCPDQ3J1
    14:03:34.0953 4572 UserName: user
    14:03:34.0953 4572 Windows directory: C:\WINDOWS
    14:03:34.0953 4572 System windows directory: C:\WINDOWS
    14:03:34.0953 4572 Processor architecture: Intel x86
    14:03:34.0953 4572 Number of processors: 2
    14:03:34.0953 4572 Page size: 0x1000
    14:03:34.0953 4572 Boot type: Normal boot
    14:03:34.0953 4572 ============================================================
    14:03:35.0250 4572 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    14:03:35.0250 4572 ============================================================
    14:03:35.0250 4572 \Device\Harddisk0\DR0:
    14:03:35.0250 4572 MBR partitions:
    14:03:35.0250 4572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4A853, BlocksNum 0x3A33A3EE
    14:03:35.0250 4572 ============================================================
    14:03:35.0296 4572 C: <-> \Device\Harddisk0\DR0\Partition1
    14:03:35.0296 4572 ============================================================
    14:03:35.0296 4572 Initialize success
    14:03:35.0296 4572 ============================================================
    14:04:14.0468 8260 ============================================================
    14:04:14.0468 8260 Scan started
    14:04:14.0468 8260 Mode: Manual;
    14:04:14.0468 8260 ============================================================
    14:04:16.0843 8260 ================ Scan system memory ========================
    14:04:16.0843 8260 System memory - ok
    14:04:16.0843 8260 ================ Scan services =============================
    14:04:16.0937 8260 Abiosdsk - ok
    14:04:16.0953 8260 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    14:04:16.0953 8260 abp480n5 - ok
    14:04:16.0968 8260 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    14:04:16.0984 8260 ACPI - ok
    14:04:16.0984 8260 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    14:04:16.0984 8260 ACPIEC - ok
    14:04:17.0015 8260 [ 18B9E3AFFFF9A3E65C4BCE114FCA297C ] ADM851X C:\WINDOWS\system32\DRIVERS\ADM851X.SYS
    14:04:17.0015 8260 ADM851X - ok
    14:04:17.0046 8260 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    14:04:17.0046 8260 adpu160m - ok
    14:04:17.0125 8260 [ CBFAA333EBA2E402A0439A3A0E5413F3 ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    14:04:17.0125 8260 AdvancedSystemCareService6 - ok
    14:04:17.0156 8260 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    14:04:17.0156 8260 aec - ok
    14:04:17.0187 8260 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    14:04:17.0187 8260 AFD - ok
    14:04:17.0203 8260 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    14:04:17.0203 8260 agp440 - ok
    14:04:17.0218 8260 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    14:04:17.0218 8260 agpCPQ - ok
    14:04:17.0218 8260 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    14:04:17.0218 8260 Aha154x - ok
    14:04:17.0234 8260 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    14:04:17.0234 8260 aic78u2 - ok
    14:04:17.0234 8260 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    14:04:17.0234 8260 aic78xx - ok
    14:04:17.0250 8260 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    14:04:17.0250 8260 Alerter - ok
    14:04:17.0265 8260 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    14:04:17.0265 8260 ALG - ok
    14:04:17.0281 8260 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    14:04:17.0281 8260 AliIde - ok
    14:04:17.0296 8260 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    14:04:17.0296 8260 alim1541 - ok
    14:04:17.0375 8260 [ FF6F0F6A2D72065AE4300426FA414693 ] Amazon Download Agent C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    14:04:17.0375 8260 Amazon Download Agent - ok
    14:04:17.0375 8260 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    14:04:17.0375 8260 amdagp - ok
    14:04:17.0421 8260 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    14:04:17.0421 8260 amsint - ok
    14:04:17.0468 8260 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    14:04:17.0468 8260 Apple Mobile Device - ok
    14:04:17.0484 8260 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    14:04:17.0484 8260 AppMgmt - ok
    14:04:17.0500 8260 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    14:04:17.0500 8260 asc - ok
    14:04:17.0500 8260 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    14:04:17.0500 8260 asc3350p - ok
    14:04:17.0500 8260 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    14:04:17.0500 8260 asc3550 - ok
    14:04:17.0640 8260 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    14:04:17.0640 8260 aspnet_state - ok
    14:04:17.0656 8260 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14:04:17.0656 8260 AsyncMac - ok
    14:04:17.0703 8260 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    14:04:17.0703 8260 atapi - ok
    14:04:17.0703 8260 Atdisk - ok
    14:04:17.0703 8260 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    14:04:17.0718 8260 Atmarpc - ok
    14:04:17.0750 8260 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    14:04:17.0750 8260 AudioSrv - ok
    14:04:17.0781 8260 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    14:04:17.0781 8260 audstub - ok
    14:04:17.0843 8260 [ 71D3E4727456128A1153122F3C7DD78C ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    14:04:17.0859 8260 Automatic LiveUpdate Scheduler - ok
    14:04:17.0890 8260 [ CAE7B6E4D7EB17829C526153D19B9C95 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
    14:04:17.0890 8260 avgtp - ok
    14:04:17.0906 8260 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    14:04:17.0906 8260 Beep - ok
    14:04:17.0968 8260 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    14:04:17.0968 8260 Bonjour Service - ok
    14:04:18.0000 8260 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    14:04:18.0000 8260 Browser - ok
    14:04:18.0031 8260 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    14:04:18.0031 8260 cbidf - ok
    14:04:18.0031 8260 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    14:04:18.0031 8260 cbidf2k - ok
    14:04:18.0046 8260 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    14:04:18.0046 8260 cd20xrnt - ok
    14:04:18.0046 8260 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    14:04:18.0046 8260 Cdaudio - ok
    14:04:18.0078 8260 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    14:04:18.0078 8260 Cdfs - ok
    14:04:18.0093 8260 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    14:04:18.0109 8260 Cdrom - ok
    14:04:18.0109 8260 Changer - ok
    14:04:18.0140 8260 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    14:04:18.0140 8260 CiSvc - ok
    14:04:18.0171 8260 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    14:04:18.0171 8260 ClipSrv - ok
    14:04:18.0234 8260 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:04:18.0234 8260 clr_optimization_v2.0.50727_32 - ok
    14:04:18.0265 8260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:04:18.0265 8260 clr_optimization_v4.0.30319_32 - ok
    14:04:18.0281 8260 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    14:04:18.0281 8260 CmdIde - ok
    14:04:18.0296 8260 COMSysApp - ok
    14:04:18.0296 8260 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    14:04:18.0296 8260 Cpqarray - ok
    14:04:18.0328 8260 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    14:04:18.0328 8260 CryptSvc - ok
    14:04:18.0328 8260 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    14:04:18.0328 8260 dac2w2k - ok
    14:04:18.0343 8260 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    14:04:18.0343 8260 dac960nt - ok
    14:04:18.0390 8260 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    14:04:18.0390 8260 DcomLaunch - ok
    14:04:18.0421 8260 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    14:04:18.0421 8260 Dhcp - ok
    14:04:18.0468 8260 [ A22D5A027F397E412CBB2D97E8661BFF ] Diag69xp C:\WINDOWS\system32\Drivers\Diag69xp.sys
    14:04:18.0468 8260 Diag69xp - ok
    14:04:18.0500 8260 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    14:04:18.0500 8260 Disk - ok
    14:04:18.0531 8260 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
    14:04:18.0531 8260 DLABMFSM - ok
    14:04:18.0531 8260 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
    14:04:18.0531 8260 DLABOIOM - ok
    14:04:18.0531 8260 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    14:04:18.0531 8260 DLACDBHM - ok
    14:04:18.0546 8260 [ 87413B94AE1FABC117C4E8AE6725134E ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS
    14:04:18.0546 8260 DLADResM - ok
    14:04:18.0546 8260 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
    14:04:18.0546 8260 DLAIFS_M - ok
    14:04:18.0562 8260 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
    14:04:18.0562 8260 DLAOPIOM - ok
    14:04:18.0562 8260 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
    14:04:18.0562 8260 DLAPoolM - ok
    14:04:18.0562 8260 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    14:04:18.0562 8260 DLARTL_M - ok
    14:04:18.0578 8260 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
    14:04:18.0578 8260 DLAUDFAM - ok
    14:04:18.0578 8260 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
    14:04:18.0578 8260 DLAUDF_M - ok
    14:04:18.0578 8260 dmadmin - ok
    14:04:18.0625 8260 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    14:04:18.0625 8260 dmboot - ok
    14:04:18.0640 8260 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    14:04:18.0640 8260 dmio - ok
    14:04:18.0640 8260 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    14:04:18.0640 8260 dmload - ok
    14:04:18.0671 8260 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    14:04:18.0671 8260 dmserver - ok
    14:04:18.0703 8260 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    14:04:18.0703 8260 DMusic - ok
    14:04:18.0734 8260 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    14:04:18.0734 8260 Dnscache - ok
    14:04:18.0765 8260 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    14:04:18.0765 8260 Dot3svc - ok
    14:04:18.0781 8260 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    14:04:18.0781 8260 dpti2o - ok
    14:04:18.0796 8260 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    14:04:18.0796 8260 drmkaud - ok
    14:04:18.0796 8260 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    14:04:18.0796 8260 DRVMCDB - ok
    14:04:18.0812 8260 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    14:04:18.0812 8260 DRVNDDM - ok
    14:04:18.0828 8260 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    14:04:18.0828 8260 EapHost - ok
    14:04:18.0843 8260 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    14:04:18.0859 8260 ERSvc - ok
    14:04:18.0875 8260 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    14:04:18.0890 8260 Eventlog - ok
    14:04:18.0906 8260 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    14:04:18.0921 8260 EventSystem - ok
    14:04:18.0953 8260 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    14:04:18.0968 8260 Fastfat - ok
    14:04:19.0000 8260 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    14:04:19.0000 8260 FastUserSwitchingCompatibility - ok
    14:04:19.0031 8260 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    14:04:19.0046 8260 Fax - ok
    14:04:19.0250 8260 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    14:04:19.0250 8260 Fdc - ok
    14:04:19.0265 8260 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    14:04:19.0265 8260 Fips - ok
    14:04:19.0265 8260 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    14:04:19.0265 8260 Flpydisk - ok
    14:04:19.0281 8260 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    14:04:19.0281 8260 FltMgr - ok
    14:04:19.0375 8260 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    14:04:19.0375 8260 FontCache3.0.0.0 - ok
    14:04:19.0437 8260 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    14:04:19.0437 8260 fssfltr - ok
    14:04:19.0500 8260 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    14:04:19.0500 8260 fsssvc - ok
    14:04:19.0515 8260 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    14:04:19.0515 8260 Fs_Rec - ok
    14:04:19.0531 8260 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    14:04:19.0531 8260 Ftdisk - ok
    14:04:19.0562 8260 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    14:04:19.0562 8260 GEARAspiWDM - ok
    14:04:19.0578 8260 [ 1E6C235714A42B2EDC0CFA93D0EA66D3 ] glancedrv C:\WINDOWS\system32\DRIVERS\glancedrv.sys
    14:04:19.0578 8260 glancedrv - ok
    14:04:19.0593 8260 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    14:04:19.0593 8260 Gpc - ok
    14:04:19.0640 8260 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca1075d1d2959c C:\Program Files\Google\Update\GoogleUpdate.exe
    14:04:19.0656 8260 gupdate1ca1075d1d2959c - ok
    14:04:19.0656 8260 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    14:04:19.0656 8260 gupdatem - ok
    14:04:19.0687 8260 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    14:04:19.0687 8260 gusvc - ok
    14:04:19.0718 8260 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    14:04:19.0718 8260 HDAudBus - ok
    14:04:19.0812 8260 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    14:04:19.0812 8260 helpsvc - ok
    14:04:19.0843 8260 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    14:04:19.0843 8260 HidServ - ok
    14:04:19.0859 8260 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    14:04:19.0859 8260 hidusb - ok
    14:04:19.0875 8260 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    14:04:19.0875 8260 hkmsvc - ok
    14:04:19.0890 8260 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    14:04:19.0890 8260 hpn - ok
    14:04:19.0921 8260 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    14:04:19.0937 8260 HTTP - ok
    14:04:19.0968 8260 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    14:04:19.0968 8260 HTTPFilter - ok
    14:04:19.0968 8260 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    14:04:19.0968 8260 i2omgmt - ok
    14:04:20.0000 8260 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    14:04:20.0000 8260 i2omp - ok
    14:04:20.0796 8260 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    14:04:20.0796 8260 IAANTMON - ok
    14:04:20.0859 8260 [ 2F91CA49FB204262D234CAE40E51C8CD ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    14:04:20.0875 8260 ialm - ok
    14:04:20.0906 8260 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
    14:04:20.0906 8260 iaStor - ok
    14:04:20.0968 8260 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    14:04:20.0984 8260 idsvc - ok
    14:04:21.0000 8260 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    14:04:21.0000 8260 Imapi - ok
    14:04:21.0046 8260 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    14:04:21.0046 8260 ImapiService - ok
    14:04:21.0187 8260 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    14:04:21.0187 8260 ini910u - ok
    14:04:21.0796 8260 [ 5C8F36CDCB489111B24003AF4DFE1FDC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    14:04:21.0828 8260 IntcAzAudAddService - ok
    14:04:21.0953 8260 [ F5C70E41B19D33CC764998786AB74165 ] IntcHdmiAddService C:\WINDOWS\system32\drivers\IntcHdmi.sys
    14:04:21.0953 8260 IntcHdmiAddService - ok
    14:04:21.0968 8260 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    14:04:21.0968 8260 IntelIde - ok
    14:04:21.0984 8260 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    14:04:21.0984 8260 intelppm - ok
    14:04:22.0671 8260 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    14:04:22.0671 8260 IntuitUpdateService - ok
    14:04:22.0734 8260 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    14:04:22.0734 8260 IntuitUpdateServiceV4 - ok
    14:04:22.0750 8260 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    14:04:22.0750 8260 Ip6Fw - ok
    14:04:22.0781 8260 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    14:04:22.0781 8260 IpFilterDriver - ok
    14:04:22.0812 8260 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    14:04:22.0812 8260 IpInIp - ok
    14:04:22.0843 8260 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    14:04:22.0843 8260 IpNat - ok
    14:04:22.0890 8260 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    14:04:22.0890 8260 iPod Service - ok
    14:04:22.0906 8260 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    14:04:22.0906 8260 IPSec - ok
    14:04:22.0921 8260 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    14:04:22.0921 8260 IRENUM - ok
    14:04:22.0968 8260 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    14:04:22.0968 8260 isapnp - ok
    14:04:23.0421 8260 [ A0D14B7538FA3AE9CB771B9E99CECF43 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    14:04:23.0437 8260 JavaQuickStarterService - ok
    14:04:23.0453 8260 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    14:04:23.0453 8260 Kbdclass - ok
    14:04:23.0484 8260 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    14:04:23.0484 8260 kbdhid - ok
    14:04:23.0500 8260 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    14:04:23.0500 8260 kmixer - ok
    14:04:23.0531 8260 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    14:04:23.0531 8260 KSecDD - ok
    14:04:23.0562 8260 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    14:04:23.0562 8260 LanmanServer - ok
    14:04:23.0593 8260 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    14:04:23.0593 8260 lanmanworkstation - ok
    14:04:23.0625 8260 [ 8F5795B166CBB50966E29982F8CDB310 ] LANPkt C:\WINDOWS\system32\DRIVERS\LANPkt.sys
    14:04:23.0625 8260 LANPkt - ok
    14:04:23.0625 8260 lbrtfdc - ok
    14:04:23.0718 8260 [ 40C6499909DAC964E829DF11B42AF1D7 ] LiveUpdate C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    14:04:23.0796 8260 LiveUpdate - ok
    14:04:23.0859 8260 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    14:04:23.0859 8260 LmHosts - ok
    14:04:23.0859 8260 MCSTRM - ok
    14:04:23.0906 8260 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    14:04:23.0906 8260 Messenger - ok
    14:04:23.0984 8260 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    14:04:23.0984 8260 Microsoft Office Groove Audit Service - ok
    14:04:24.0000 8260 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    14:04:24.0000 8260 mnmdd - ok
    14:04:24.0015 8260 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    14:04:24.0015 8260 mnmsrvc - ok
    14:04:24.0734 8260 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    14:04:24.0750 8260 Modem - ok
    14:04:24.0765 8260 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    14:04:24.0765 8260 Mouclass - ok
    14:04:24.0781 8260 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    14:04:24.0781 8260 mouhid - ok
    14:04:24.0781 8260 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    14:04:24.0781 8260 MountMgr - ok
    14:04:24.0828 8260 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    14:04:24.0828 8260 MozillaMaintenance - ok
    14:04:24.0843 8260 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    14:04:24.0843 8260 MpFilter - ok
    14:04:24.0859 8260 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    14:04:24.0859 8260 mraid35x - ok
    14:04:24.0906 8260 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    14:04:24.0906 8260 MRxDAV - ok
    14:04:24.0937 8260 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:04:24.0937 8260 MRxSmb - ok
    14:04:25.0000 8260 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    14:04:25.0000 8260 MSDTC - ok
    14:04:25.0078 8260 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    14:04:25.0078 8260 Msfs - ok
    14:04:25.0093 8260 MSIServer - ok
    14:04:25.0859 8260 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:04:25.0859 8260 MSKSSRV - ok
    14:04:25.0875 8260 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:04:25.0875 8260 MSPCLOCK - ok
    14:04:25.0890 8260 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    14:04:25.0890 8260 MSPQM - ok
    14:04:25.0906 8260 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:04:25.0906 8260 mssmbios - ok
    14:04:25.0921 8260 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    14:04:25.0921 8260 Mup - ok
    14:04:25.0968 8260 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    14:04:25.0968 8260 napagent - ok
    14:04:26.0000 8260 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    14:04:26.0000 8260 NDIS - ok
    14:04:26.0031 8260 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:04:26.0031 8260 NdisTapi - ok
    14:04:26.0046 8260 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:04:26.0046 8260 Ndisuio - ok
    14:04:26.0078 8260 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:04:26.0078 8260 NdisWan - ok
    14:04:26.0468 8260 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    14:04:26.0468 8260 NDProxy - ok
    14:04:26.0468 8260 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:04:26.0484 8260 NetBIOS - ok
    14:04:26.0500 8260 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:04:26.0500 8260 NetBT - ok
    14:04:26.0531 8260 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    14:04:26.0546 8260 NetDDE - ok
    14:04:26.0546 8260 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    14:04:26.0546 8260 NetDDEdsdm - ok
    14:04:26.0562 8260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    14:04:26.0562 8260 Netlogon - ok
    14:04:26.0578 8260 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    14:04:26.0578 8260 Netman - ok
    14:04:26.0609 8260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    14:04:26.0609 8260 NetTcpPortSharing - ok
    14:04:26.0640 8260 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    14:04:26.0640 8260 Nla - ok
    14:04:26.0640 8260 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    14:04:26.0640 8260 Npfs - ok
    14:04:26.0671 8260 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    14:04:26.0671 8260 Ntfs - ok
    14:04:26.0687 8260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    14:04:26.0687 8260 NtLmSsp - ok
    14:04:26.0718 8260 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    14:04:26.0718 8260 NtmsSvc - ok
    14:04:26.0734 8260 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    14:04:26.0734 8260 Null - ok
    14:04:26.0750 8260 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:04:26.0750 8260 NwlnkFlt - ok
    14:04:26.0765 8260 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:04:26.0765 8260 NwlnkFwd - ok
    14:04:26.0859 8260 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    14:04:26.0859 8260 odserv - ok
    14:04:26.0890 8260 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    14:04:26.0906 8260 ose - ok
    14:04:26.0937 8260 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    14:04:26.0937 8260 Parport - ok
    14:04:26.0968 8260 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    14:04:26.0968 8260 PartMgr - ok
    14:04:26.0984 8260 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    14:04:26.0984 8260 ParVdm - ok
    14:04:27.0000 8260 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    14:04:27.0000 8260 PCI - ok
    14:04:27.0000 8260 PCIDump - ok
    14:04:27.0015 8260 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    14:04:27.0015 8260 PCIIde - ok
    14:04:27.0015 8260 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    14:04:27.0031 8260 Pcmcia - ok
    14:04:27.0031 8260 PDCOMP - ok
    14:04:27.0031 8260 PDFRAME - ok
    14:04:27.0031 8260 PDRELI - ok
    14:04:27.0031 8260 PDRFRAME - ok
    14:04:27.0046 8260 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    14:04:27.0046 8260 perc2 - ok
    14:04:27.0046 8260 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    14:04:27.0046 8260 perc2hib - ok
    14:04:27.0359 8260 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    14:04:27.0359 8260 PlugPlay - ok
    14:04:27.0375 8260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    14:04:27.0375 8260 PolicyAgent - ok
    14:04:27.0390 8260 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:04:27.0390 8260 PptpMiniport - ok
    14:04:27.0406 8260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    14:04:27.0406 8260 ProtectedStorage - ok
    14:04:27.0406 8260 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    14:04:27.0406 8260 PSched - ok
    14:04:27.0437 8260 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf.sys
    14:04:27.0437 8260 PSI - ok
    14:04:27.0453 8260 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:04:27.0453 8260 Ptilink - ok
    14:04:27.0484 8260 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    14:04:27.0484 8260 PxHelp20 - ok
    14:04:27.0500 8260 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    14:04:27.0500 8260 ql1080 - ok
    14:04:27.0500 8260 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    14:04:27.0500 8260 Ql10wnt - ok
    14:04:27.0515 8260 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    14:04:27.0515 8260 ql12160 - ok
    14:04:27.0515 8260 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    14:04:27.0515 8260 ql1240 - ok
    14:04:27.0531 8260 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    14:04:27.0531 8260 ql1280 - ok
    14:04:27.0546 8260 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:04:27.0546 8260 RasAcd - ok
    14:04:27.0562 8260 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    14:04:27.0562 8260 RasAuto - ok
    14:04:27.0578 8260 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:04:27.0578 8260 Rasl2tp - ok
    14:04:27.0593 8260 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    14:04:27.0593 8260 RasMan - ok
    14:04:27.0609 8260 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:04:27.0609 8260 RasPppoe - ok
    14:04:27.0609 8260 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:04:27.0609 8260 Raspti - ok
    14:04:27.0625 8260 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:04:27.0625 8260 Rdbss - ok
    14:04:27.0625 8260 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:04:27.0625 8260 RDPCDD - ok
    14:04:27.0640 8260 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    14:04:27.0640 8260 rdpdr - ok
    14:04:27.0671 8260 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    14:04:27.0671 8260 RDPWD - ok
    14:04:27.0703 8260 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    14:04:27.0703 8260 RDSessMgr - ok
    14:04:27.0750 8260 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    14:04:27.0750 8260 RealNetworks Downloader Resolver Service - ok
    14:04:27.0765 8260 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:04:27.0765 8260 redbook - ok
    14:04:27.0781 8260 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    14:04:27.0781 8260 RemoteAccess - ok
    14:04:27.0796 8260 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    14:04:27.0796 8260 RemoteRegistry - ok
    14:04:27.0859 8260 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    14:04:27.0859 8260 RpcLocator - ok
    14:04:27.0906 8260 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    14:04:27.0906 8260 RpcSs - ok
    14:04:27.0906 8260 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    14:04:27.0906 8260 RSVP - ok
    14:04:27.0937 8260 [ C6D34A1874CD2B212DC3E788091C64B4 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    14:04:27.0937 8260 RTLE8023xp - ok
    14:04:27.0968 8260 [ B9CA69921379EA2931C4450FE975BCE7 ] RTLVLAN C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
    14:04:27.0984 8260 RTLVLAN - ok
    14:04:28.0000 8260 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    14:04:28.0000 8260 SamSs - ok
    14:04:28.0000 8260 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    14:04:28.0015 8260 SCardSvr - ok
    14:04:28.0093 8260 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    14:04:28.0093 8260 Schedule - ok
    14:04:28.0703 8260 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:04:28.0703 8260 Secdrv - ok
    14:04:28.0734 8260 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    14:04:28.0734 8260 seclogon - ok
    14:04:28.0812 8260 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
    14:04:28.0828 8260 Secunia PSI Agent - ok
    14:04:28.0859 8260 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
    14:04:28.0875 8260 Secunia Update Agent - ok
    14:04:28.0875 8260 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    14:04:28.0875 8260 SENS - ok
    14:04:28.0890 8260 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    14:04:28.0890 8260 Serenum - ok
    14:04:28.0906 8260 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    14:04:28.0906 8260 Serial - ok
    14:04:28.0937 8260 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    14:04:28.0937 8260 Sfloppy - ok
    14:04:28.0953 8260 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    14:04:28.0968 8260 ShellHWDetection - ok
    14:04:28.0968 8260 Simbad - ok
    14:04:28.0984 8260 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    14:04:28.0984 8260 sisagp - ok
    14:04:29.0281 8260 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    14:04:29.0281 8260 SkypeUpdate - ok
    14:04:29.0609 8260 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
    14:04:29.0609 8260 SmartDefragDriver - ok
    14:04:29.0640 8260 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    14:04:29.0640 8260 Sparrow - ok
    14:04:29.0656 8260 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    14:04:29.0656 8260 splitter - ok
    14:04:29.0687 8260 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    14:04:29.0687 8260 Spooler - ok
    14:04:29.0687 8260 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    14:04:29.0687 8260 sr - ok
    14:04:29.0718 8260 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    14:04:29.0718 8260 srservice - ok
    14:04:29.0750 8260 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    14:04:29.0750 8260 Srv - ok
    14:04:29.0812 8260 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    14:04:29.0812 8260 SSDPSRV - ok
    14:04:29.0828 8260 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    14:04:29.0828 8260 stisvc - ok
    14:04:29.0890 8260 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    14:04:29.0890 8260 stllssvr - ok
    14:04:30.0000 8260 [ 6377AD46967E559EEE8EA0372EE72970 ] SupportSoft RemoteAssist C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    14:04:30.0015 8260 SupportSoft RemoteAssist - ok
    14:04:30.0046 8260 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:04:30.0046 8260 swenum - ok
    14:04:30.0078 8260 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    14:04:30.0078 8260 swmidi - ok
    14:04:30.0093 8260 SwPrv - ok
    14:04:30.0421 8260 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    14:04:30.0421 8260 symc810 - ok
    14:04:30.0437 8260 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    14:04:30.0437 8260 symc8xx - ok
    14:04:30.0437 8260 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    14:04:30.0437 8260 sym_hi - ok
    14:04:30.0453 8260 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    14:04:30.0453 8260 sym_u3 - ok
    14:04:30.0468 8260 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    14:04:30.0468 8260 sysaudio - ok
    14:04:30.0500 8260 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    14:04:30.0500 8260 SysmonLog - ok
    14:04:30.0531 8260 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    14:04:30.0531 8260 TapiSrv - ok
    14:04:30.0562 8260 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:04:30.0562 8260 Tcpip - ok
    14:04:30.0578 8260 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:04:30.0578 8260 TDPIPE - ok
    14:04:30.0593 8260 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    14:04:30.0593 8260 TDTCP - ok
    14:04:30.0625 8260 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:04:30.0625 8260 TermDD - ok
    14:04:30.0625 8260 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    14:04:30.0625 8260 TermService - ok
    14:04:30.0656 8260 tgsrvc_providercomcast - ok
    14:04:30.0671 8260 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    14:04:30.0671 8260 Themes - ok
    14:04:30.0703 8260 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    14:04:30.0703 8260 TlntSvr - ok
    14:04:30.0703 8260 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    14:04:30.0703 8260 TosIde - ok
    14:04:30.0718 8260 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    14:04:30.0718 8260 TrkWks - ok
    14:04:30.0750 8260 [ 228D8E60BC9C5238587B0BF1654EC580 ] U2SP C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys
    14:04:30.0765 8260 U2SP - ok
    14:04:30.0796 8260 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    14:04:30.0812 8260 Udfs - ok
    14:04:30.0859 8260 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    14:04:30.0859 8260 ultra - ok
    14:04:30.0890 8260 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    14:04:30.0890 8260 Update - ok
    14:04:30.0921 8260 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    14:04:30.0921 8260 upnphost - ok
    14:04:30.0937 8260 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    14:04:30.0953 8260 UPS - ok
    14:04:31.0000 8260 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
    14:04:31.0000 8260 USBAAPL - ok
    14:04:31.0046 8260 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    14:04:31.0046 8260 usbaudio - ok
    14:04:31.0234 8260 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    14:04:31.0234 8260 usbccgp - ok
    14:04:31.0687 8260 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:04:31.0687 8260 usbehci - ok
    14:04:31.0718 8260 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:04:31.0718 8260 usbhub - ok
    14:04:31.0750 8260 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    14:04:31.0750 8260 usbprint - ok
    14:04:31.0781 8260 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    14:04:31.0781 8260 usbscan - ok
    14:04:31.0796 8260 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:04:31.0796 8260 USBSTOR - ok
    14:04:31.0812 8260 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:04:31.0812 8260 usbuhci - ok
    14:04:31.0828 8260 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    14:04:31.0828 8260 VgaSave - ok
    14:04:31.0843 8260 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    14:04:31.0843 8260 viaagp - ok
    14:04:31.0843 8260 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    14:04:31.0843 8260 ViaIde - ok
    14:04:31.0859 8260 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    14:04:31.0859 8260 VolSnap - ok
    14:04:31.0921 8260 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    14:04:31.0921 8260 VSS - ok
    14:04:32.0750 8260 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    14:04:32.0765 8260 vToolbarUpdater14.2.0 - ok
    14:04:32.0796 8260 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
    14:04:32.0796 8260 w32time - ok
    14:04:32.0812 8260 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:04:32.0812 8260 Wanarp - ok
    14:04:32.0812 8260 WDICA - ok
    14:04:32.0812 8260 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    14:04:32.0812 8260 wdmaud - ok
    14:04:32.0843 8260 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    14:04:32.0843 8260 WebClient - ok
    14:04:32.0937 8260 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    14:04:32.0937 8260 winmgmt - ok
    14:04:32.0984 8260 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    14:04:33.0000 8260 WinRM - ok
    14:04:33.0750 8260 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    14:04:33.0765 8260 wlidsvc - ok
    14:04:33.0812 8260 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    14:04:33.0812 8260 WmdmPmSN - ok
    14:04:33.0843 8260 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    14:04:33.0843 8260 Wmi - ok
    14:04:33.0906 8260 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    14:04:33.0906 8260 WmiApSrv - ok
    14:04:34.0015 8260 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    14:04:34.0046 8260 WMPNetworkSvc - ok
    14:04:34.0609 8260 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    14:04:34.0609 8260 WpdUsb - ok
    14:04:34.0984 8260 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    14:04:35.0000 8260 WPFFontCache_v0400 - ok
    14:04:35.0125 8260 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
    14:04:35.0125 8260 WsAudio_DeviceS(1) - ok
    14:04:36.0203 8260 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
    14:04:36.0203 8260 WsAudio_DeviceS(2) - ok
    14:04:36.0968 8260 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
    14:04:36.0968 8260 WsAudio_DeviceS(3) - ok
    14:04:37.0000 8260 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
    14:04:37.0000 8260 WsAudio_DeviceS(4) - ok
    14:04:37.0015 8260 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
    14:04:37.0015 8260 WsAudio_DeviceS(5) - ok
    14:04:37.0015 8260 WSearch - ok
    14:04:37.0671 8260 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:04:37.0671 8260 WudfPf - ok
    14:04:37.0703 8260 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:04:37.0703 8260 WudfRd - ok
    14:04:37.0734 8260 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    14:04:37.0734 8260 WudfSvc - ok
    14:04:37.0781 8260 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    14:04:37.0781 8260 WZCSVC - ok
    14:04:37.0812 8260 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    14:04:37.0812 8260 xmlprov - ok
    14:04:37.0828 8260 ================ Scan global ===============================
    14:04:37.0843 8260 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    14:04:37.0859 8260 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    14:04:37.0875 8260 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    14:04:37.0890 8260 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    14:04:37.0890 8260 [Global] - ok
    14:04:37.0890 8260 ================ Scan MBR ==================================
    14:04:37.0906 8260 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    14:04:39.0328 8260 \Device\Harddisk0\DR0 - ok
    14:04:39.0328 8260 ================ Scan VBR ==================================
    14:04:39.0328 8260 [ 536390966BE0A4264A1A63917B62CF7A ] \Device\Harddisk0\DR0\Partition1
    14:04:39.0328 8260 \Device\Harddisk0\DR0\Partition1 - ok
    14:04:39.0328 8260 ============================================================
    14:04:39.0328 8260 Scan finished
    14:04:39.0328 8260 ============================================================
    14:04:39.0343 8252 Detected object count: 0
    14:04:39.0343 8252 Actual detected object count: 0


    Another symptom we noticed last night...even though the settings regarding the computer going to sleep after a prescribed length of time, it will not do so. It simply runs the screen saver all night long.


    I believe that when I ran the last program that you requested in the previsou post (ark) it said that there was a problem. Does it show a problem? I seem to recall it specifically saying root problem but then the fix that you recommended didn't find any problems.
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  7. loppy loo

    loppy loo Thread Starter

    Joined:
    Sep 4, 2005
    Messages:
    56
    Qucik question before i do that...Your instructions say to disable any anti-virus or running malware. At this moment we do no have an anti virus program on the computer. The one that we had wouldn't update (it's what caused us to notice something was wrong). We deleted that and tried to put in the avg anti-virus but, as noted in the first post, that would not install correctly. Should I attempt to download an anti-virus program again? Which one? And before or after the most recent step you want me to complete?
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    if you don't have an antivirus, then don't install one until we have finished cleaning this
     
  9. loppy loo

    loppy loo Thread Starter

    Joined:
    Sep 4, 2005
    Messages:
    56
    We have a problem. The scan shows that AVG Anti virus is still enabled but it is no longer on the computer that i can find. I also cannot get into my windows firewall settings in order to turn them off. Another issue: I was trashing an extra combo shortcut and my recycle bin said that it (the recycle bin) is corrupted
     
  10. loppy loo

    loppy loo Thread Starter

    Joined:
    Sep 4, 2005
    Messages:
    56
    I found an empty AVG folder but that never held the file that combo is flagging...combo is flagging avg 2012 and the empty folder in 2013. I just cannot find avg on the computer!!
     
  11. loppy loo

    loppy loo Thread Starter

    Joined:
    Sep 4, 2005
    Messages:
    56
    Here is the ComboFix Log:
    ComboFix 13-03-14.02 - user 03/14/2013 17:21:05.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2472 [GMT -7:00]
    Running from: c:\documents and settings\user\My Documents\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\user\Application Data\AD08BF
    c:\documents and settings\user\g2mdlhlpx.exe
    c:\recycler\S-1-5-18\$51ba853e5b45d88c790d317f7ea77799\@
    c:\recycler\S-1-5-18\$51ba853e5b45d88c790d317f7ea77799\n
    c:\recycler\S-1-5-21-3347537920-2091796509-3621764160-1006\$51ba853e5b45d88c790d317f7ea77799\n
    c:\windows\assembly\GAC\Desktop.ini
    c:\windows\SwSys1.bmp
    c:\windows\SwSys2.bmp
    c:\windows\system32\Cache
    c:\windows\system32\Cache\252948420dacff89.fb
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\b3d18181f86d956c.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\wininit.ini
    .
    c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-15 to 2013-03-15 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-14 01:01 . 2013-03-14 01:01 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Updater19962
    2013-03-14 01:01 . 2013-03-14 02:43 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Supreme Savings
    2013-02-27 21:29 . 2013-02-27 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
    2013-02-27 21:10 . 2013-02-27 21:16 -------- d-----w- c:\documents and settings\user\Adobe Acrobat XI Pro
    2013-02-27 21:06 . 2013-02-27 21:06 -------- d-----w- c:\documents and settings\user\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
    2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
    2013-02-13 23:29 . 2013-02-13 23:44 -------- d-----w- c:\program files\Cisco Systems
    2013-02-13 17:29 . 2013-02-13 17:29 -------- d-----w- c:\documents and settings\user\Application Data\RealNetworks
    2013-02-13 17:28 . 2013-02-13 17:28 -------- d-----w- c:\program files\RealNetworks
    2013-02-13 17:28 . 2013-02-13 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\RealNetworks
    2013-02-13 17:28 . 2013-02-13 17:28 -------- d-----w- c:\program files\Common Files\xing shared
    2013-02-13 17:16 . 2013-02-13 17:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-01 04:01 . 2012-04-04 23:30 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-03-01 04:01 . 2011-05-23 16:13 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-13 17:27 . 2009-01-28 12:53 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2013-02-13 17:27 . 2009-01-28 12:53 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2013-02-13 17:16 . 2012-06-26 23:38 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-02-13 17:16 . 2010-10-24 04:39 473520 ----a-w- c:\windows\system32\deployJava1.dll
    2013-02-05 20:05 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 20:05 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 20:05 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:53 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-31 19:24 . 2013-01-31 19:24 174592 ----a-w- c:\windows\system32\framedyn.dll
    2013-01-31 19:24 . 2009-07-29 14:15 122880 ----a-w- c:\windows\system32\jacob.dll
    2013-01-30 10:53 . 2010-03-29 05:27 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-26 03:55 . 2008-04-25 16:16 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-20 23:59 . 2012-03-21 03:44 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2013-01-07 01:32 . 2008-04-25 16:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:45 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:32 . 2008-04-25 16:16 1876224 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2008-04-25 16:16 1292288 ----a-w- c:\windows\system32\quartz.dll
    2013-01-02 06:49 . 2008-04-25 16:16 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2012-12-16 12:23 . 2008-04-25 16:16 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-15 00:49 . 2012-08-09 21:27 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-09 02:58 . 2013-03-09 02:57 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-28 39408]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-02-13 295072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNjM4MjI2NDQ3LUJBKzEtS1YzKzctWEwrMS1UNC1WNzg2KzEtRkwxMCsxLUxJQysyLUREVCs2NDQzOC1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMi1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEJOKzEtRjEwTTEyQisxLVRCVlVQRysxMi1GMTBNMTJGVCsxLVRCTisxLUYxME0xMlRBKzItVklQMTIrMS1GMTBNMTJSKzEtRjEwTTEyUjIrMQ&prod=90&ver=10.0.1424" [?]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
    backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Dropbox.lnk]
    backup=c:\windows\pss\Dropbox.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Legalsounds Download Manager.lnk]
    backup=c:\windows\pss\Legalsounds Download Manager.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8169Diag]
    2008-02-26 21:15 909312 ----a-w- c:\program files\Realtek\Diagnostics Utility\8169Diag.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2008-08-18 22:19 57344 ----a-w- c:\windows\ALCMTR.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
    2009-10-23 19:31 326144 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-11-28 22:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
    2008-01-08 16:28 864256 ------w- c:\program files\Brownie\BrStsWnd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2010-07-26 02:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
    2010-09-15 01:09 1213848 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-27 02:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2011-04-22 22:13 163328 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2008-07-20 22:45 182808 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2011-04-22 22:13 129536 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2006-09-11 09:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-12-12 21:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 17:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
    2010-01-19 19:48 323280 ----a-w- c:\program files\Napster\napster.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2008-05-23 19:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2011-04-22 22:12 138752 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2008-08-18 22:20 16806912 ----a-w- c:\windows\RTHDCPL.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2013-01-08 20:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-09-17 20:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-01-28 12:50 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2013-02-13 17:27 295072 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "stllssvr"=3 (0x3)
    "ose"=3 (0x3)
    "Lavasoft Ad-Aware Service"=2 (0x2)
    "idsvc"=3 (0x3)
    "IAANTMON"=2 (0x2)
    "gusvc"=3 (0x3)
    "gupdate1ca1075d1d2959c"=2 (0x2)
    "wlidsvc"=2 (0x2)
    "SeaPort"=2 (0x2)
    "fsssvc"=3 (0x3)
    "JavaQuickStarterService"=2 (0x2)
    "iWinTrusted"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "Amazon Download Agent"=3 (0x3)
    "Application Updater"=2 (0x2)
    "LiveUpdate"=3 (0x3)
    "IntuitUpdateService"=2 (0x2)
    "Microsoft Office Groove Audit Service"=3 (0x3)
    "gupdatem"=3 (0x3)
    "odserv"=3 (0x3)
    "BBUpdate"=2 (0x2)
    "BBSvc"=3 (0x3)
    "iPod Service"=3 (0x3)
    "IntuitUpdateServiceV4"=2 (0x2)
    "AdvancedSystemCareService5"=2 (0x2)
    "AdobeFlashPlayerUpdateSvc"=3 (0x3)
    "vToolbarUpdater13.2.0"=2 (0x2)
    "Secunia Update Agent"=2 (0x2)
    "Secunia PSI Agent"=2 (0x2)
    "MozillaMaintenance"=3 (0x3)
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [11/22/2012 12:37 PM 14776]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11/18/2012 5:33 PM 465216]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]
    R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [1/28/2009 5:45 AM 8960]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 9:31 PM 38608]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [11/26/2012 7:09 AM 1225312]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [11/26/2012 7:09 AM 659040]
    R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe [5/2/2008 12:40 PM 148768]
    R3 glancedrv;glancedrv;c:\windows\system32\drivers\glancedrv.sys [2/6/2010 4:26 PM 34080]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [1/28/2009 8:28 AM 116224]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
    S2 gupdate1ca1075d1d2959c;Google Update Service (gupdate1ca1075d1d2959c);c:\program files\Google\Update\GoogleUpdate.exe [7/29/2009 10:55 AM 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 1:55 PM 161536]
    S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.SYS [10/27/2004 2:05 PM 22144]
    S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [1/28/2009 5:45 AM 11264]
    S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [1/28/2009 5:45 AM 16640]
    S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [9/24/2010 2:26 PM 25704]
    S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [9/24/2010 2:26 PM 25704]
    S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [9/24/2010 2:26 PM 25704]
    S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [9/24/2010 2:26 PM 25704]
    S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [9/24/2010 2:26 PM 25704]
    S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [5/28/2010 2:46 PM 401920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-05 04:15 1630672 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
    .
    2013-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 17:55]
    .
    2013-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-29 17:55]
    .
    2013-03-14 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3347537920-2091796509-3621764160-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
    .
    2013-03-14 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3347537920-2091796509-3621764160-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
    .
    2013-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3347537920-2091796509-3621764160-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
    .
    2013-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3347537920-2091796509-3621764160-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
    .
    2013-03-14 c:\windows\Tasks\SmartDefragUpdate.job
    - c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2012-11-22 19:06]
    .
    2013-03-14 c:\windows\Tasks\SmartDefrag_Startup.job
    - c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2012-07-17 19:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://xfinity.comcast.net/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\uapxa64h.default-1343232836250\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/
    FF - ExtSQL: 2013-02-13 09:16; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
    FF - ExtSQL: 2013-02-13 09:28; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Notify-NavLogon - (no file)
    SafeBoot-MsMpSvc
    MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
    MSConfigStartUp-McAfee Managed Services Tray - c:\program files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe
    MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
    MSConfigStartUp-MVS Splash - c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe
    MSConfigStartUp-vProt - c:\program files\avg secure search\vprot.exe
    AddRemove-AVG Secure Search - c:\program files\AVG Secure Search\UNINSTALL.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-14 17:27
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @DACL=(02 0010)
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @DACL=(02 0010)
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @DACL=(02 0010)
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2013-03-14 17:30:27
    ComboFix-quarantined-files.txt 2013-03-15 00:30
    .
    Pre-Run: 388,895,133,696 bytes free
    Post-Run: 389,991,088,128 bytes free
    .
    - - End Of File - - CD7B417A74FCE93E761F37D819DE8F92

    It didn't do anything at all.
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    next to replace missing & damaged files
    go to start/run & type sfc /scannow < press enter>

    follow any prompts

    then reboot & tell us how it is & what problems you still have
     
  13. loppy loo

    loppy loo Thread Starter

    Joined:
    Sep 4, 2005
    Messages:
    56
    I am fairly certain that the issue is corrected. Here's what happened: I figured out how to get AVG off my computer entirely and then did that. Then I ran Combo and it didn't seem to fix anything but I was still having the issues (redirect and not being able to get into the windows firewall folder via the control panel). After Combo ran and I didn't have anything else to do we reinstalled AVG 2013 on the computer and ran a scan...nothing found. We decided to leave it alone for the night and then deal with it in the morning. The IT guy at my husband's company recommended circumventing windows all together via Kapersky Rescue Disk and I planned on doing that today after work. Last night in the middle of the night I got up and noticed that the computer was not in sleep mode (BTW, last night it did sleep and the previous night it wouldn't) which alarmed me. I also realized that the computer was not logged into the user that we usually use. Thirdly, there was a big old warning sign from AVG about a trojan backdoor virus being detected. What had happened is the computer had gone ahead with an automatic windows/microsoft update and restarted. At that point, magically (???), AVG found the virus. I woke up this morning and AVG had found 2 more. I am now able to get into the firewall controls through the Control Panel and have not had a redirect issue all day. So I would say that AVG finally found the problem and fixed it. Is there something that I should run to double check? Create another log where you had previously seen the baddies?
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1093007

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice