Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Redirects from search results

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser Redirects from search results

Unread postby Tunaheart » March 18th, 2013, 8:25 pm

Hi,

Having issues with browser redirects, tried several Anitvirus Programs, AVG and MAlware Bytes, Ad Aware no help

Here are requested Files, appreciate any help, I have no idea what the GetSavin program is but looks like it came in with the Powerpoint to PDF converter, which I have subsequently removed

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Chambers William at 20:08:19 on 2013-03-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2821 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
C:\Program Files\Lexmark Pro700 Series\ezprint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files\GoZone\GoZone_iSync.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxeecoms.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: GetSavin 5.0: {8F4014F2-80BD-4A29-8086-C413AFF5E42F} - c:\documents and settings\chambers william\local settings\application data\getsavin\ie\getsavin_1362348002.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: <No Name>: - LocalServer32 - <no file>
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - c:\program files\lexmark toolbar\toolband.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spyware Doctor] c:\documents and settings\chambers william\desktop\sdsetup_aff[1].exe -min
uRun: [Skype] c:\program files\skype\phone\Skype.exe /nosplash /minimized
uRun: [SplitCam] c:\program files\splitcam\SplitCam.exe /play
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Temp] rundll32 "c:\documents and settings\chambers william\local settings\application data\wal-mart music downloads\temp\pswro.dll",SCBB2_CreateTransformTablesW
uRun: [AROReminder] c:\program files\aro 2013\ARO.exe -rem
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinNT-EVI 03.07.2010)" -"http://selair.selkirk.bc.ca/Training/systems/Alsim-start.html"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [IPInSightMonitor 01] "c:\program files\earthlink totalaccess\fastlane2\IPMon32.exe"
mRun: [IPInSightLAN 01] "c:\program files\earthlink totalaccess\fastlane2\IPClient.exe" -l
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [lxeemon.exe] "c:\program files\lexmark pro700 series\lxeemon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro700 series\ezprint.exe"
mRun: [Lexmark Pro700 Series Fax Server] "c:\program files\lexmark pro700 series\fm3032.exe" /s
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [SearchProtection] c:\documents and settings\all users\application data\search protection\_run.bat
dRun: [Temp] rundll32 "c:\documents and settings\chambers william\local settings\application data\wal-mart music downloads\temp\pswro.dll",SCBB2_CreateTransformTablesW
dRunOnce: [IETI] c:\program files\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
StartupFolder: c:\docume~1\chambe~1\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\elsbla~1.lnk - c:\program files\earthlink\spamblocker\ELSBLaunch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\icatch~1.lnk - c:\windows\twain_32\ca561a\SnapDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: turbotax.com
Trusted Zone: vatsim.net
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 1407581734
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonW ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - hxxp://onbase.ci.palm-coast.fl.us//activex/OBXPopup.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{FB61D0CA-6788-4907-991E-AA05A8599CFF} : DHCPNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 35552]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-3-17 13560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-2 64288]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-8 33112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe -service --> c:\windows\system32\dlbccoms.exe -service [?]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1355968]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.2.0\ToolbarUpdater.exe [2013-2-28 968880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2011-7-29 193192]
S3 PAC207;Basic Webcam;c:\windows\system32\drivers\PFC027.SYS [2008-2-13 618112]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-03-17 14:05:12 -------- d-----w- c:\documents and settings\chambers william\local settings\application data\adawarebp
2013-03-17 13:03:54 -------- d-----w- c:\documents and settings\chambers william\application data\LavasoftStatistics
2013-03-17 13:02:29 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations
2013-03-17 13:02:25 -------- d-----w- c:\documents and settings\all users\application data\Search Protection
2013-03-17 13:02:24 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2013-03-17 13:02:24 -------- d-----w- c:\documents and settings\all users\application data\adawaretb
2013-03-17 13:02:24 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2013-03-17 13:02:19 -------- d-----w- c:\program files\Toolbar Cleaner
2013-03-17 13:02:18 -------- d-----w- c:\documents and settings\chambers william\application data\SecureSearch
2013-03-17 13:02:15 -------- d-----w- c:\documents and settings\chambers william\application data\adawaretb
2013-03-17 13:02:14 -------- d-----w- c:\program files\adawaretb
2013-03-17 13:00:42 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-03-17 13:00:42 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-03-17 02:05:05 -------- d-----w- c:\documents and settings\chambers william\application data\Sammsoft
2013-03-16 23:57:33 -------- d-----w- c:\documents and settings\chambers william\local settings\application data\WinZip
2013-03-16 22:56:46 -------- d-----w- c:\documents and settings\chambers william\local settings\application data\Aurigma
2013-03-12 21:44:08 15859416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-03 22:13:11 -------- d-----w- C:\Output
2013-03-03 22:08:46 -------- d-----w- c:\program files\PowerPoint-PPT to Pdf Converter
2013-03-03 22:08:01 -------- d-----w- c:\documents and settings\chambers william\local settings\application data\getsavin
.
==================== Find3M ====================
.
2013-03-12 21:44:18 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-12 21:44:18 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-28 23:10:34 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-02-01 00:58:04 60304 ----a-w- c:\documents and settings\chambers william\g2mdlhlpx.exe
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 20:09:53.10 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/21/2007 3:29:22 PM
System Uptime: 3/18/2013 7:37:59 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0F8096
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 4.923 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1292: 12/21/2012 7:35:22 PM - System Checkpoint
RP1293: 12/29/2012 11:51:56 AM - System Checkpoint
RP1294: 12/31/2012 11:52:37 AM - System Checkpoint
RP1295: 1/2/2013 1:04:53 PM - System Checkpoint
RP1296: 1/3/2013 4:57:14 PM - System Checkpoint
RP1297: 1/5/2013 11:01:31 AM - Software Distribution Service 3.0
RP1298: 1/7/2013 7:52:01 PM - System Checkpoint
RP1299: 1/8/2013 8:19:40 PM - System Checkpoint
RP1300: 1/10/2013 7:19:14 PM - System Checkpoint
RP1301: 1/25/2013 11:36:16 AM - System Checkpoint
RP1302: 1/26/2013 10:24:11 AM - Installed TurboTax 2012 wrapper
RP1303: 1/30/2013 8:10:46 PM - System Checkpoint
RP1304: 1/30/2013 8:17:12 PM - Software Distribution Service 3.0
RP1305: 2/1/2013 6:43:34 PM - System Checkpoint
RP1306: 2/3/2013 11:59:29 AM - System Checkpoint
RP1307: 2/6/2013 6:24:32 PM - System Checkpoint
RP1308: 2/7/2013 8:50:31 PM - System Checkpoint
RP1309: 2/10/2013 6:30:19 PM - System Checkpoint
RP1310: 2/13/2013 7:46:05 PM - System Checkpoint
RP1311: 3/2/2013 1:41:02 PM - System Checkpoint
RP1312: 3/3/2013 5:08:55 PM - Printer Driver TinyPDF Installed
RP1313: 3/10/2013 9:46:33 PM - System Checkpoint
RP1314: 3/15/2013 8:20:02 AM - System Checkpoint
RP1315: 3/16/2013 6:58:53 PM - Restore Operation
RP1316: 3/16/2013 7:02:48 PM - Restore Operation
RP1317: 3/16/2013 7:49:05 PM - Removed WinZip 16.5
RP1318: 3/16/2013 10:36:04 PM - ARO 2013- Before One Click
RP1319: 3/17/2013 10:35:29 AM - Installed Microsoft Fix it 50267
RP1320: 3/17/2013 10:52:28 AM - Restore Operation
RP1321: 3/17/2013 10:55:35 AM - Restore Operation
RP1322: 3/17/2013 10:59:07 AM - Restore Operation
RP1323: 3/17/2013 11:03:31 AM - Restore Operation
RP1324: 3/17/2013 11:06:04 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Ad-Aware
Ad-Aware Email Scanner for Outlook
Ad-Aware Security Add-on
ADDS Flight Path Tool
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Reader 8.3.1
Adobe Shockwave Player
AOPA's Airport eDirectory
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2013
AVG Security Toolbar
BabySmash!
Basic Webcam
Bonjour
Broadcom Advanced Control Suite
calibre
Compatibility Pack for the 2007 Office system
COMPSYS21
Critical Update for Windows Media Player 11 (KB959772)
Deal Info
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 8.1.7.8 (17/04/2012) Qt
EarthLink FastLane
EarthLink spamBlocker Add-On
ERUNT 1.1j
EzTrends
GARMIN 400 Series Trainer
Garmin MetroGuide North America v8
GetSavin
Golden Eagle FlightPrep 2007
Golden Eagle FlightPrep 5.1
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 5.3.0.977
GoZone iSync
GroundSchool - Instrument Rating (IFR)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ICatch (VI) PC Camera
Intel(R) Graphics Media Accelerator Driver
iPod for Windows 2006-03-23
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 31
K-Lite Codec Pack 3.4.5 Full
Kate's Video Splitter 7.0
Lexmark Pro700 Series
Lexmark Toolbar
Lexmark Tools for Office
Malwarebytes Anti-Malware version 1.70.0.1100
Micro Webcam
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
PFCExpress by AT&W Technologies
Picasa 3
PowerDVD 5.9
QuickTime
RealPlayer
RipIt4Me
SAMSUNG USB Driver for Mobile Phones
Savings Bond Wizard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype web features
Smart Installer
Spybot - Search & Destroy
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
V CAST Music with Rhapsody
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Walmart MP3 Music Downloads
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinZip 17.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Detect
Yahoo! Internet Mail
Yahoo! Messenger
YTD YouTube Downloader & Converter 3.7
.
==== Event Viewer Messages From Past Week ========
.
3/17/2013 9:02:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/17/2013 8:02:51 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
3/17/2013 5:45:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/17/2013 5:39:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/16/2013 9:31:03 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 AVGIDSDriver AVGIDSShim Avgldx86 Fips intelppm
3/16/2013 7:43:46 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService service to connect.
3/16/2013 7:43:46 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
3/16/2013 7:43:46 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
3/16/2013 7:43:46 PM, error: Service Control Manager [7000] - The lxeeCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/16/2013 6:54:23 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/16/2013 6:52:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 AVGIDSDriver AVGIDSShim Avgldx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
3/16/2013 6:52:04 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2013 6:52:04 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2013 6:52:04 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2013 6:52:04 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2013 6:52:04 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2013 6:52:04 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2013 6:52:04 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/16/2013 12:33:37 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
3/16/2013 12:33:23 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/16/2013 12:31:16 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Print Spooler service, but this action failed with the following error: An instance of the service is already running.
3/16/2013 12:30:16 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/16/2013 10:18:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
.
==== End Of File ===========================
Tunaheart
Regular Member
 
Posts: 23
Joined: March 18th, 2013, 3:45 pm
Advertisement
Register to Remove

Re: Browser Redirects from search results

Unread postby askey127 » March 19th, 2013, 7:22 am

Looking at your logs.
Be back soon.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser Redirects from search results

Unread postby askey127 » March 19th, 2013, 7:30 am

Hi Tunaheart,
Do you use Yahoo messenger or Yahoo mail?
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Ad-Aware
Ad-Aware Email Scanner for Outlook
Ad-Aware Security Add-on
Adobe Reader 8.3.1
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 31

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-------------------------------------------------------------
AdwCleaner Download
Please download AdwCleaner from HERE and save it to your desktop or somewhere you can find it.
-------------------------------------------------------------
AdwCleaner Removals
  • Close all open programs and internet browsers.
  • Double click to Start AdwCleaner.
  • Click on the Delete button.
  • Click OK to the prompts.
  • Your computer will be rebooted automatically. A log will open after the restart.
  • Post the contents of the log in your next reply.
You can also find the log in the main directory of the C: drive as C:\AdwCleaner[S1].txt
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the OTL icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the log from AdwCleaner, and the twp logs from OTL.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Browser Redirects from search results

Unread postby Tunaheart » March 19th, 2013, 9:24 am

Hi,

Thanks for the help, Yes I have used Yahoo messenger from time to time, no Yahoo mail though

Ill post the requested info later today after work

Thanks Again

Cheers
Tunaheart
Regular Member
 
Posts: 23
Joined: March 18th, 2013, 3:45 pm

Adwcleaner results

Unread postby Tunaheart » March 19th, 2013, 7:09 pm

# AdwCleaner v2.115 - Logfile created 03/19/2013 at 19:02:43
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Chambers William - 51WELLINGOFFICE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Chambers William\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\END
Folder Deleted : C:\DOCUME~1\CHAMBE~1\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Chambers William\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Chambers William\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\GreenTree Applications
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Documents and Settings\Chambers William\Application Data\Mozilla\Firefox\Profiles\yuur66od.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Chambers William\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6488 octets] - [19/03/2013 19:02:43]

########## EOF - C:\AdwCleaner[S1].txt - [6548 octets] ##########
Tunaheart
Regular Member
 
Posts: 23
Joined: March 18th, 2013, 3:45 pm

OTL Scan Complete with a query

Unread postby Tunaheart » March 19th, 2013, 7:36 pm

I just finished the OTL scan, when I opened the IE browser window I got the following alert from AVG

Detection name: Unknown
Description: C:\WINDOWS\system32\rundll32.exe
severity: Medium
state: infected
source: Identity Protection
Date: 3/19/2013, 7:24:53


I'll send the OTL and Extras results in the next post
Tunaheart
Regular Member
 
Posts: 23
Joined: March 18th, 2013, 3:45 pm

OTL & Extras SCan Results

Unread postby Tunaheart » March 19th, 2013, 7:38 pm

OTL logfile created on: 3/19/2013 7:12:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Chambers William\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 3.05 Gb Available Physical Memory | 87.39% Memory free
4.82 Gb Paging File | 4.41 Gb Available in Paging File | 91.45% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 5.51 Gb Free Space | 7.41% Space Free | Partition Type: NTFS

Computer Name: 51WELLINGOFFICE | User Name: Chambers William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/19 19:12:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chambers William\Desktop\OTL.exe
PRC - [2013/01/29 17:00:00 | 000,685,936 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 05:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 14:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 14:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 14:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/07/29 11:12:40 | 000,431,608 | ---- | M] (Virgin HealthMiles Inc.) -- C:\Program Files\GoZone\GoZone_iSync.exe
PRC - [2011/01/23 19:37:02 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\ezprint.exe
PRC - [2011/01/23 19:37:00 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
PRC - [2010/04/14 14:01:23 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeecoms.exe
PRC - [2009/09/16 19:31:35 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2007/02/07 16:26:52 | 000,538,096 | ---- | M] ( ) -- C:\WINDOWS\system32\dlbccoms.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/10/05 11:19:12 | 000,040,960 | ---- | M] () -- C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
PRC - [2002/10/11 14:32:30 | 000,065,536 | ---- | M] () -- C:\WINDOWS\twain_32\ca561a\SnapDetect.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/17 11:21:40 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll
MOD - [2013/03/17 11:13:13 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
MOD - [2013/01/31 20:02:24 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll
MOD - [2013/01/31 20:02:20 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll
MOD - [2013/01/31 20:02:19 | 000,646,656 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll
MOD - [2013/01/30 21:43:01 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013/01/30 21:42:48 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll
MOD - [2013/01/30 21:42:30 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013/01/30 21:42:18 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
MOD - [2013/01/30 21:42:11 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
MOD - [2013/01/30 21:41:49 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013/01/30 21:41:34 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011/01/23 19:37:02 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\ezprint.exe
MOD - [2011/01/23 19:37:00 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeedrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeescw.dll
MOD - [2009/11/26 01:08:23 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LXEEPMON.DLL
MOD - [2009/11/26 01:07:23 | 000,032,768 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\ipcmt.dll
MOD - [2009/11/04 08:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeedrpp.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeedatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeecaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeeptp.dll
MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\LXEEsmr.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXEEsm.dll
MOD - [2009/01/13 08:15:12 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXEEoem.dll
MOD - [2007/01/31 22:11:52 | 000,102,400 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbcpp5c.dll
MOD - [2004/10/05 11:19:12 | 000,040,960 | ---- | M] () -- C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
MOD - [2004/10/05 11:19:10 | 000,172,032 | ---- | M] () -- C:\Program Files\EarthLink\spamBlocker\ELSBOEHook.dll
MOD - [2002/10/11 14:32:30 | 000,065,536 | ---- | M] () -- C:\WINDOWS\twain_32\ca561a\SnapDetect.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/03/12 17:44:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/14 14:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeecoms.exe -- (lxee_device)
SRV - [2010/04/14 14:01:11 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2007/02/07 16:26:52 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dlbccoms.exe -- (dlbc_device)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\splitcam.sys -- (SPLITCAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Unknown] -- -- (IPVNMon)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/03/17 09:00:42 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/02/28 19:10:34 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/16 00:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 14:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 04:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/07/02 21:20:41 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008/06/18 11:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2005/04/01 10:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..\SearchScopes\{6F62BF60-4AEC-4446-8470-89847A139943}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found


[2013/03/19 18:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chambers William\Application Data\Mozilla\Firefox\Profiles\yuur66od.default\extensions
[2012/04/18 20:24:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Chambers William\Application Data\Mozilla\Firefox\Profiles\yuur66od.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2004/08/04 06:00:00 | 000,004,816 | ---- | M] () (No name found) -- C:\Documents and Settings\Chambers William\Application Data\Mozilla\Firefox\Profiles\yuur66od.default\extensions\ycahqkvqjz@ycahqkvqjz.org.xpi

========== Chrome ==========

CHR - default_search_provider: EarthLink ()
CHR - default_search_provider: search_url = http://eimg.net/sw/toolbar/4/2/rd601.ht ... archbox&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://securesearch.lavasoft.com/?sourc ... 5145BED77D
CHR - homepage: http://securesearch.lavasoft.com/?sourc ... 5145BED77D

O1 HOSTS File: ([2013/03/17 19:39:51 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro700 Series\ezprint.exe ()
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe ()
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe ()
O4 - HKLM..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Lexmark Pro700 Series Fax Server] C:\Program Files\Lexmark Pro700 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxeemon.exe] C:\Program Files\Lexmark Pro700 Series\lxeemon.exe ()
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SearchProtection] C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Temp] C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll (SEC)
O4 - HKU\S-1-5-18..\Run: [Temp] C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll (SEC)
O4 - HKU\S-1-5-19..\Run: [Temp] C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll (SEC)
O4 - HKU\S-1-5-20..\Run: [Temp] C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll (SEC)
O4 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005..\Run: [AROReminder] C:\Program Files\ARO 2013\ARO.exe -rem File not found
O4 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized File not found
O4 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005..\Run: [SplitCam] C:\Program Files\SplitCam\SplitCam.exe /play File not found
O4 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005..\Run: [Spyware Doctor] C:\Documents and Settings\Chambers William\Desktop\sdsetup_aff[1].exe -min File not found
O4 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005..\Run: [Temp] C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll (SEC)
O4 - HKU\.DEFAULT..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART File not found
O4 - HKU\S-1-5-18..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART File not found
O4 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinNT-EVI 03.07.2010)" -"http://selair.selkirk.bc.ca/Training/systems/Alsim-start.html" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Chambers William\Start Menu\Programs\StartUp\GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O15 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..Trusted Domains: navyfcu.org ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..Trusted Domains: vatsim.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..Trusted Domains: xpressdeposit.com ([nfcu] https in Trusted sites)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (ILINCInstall102 Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1407581734 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonW ... ontrol.cab (Verizon Wireless Media Upload)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://www.installengine.com/engine/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} http://onbase.ci.palm-coast.fl.us//activex/OBXPopup.cab (OBXPopupBlockerAssistant Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB61D0CA-6788-4907-991E-AA05A8599CFF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chambers William\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chambers William\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2a4d3e6f-0daf-11e1-b09c-0014223bae41}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4d3e6f-0daf-11e1-b09c-0014223bae41}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4d3e6f-0daf-11e1-b09c-0014223bae41}\Shell\AutoRun\command - "" = J:\TLBootstrap_WPP.exe
O33 - MountPoints2\{4f8f8362-3bd1-11dc-b093-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f8f8362-3bd1-11dc-b093-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f8f8362-3bd1-11dc-b093-806d6172696f}\Shell\AutoRun\command - "" = D:\SetupMG.exe
O33 - MountPoints2\{51b24cda-bae6-11dc-b6ce-0014223bae41}\Shell\AutoRun\command - "" = J:\RCAMemoryMgr.exe
O33 - MountPoints2\{51b24cda-bae6-11dc-b6ce-0014223bae41}\Shell\Manage your videos\command - "" = J:\RCAMemoryMgr.exe
O33 - MountPoints2\{f8d11ec4-e1d1-11de-b03a-0014223bae41}\Shell\AutoRun\command - "" = I:\asfocineLKNSD45835dsklnsdd8ssknfldk23nlekwqndlskanflckn324235wlskdn\asflkn434efodknzalknel2k3nqwdaslfe0ihreoitk\iexplorer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/19 18:51:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/18 20:53:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chambers William\Desktop\OTL.exe
[2013/03/18 20:08:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Chambers William\Desktop\dds.scr
[2013/03/18 19:59:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/03/18 19:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/03/18 19:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/03/17 09:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Application Data\LavasoftStatistics
[2013/03/17 09:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/03/17 09:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Application Data\SecureSearch
[2013/03/17 09:00:42 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/03/17 09:00:42 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/03/16 22:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Application Data\Sammsoft
[2013/03/16 19:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Desktop\mbar
[2013/03/16 19:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\WinZip
[2013/03/16 19:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2013/03/16 19:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/03/16 19:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/03/16 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\Aurigma
[2013/03/12 17:44:08 | 015,859,416 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/09 16:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/03/03 18:13:11 | 000,000,000 | ---D | C] -- C:\Output
[2013/03/03 18:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPoint-PPT to Pdf Converter
[2013/03/03 17:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Desktop\(60-61)Rotodome Antenna Group and RMS 1-31-12
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/19 19:12:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chambers William\Desktop\OTL.exe
[2013/03/19 19:05:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/19 19:05:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/19 19:05:03 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2013/03/19 19:04:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/19 19:04:57 | 3747,753,984 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/19 19:01:51 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\Chambers William\Desktop\adwcleaner.exe
[2013/03/19 18:49:37 | 000,000,105 | ---- | M] () -- C:\prefs.js
[2013/03/19 18:43:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/18 20:31:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/18 20:08:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Chambers William\Desktop\dds.scr
[2013/03/18 19:58:35 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Chambers William\Desktop\NTREGOPT.lnk
[2013/03/18 19:58:35 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Chambers William\Desktop\ERUNT.lnk
[2013/03/18 19:38:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2013/03/18 19:37:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/03/17 19:39:51 | 000,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/17 17:07:51 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/17 11:24:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/17 11:11:24 | 000,483,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/17 11:11:24 | 000,080,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/17 09:00:42 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/03/17 09:00:42 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/03/16 19:56:42 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2013/03/16 19:56:42 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/03/16 19:46:22 | 013,786,977 | ---- | M] () -- C:\Documents and Settings\Chambers William\Desktop\mbar-1.01.0.1021.zip
[2013/03/16 12:44:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/14 19:15:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/12 17:44:18 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/12 17:44:18 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/12 17:44:08 | 015,859,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/28 22:33:07 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/02/28 19:10:34 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/19 19:01:51 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\Chambers William\Desktop\adwcleaner.exe
[2013/03/19 18:49:37 | 000,000,105 | ---- | C] () -- C:\prefs.js
[2013/03/18 19:58:35 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Chambers William\Desktop\NTREGOPT.lnk
[2013/03/18 19:58:35 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chambers William\Desktop\ERUNT.lnk
[2013/03/17 18:11:32 | 3747,753,984 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/16 19:56:42 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2013/03/16 19:56:36 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/03/16 19:46:22 | 013,786,977 | ---- | C] () -- C:\Documents and Settings\Chambers William\Desktop\mbar-1.01.0.1021.zip
[2013/03/16 12:44:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/26 12:16:27 | 000,637,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2444304784-286345585-3085264512-1005-0.dat
[2013/01/26 12:16:26 | 000,143,482 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/26 11:25:21 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/08/27 00:51:35 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2012/08/27 00:51:35 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2012/08/27 00:51:35 | 000,000,180 | ---- | C] () -- C:\WINDOWS\ap561.ini
[2012/08/27 00:51:35 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2012/08/12 06:57:44 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\dt.dat
[2012/04/18 21:13:17 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/04/18 21:13:15 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/04/18 21:13:15 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2012/04/18 21:13:15 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/04/18 21:13:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2012/04/18 21:13:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/03/30 23:22:48 | 000,000,316 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2012/02/17 16:21:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/25 01:13:54 | 000,011,884 | -HS- | C] () -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\13732673a7a4
[2011/12/25 01:13:54 | 000,011,884 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\13732673a7a4
[2011/09/18 20:51:54 | 000,129,024 | ---- | C] () -- C:\Documents and Settings\Chambers William\metadata.db
[2011/07/29 22:26:40 | 000,002,212 | ---- | C] () -- C:\WINDOWS\spca561.ini
[2011/07/29 15:47:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeevs.dll
[2011/07/29 15:47:41 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecoin.dll
[2011/07/29 15:47:31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeecuir.dll
[2011/07/29 15:47:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeegcfg.dll
[2011/07/29 15:47:30 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeecui.dll
[2011/07/29 15:46:29 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXEEPMON.DLL
[2011/07/29 15:46:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXEEFXPU.DLL
[2011/07/29 15:46:09 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEEoem.dll
[2011/07/29 15:44:13 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEEhcp.dll
[2011/07/29 15:44:13 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEEinst.dll
[2011/07/29 15:44:12 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeusb1.dll
[2011/07/29 15:44:12 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeinpa.dll
[2011/07/29 15:44:12 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeiesc.dll
[2011/07/29 15:44:11 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeserv.dll
[2011/07/29 15:44:11 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeepmui.dll
[2011/07/29 15:44:10 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeelmpm.dll
[2011/07/29 15:44:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeejswr.dll
[2011/07/29 15:44:09 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeih.exe
[2011/07/29 15:44:09 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeeins.dll
[2011/07/29 15:44:09 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeeinsb.dll
[2011/07/29 15:44:09 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxeeinsr.dll
[2011/07/29 15:44:08 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeehbn3.dll
[2011/07/29 15:44:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeegrd.dll
[2011/07/29 15:44:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeecub.dll
[2011/07/29 15:44:07 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecoms.exe
[2011/07/29 15:44:07 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeecu.dll
[2011/07/29 15:44:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeecur.dll
[2011/07/29 15:44:06 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecomc.dll
[2011/07/29 15:44:06 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecomm.dll
[2011/07/29 15:44:05 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecfg.exe
[2011/07/29 15:40:34 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEEsmr.dll
[2011/07/29 15:40:32 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEEsm.dll
[2011/05/28 21:56:46 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\fusioncache.dat
[2011/05/27 14:52:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\Download.INI
[2011/03/22 22:23:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18210612r
[2011/03/22 22:23:27 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18210612
[2011/03/22 22:23:00 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18210612
[2010/02/25 19:51:53 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Chambers William\g2mdlhlpx.exe
[2009/12/26 12:00:38 | 000,000,486 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/09/13 10:01:46 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Chambers William\webct_upload_applet.properties
[2009/09/09 18:06:19 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Chambers William\Application Data\mcs.rma
[2009/09/09 18:06:19 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Chambers William\Application Data\68BB2D
[2009/09/05 11:22:44 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\d3d9caps.dat
[2007/05/20 17:02:00 | 000,003,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/29 16:04:46 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/17 18:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sammsoft
[2013/02/07 22:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/10/08 18:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/03/30 18:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 17:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/17 09:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/04/27 20:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2010/10/30 19:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlightPrep
[2011/09/18 19:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro700 Series
[2013/03/19 18:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/29 15:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pro700 Series
[2011/11/13 00:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/04/18 21:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/05 19:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2013/03/16 19:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/06/09 20:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter
[2009/04/05 13:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/08/27 17:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/21 22:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/08/16 17:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\Ad-Aware Antivirus
[2012/03/11 12:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\Amazon
[2012/06/09 21:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\Audacity
[2012/10/08 18:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\AVG2013
[2010/12/27 13:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\calibre
[2012/04/18 21:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\DVDVideoSoft
[2008/12/06 15:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\EarthLink
[2012/10/13 22:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\ElevatedDiagnostics
[2011/07/30 10:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\Pro700 Series
[2012/05/13 22:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\RipIt4Me
[2013/03/16 22:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\Sammsoft
[2013/03/17 09:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\SecureSearch
[2010/07/04 15:30:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chambers William\Application Data\SoundSpectrum
[2012/10/08 18:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\TuneUp Software
[2010/11/04 19:01:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chambers William\Application Data\webex
[2012/10/13 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2008/06/05 19:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\EarthLink

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2008/06/05 17:09:21 | 000,000,152 | ---- | M] ()(C:\WINDOWS\System32\???????????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䕜牡桴楌歮䕜牡桴楌歮倠潲整瑣潩潃瑮潲敃瑮牥卜湡屡潃普杩塜楖睥挮湯楦g
[2008/06/05 17:09:21 | 000,000,152 | ---- | C] ()(C:\WINDOWS\System32\???????????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䕜牡桴楌歮䕜牡桴楌歮倠潲整瑣潩潃瑮潲敃瑮牥卜湡屡潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4240575B

< End of report >


OTL Extras logfile created on: 3/19/2013 7:12:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Chambers William\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 3.05 Gb Available Physical Memory | 87.39% Memory free
4.82 Gb Paging File | 4.41 Gb Available in Paging File | 91.45% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 5.51 Gb Free Space | 7.41% Space Free | Partition Type: NTFS

Computer Name: 51WELLINGOFFICE | User Name: Chambers William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2444304784-286345585-3085264512-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE" = C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE
"C:\Program Files\Real\realplayer\realplay.exe" = C:\Program Files\Real\realplayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\dlbccoms.exe" = C:\WINDOWS\system32\dlbccoms.exe:*:Enabled:Photo Printer 720 Server -- ( )
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Microsoft Games\FS2002\fs2002.exe" = C:\Program Files\Microsoft Games\FS2002\fs2002.exe:*:Enabled:Microsoft Flight Simulator Module -- (Microsoft Corporation)
"C:\Program Files\SquawkBox\squawkbox_fs.exe" = C:\Program Files\SquawkBox\squawkbox_fs.exe:*:Enabled:SquawkBox (for Flight Simulator 2002 and 2004)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\SquawkBox3\squawkbox.exe" = C:\Program Files\SquawkBox3\squawkbox.exe:*:Enabled:squawkbox.exe
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\WINDOWS\system32\lxeecoms.exe" = C:\WINDOWS\system32\lxeecoms.exe:*:Enabled:Pro700 Series Server -- ( )
"C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe" = C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{2B5DACE9-662B-415B-8C83-6C79B988CFC0}" = Golden Eagle FlightPrep 2007
"{3284FB04-8EEA-49D5-ACC2-2AB7B8845EE0}" = Deal Info
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AD8A37-8ECE-4E97-A34E-B15BFEF0E2F2}" = Basic Webcam
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0ED490-BFAB-46F8-9AFB-0DAE0C90AC9E}" = calibre
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45EF1D41-FAC7-4204-A0B1-D9F05E0C7DB6}" = EarthLink spamBlocker Add-On
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{6F8CBBFB-7986-4140-91EC-D8C7F1EC8DF3}" = AVG 2013
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{868BF461-CFF9-4228-B52D-842FF59001D3}" = Micro Webcam
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8BC47D4C-5091-4187-8DAA-B6F7F39E44B7}" = AOPA's Airport eDirectory
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A7EAAB60-854F-43E4-997B-DF0ADC44158F}" = EzTrends
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4AC94AE-A5CE-4BB5-897C-E45E558F3277}" = Golden Eagle FlightPrep 5.1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BD33CD92-3A42-4CE1-ADDE-A9B64CFFF24D}" = EarthLink FastLane
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D218E98E-84ED-4EB8-8DCD-529B74364027}" = Garmin MetroGuide North America v8
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1362843-0E0E-4F74-8662-724CF101ADCE}" = Skype web features
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = ICatch (VI) PC Camera
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG" = AVG 2013
"Digital Editions" = Adobe Digital Editions
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"ERUNT_is1" = ERUNT 1.1j
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"GARMIN 400 Series Trainer" = GARMIN 400 Series Trainer
"GoZone iSync" = GoZone iSync
"GroundSchool - Instrument Rating (IFR)_is1" = GroundSchool - Instrument Rating (IFR)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{2B5DACE9-662B-415B-8C83-6C79B988CFC0}" = Golden Eagle FlightPrep 2007
"InstallShield_{35AD8A37-8ECE-4E97-A34E-B15BFEF0E2F2}" = Basic Webcam
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.5 Full
"Lexmark Pro700 Series" = Lexmark Pro700 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PFCExpress" = PFCExpress by AT&W Technologies
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"RipIt4Me" = RipIt4Me
"Savings Bond Wizard" = Savings Bond Wizard
"SmartInstaller" = Smart Installer
"ST6UNST #1" = COMPSYS21
"TurboTax 2010" = TurboTax 2010
"TurboTax 2012" = TurboTax 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"VideoSplitter_is1" = Kate's Video Splitter 7.0
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2444304784-286345585-3085264512-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ADDS Flight Path Tool" = ADDS Flight Path Tool
"f9598aeafb0efd18" = BabySmash!
"GoToMeeting" = GoToMeeting 5.3.0.977

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/17/2013 10:18:09 AM | Computer Name = 51WELLINGOFFICE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module pswro.dll, version 0.5.2.0, fault address 0x00001230.

Error - 3/17/2013 10:18:13 AM | Computer Name = 51WELLINGOFFICE | Source = Application Error | ID = 1001
Description = Fault bucket -823315221.

Error - 3/17/2013 10:41:19 AM | Computer Name = 51WELLINGOFFICE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module pswro.dll, version 0.5.2.0, fault address 0x00001230.

Error - 3/17/2013 10:41:24 AM | Computer Name = 51WELLINGOFFICE | Source = Application Error | ID = 1001
Description = Fault bucket -823315221.

Error - 3/17/2013 6:08:18 PM | Computer Name = 51WELLINGOFFICE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/17/2013 6:08:18 PM | Computer Name = 51WELLINGOFFICE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/17/2013 6:19:45 PM | Computer Name = 51WELLINGOFFICE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module pswro.dll, version 0.5.2.0, fault address 0x00001230.

Error - 3/17/2013 6:19:49 PM | Computer Name = 51WELLINGOFFICE | Source = Application Error | ID = 1001
Description = Fault bucket -823315221.

Error - 3/17/2013 8:20:19 PM | Computer Name = 51WELLINGOFFICE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module pswro.dll, version 0.5.2.0, fault address 0x00001230.

Error - 3/17/2013 8:24:43 PM | Computer Name = 51WELLINGOFFICE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module pswro.dll, version 0.5.2.0, fault address 0x00001230.

[ System Events ]
Error - 3/19/2013 6:59:35 PM | Computer Name = 51WELLINGOFFICE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService
service to connect.

Error - 3/19/2013 6:59:35 PM | Computer Name = 51WELLINGOFFICE | Source = Service Control Manager | ID = 7000
Description = The lxeeCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 3/19/2013 6:59:35 PM | Computer Name = 51WELLINGOFFICE | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 3/19/2013 7:05:27 PM | Computer Name = 51WELLINGOFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPod Service
with arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 3/19/2013 7:05:44 PM | Computer Name = 51WELLINGOFFICE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 3/19/2013 7:05:44 PM | Computer Name = 51WELLINGOFFICE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxeeCATSCustConnectService
service to connect.

Error - 3/19/2013 7:05:44 PM | Computer Name = 51WELLINGOFFICE | Source = Service Control Manager | ID = 7000
Description = The lxeeCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 3/19/2013 7:05:44 PM | Computer Name = 51WELLINGOFFICE | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 3/19/2013 7:05:44 PM | Computer Name = 51WELLINGOFFICE | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 3/19/2013 7:05:44 PM | Computer Name = 51WELLINGOFFICE | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
error: %%2


< End of report >
Tunaheart
Regular Member
 
Posts: 23
Joined: March 18th, 2013, 3:45 pm

Re: Browser Redirects from search results

Unread postby askey127 » March 19th, 2013, 8:46 pm

Tunaheart,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005..\Run: [AROReminder] C:\Program Files\ARO 2013\ARO.exe -rem File not found
    O4 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005..\Run: [Spyware Doctor] C:\Documents and Settings\Chambers William\Desktop\sdsetup_aff[1].exe -min File not found
    O4 - HKU\.DEFAULT..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART File not found
    O4 - HKU\S-1-5-18..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART File not found
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4240575B
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash]
    [Reboot] 
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    The FIX log file will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
-----------------------------------------------------------
Insufficient Free Space on Hard Drive C:
You have a fairly severe emergency having to do with available space on your hard Drive.
Windows needs about 15% of the drive free to run properly. (in your case, about 10Gb)
You need to remove some files by burning them to CD/DVD, transferring to another storage device, and/or just deleting them.
If you have a large music, photo or video collection stored on the C: drive, consider trimming it down or storing some of the collection elsewhere.
We can take a few steps to improve things a little bit:
-----------------------------------------------------------
Reduce Recycle Bin Size
Right Click the Recycle Bin and choose Properties
In the Global tab, move the slider to the left so it shows 2% Maximum Size of Recycle Bin, click Apply and OK.
-------------------------------------------------------
Set System Restore Disk Usage
Go to Start, Settings, Control Panel or Start, Control Panel and double click on System
Click the System Restore tab. It will show a list of drives.
Highlight the C: drive and click the Settings button.
If the slider is set to higher than 4 percent, slide it to the left to approximately the 4% point.
Click OK.
-------------------------------------------------------
Decrease the Amount of Space for Temporary Internet Files
Start Internet Explorer
  • Click the Tools menu and select Internet Options.
  • The Internet Options dialog window will appear.
  • OPen the "General" tab.
  • In the "Browsing history" area, click the Settings button.
    (If it warns that you are above the present limit and that it wishes to make a change, click OK).
  • In the Temporary Internet Files window, Enter the number 50 in the Disk space to use.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs... including your browser!
Double click to run it.
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. It will likely ask to Reboot again; choose to do so.
This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------------------
You can check free space any time by going to My Computer, right clicking C: drive and choosing Properties.
Please check that after completing the tasks above, and tell me what it reports.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Custom OTL Run Fix Results

Unread postby Tunaheart » March 20th, 2013, 12:54 pm

Askey Hi,

REsults from OTL Custom scan. I'll complete reminaing steps and let you know results later today

Grats!!

Cheers

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-21-2444304784-286345585-3085264512-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2444304784-286345585-3085264512-1005\Software\Microsoft\Windows\CurrentVersion\Run\\AROReminder deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2444304784-286345585-3085264512-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Spyware Doctor deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IETI deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IETI not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4240575B deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Chambers William\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Chambers William\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Chambers William
->Java cache emptied: 22552252 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 22.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 1250 bytes

User: All Users

User: Chambers William
->Flash cache emptied: 122188 bytes

User: Default User

User: LocalService
->Flash cache emptied: 405 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03202013_124737

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Tunaheart
Regular Member
 
Posts: 23
Joined: March 18th, 2013, 3:45 pm

Re: Browser Redirects from search results

Unread postby Tunaheart » March 20th, 2013, 1:15 pm

Askey Hi

The steps you outlined for cleaning things up helped with disk space, now have ~ 8.7 Gigs free

Cheers,
Tunaheart
Regular Member
 
Posts: 23
Joined: March 18th, 2013, 3:45 pm

Info

Unread postby Tunaheart » March 20th, 2013, 2:06 pm

BTW I hope I didnt goon this process, after the steps above I tried the search again from google and the redirects still occur..
Tunaheart
Regular Member
 
Posts: 23
Joined: March 18th, 2013, 3:45 pm

Re: Browser Redirects from search results

Unread postby askey127 » March 20th, 2013, 2:23 pm

Tunaheart,
No, you didn't.It's OK. We just picked the obvious things to start.
Now we will see that there are no other deeper problems.
After this sequence, we will remove "GetSavin".
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Double click in XP, Right click and choose "Run as administrator" in Vista/Win7)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".
---------------------------------------------
Run a Scan with OTL
  • For WinXP, double click on the OTL icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

TDSS Log File

Unread postby Tunaheart » March 20th, 2013, 5:52 pm

No Detected Objects Found

17:49:21.0109 2100 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:49:21.0609 2100 ============================================================
17:49:21.0609 2100 Current date / time: 2013/03/20 17:49:21.0609
17:49:21.0609 2100 SystemInfo:
17:49:21.0609 2100
17:49:21.0609 2100 OS Version: 5.1.2600 ServicePack: 3.0
17:49:21.0609 2100 Product type: Workstation
17:49:21.0609 2100 ComputerName: 51WELLINGOFFICE
17:49:21.0609 2100 UserName: Chambers William
17:49:21.0609 2100 Windows directory: C:\WINDOWS
17:49:21.0609 2100 System windows directory: C:\WINDOWS
17:49:21.0609 2100 Processor architecture: Intel x86
17:49:21.0609 2100 Number of processors: 2
17:49:21.0609 2100 Page size: 0x1000
17:49:21.0609 2100 Boot type: Normal boot
17:49:21.0609 2100 ============================================================
17:49:22.0421 2100 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:49:22.0421 2100 ============================================================
17:49:22.0421 2100 \Device\Harddisk0\DR0:
17:49:22.0421 2100 MBR partitions:
17:49:22.0421 2100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EAFF8
17:49:22.0421 2100 ============================================================
17:49:22.0437 2100 C: <-> \Device\Harddisk0\DR0\Partition1
17:49:22.0437 2100 ============================================================
17:49:22.0437 2100 Initialize success
17:49:22.0437 2100 ============================================================
17:49:47.0703 3104 ============================================================
17:49:47.0703 3104 Scan started
17:49:47.0703 3104 Mode: Manual;
17:49:47.0703 3104 ============================================================
17:49:47.0828 3104 ================ Scan system memory ========================
17:49:47.0828 3104 System memory - ok
17:49:47.0828 3104 ================ Scan services =============================
17:49:47.0984 3104 Abiosdsk - ok
17:49:48.0015 3104 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:49:48.0015 3104 abp480n5 - ok
17:49:48.0062 3104 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:49:48.0078 3104 ACPI - ok
17:49:48.0093 3104 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:49:48.0093 3104 ACPIEC - ok
17:49:48.0171 3104 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:49:48.0187 3104 AdobeFlashPlayerUpdateSvc - ok
17:49:48.0218 3104 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:49:48.0218 3104 adpu160m - ok
17:49:48.0250 3104 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:49:48.0250 3104 aec - ok
17:49:48.0296 3104 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:49:48.0296 3104 AFD - ok
17:49:48.0343 3104 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:49:48.0343 3104 agp440 - ok
17:49:48.0359 3104 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:49:48.0359 3104 agpCPQ - ok
17:49:48.0390 3104 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:49:48.0390 3104 Aha154x - ok
17:49:48.0406 3104 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:49:48.0421 3104 aic78u2 - ok
17:49:48.0437 3104 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:49:48.0437 3104 aic78xx - ok
17:49:48.0484 3104 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:49:48.0484 3104 Alerter - ok
17:49:48.0500 3104 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:49:48.0500 3104 ALG - ok
17:49:48.0546 3104 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
17:49:48.0546 3104 AliIde - ok
17:49:48.0593 3104 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:49:48.0593 3104 alim1541 - ok
17:49:48.0609 3104 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:49:48.0609 3104 amdagp - ok
17:49:48.0625 3104 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
17:49:48.0625 3104 amsint - ok
17:49:48.0718 3104 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:49:48.0718 3104 Apple Mobile Device - ok
17:49:48.0765 3104 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:49:48.0765 3104 AppMgmt - ok
17:49:48.0796 3104 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
17:49:48.0796 3104 asc - ok
17:49:48.0812 3104 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:49:48.0812 3104 asc3350p - ok
17:49:48.0828 3104 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:49:48.0828 3104 asc3550 - ok
17:49:48.0875 3104 [ B979979AB8027F7F53FB16EC4229B7DB ] ASPI32 C:\WINDOWS\system32\drivers\ASPI32.sys
17:49:48.0890 3104 ASPI32 - ok
17:49:48.0984 3104 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:49:49.0031 3104 aspnet_state - ok
17:49:49.0062 3104 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:49:49.0062 3104 AsyncMac - ok
17:49:49.0078 3104 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:49:49.0093 3104 atapi - ok
17:49:49.0093 3104 Atdisk - ok
17:49:49.0125 3104 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:49:49.0125 3104 Atmarpc - ok
17:49:49.0171 3104 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:49:49.0171 3104 AudioSrv - ok
17:49:49.0187 3104 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:49:49.0187 3104 audstub - ok
17:49:49.0390 3104 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
17:49:49.0515 3104 AVGIDSAgent - ok
17:49:49.0593 3104 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
17:49:49.0593 3104 AVGIDSDriver - ok
17:49:49.0640 3104 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
17:49:49.0640 3104 AVGIDSHX - ok
17:49:49.0687 3104 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
17:49:49.0687 3104 AVGIDSShim - ok
17:49:49.0734 3104 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:49:49.0734 3104 Avgldx86 - ok
17:49:49.0796 3104 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
17:49:49.0796 3104 Avglogx - ok
17:49:49.0828 3104 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:49:49.0843 3104 Avgmfx86 - ok
17:49:49.0890 3104 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:49:49.0890 3104 Avgrkx86 - ok
17:49:49.0937 3104 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:49:49.0937 3104 Avgtdix - ok
17:49:49.0984 3104 [ CAE7B6E4D7EB17829C526153D19B9C95 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
17:49:49.0984 3104 avgtp - ok
17:49:50.0015 3104 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
17:49:50.0031 3104 avgwd - ok
17:49:50.0062 3104 [ 241474D01380E9ED41D4C07F4F5FD401 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:49:50.0062 3104 b57w2k - ok
17:49:50.0093 3104 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:49:50.0093 3104 Beep - ok
17:49:50.0140 3104 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:49:50.0312 3104 BITS - ok
17:49:50.0375 3104 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:49:50.0375 3104 Bonjour Service - ok
17:49:50.0421 3104 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:49:50.0421 3104 Browser - ok
17:49:50.0484 3104 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
17:49:50.0484 3104 BVRPMPR5 - ok
17:49:50.0515 3104 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:49:50.0515 3104 cbidf - ok
17:49:50.0531 3104 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:49:50.0531 3104 cbidf2k - ok
17:49:50.0578 3104 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:49:50.0578 3104 CCDECODE - ok
17:49:50.0593 3104 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:49:50.0593 3104 cd20xrnt - ok
17:49:50.0609 3104 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:49:50.0625 3104 Cdaudio - ok
17:49:50.0640 3104 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:49:50.0640 3104 Cdfs - ok
17:49:50.0687 3104 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:49:50.0687 3104 Cdrom - ok
17:49:50.0687 3104 Changer - ok
17:49:50.0718 3104 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:49:50.0734 3104 CiSvc - ok
17:49:50.0734 3104 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:49:50.0734 3104 ClipSrv - ok
17:49:50.0781 3104 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:49:50.0937 3104 clr_optimization_v2.0.50727_32 - ok
17:49:51.0000 3104 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:49:51.0000 3104 clr_optimization_v4.0.30319_32 - ok
17:49:51.0031 3104 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:49:51.0031 3104 CmdIde - ok
17:49:51.0046 3104 COMSysApp - ok
17:49:51.0062 3104 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:49:51.0062 3104 Cpqarray - ok
17:49:51.0109 3104 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:49:51.0109 3104 CryptSvc - ok
17:49:51.0140 3104 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:49:51.0156 3104 dac2w2k - ok
17:49:51.0171 3104 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:49:51.0171 3104 dac960nt - ok
17:49:51.0218 3104 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:49:51.0234 3104 DcomLaunch - ok
17:49:51.0265 3104 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:49:51.0281 3104 Dhcp - ok
17:49:51.0328 3104 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:49:51.0328 3104 Disk - ok
17:49:51.0328 3104 dlbc_device - ok
17:49:51.0343 3104 dmadmin - ok
17:49:51.0390 3104 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:49:51.0421 3104 dmboot - ok
17:49:51.0421 3104 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:49:51.0437 3104 dmio - ok
17:49:51.0437 3104 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:49:51.0437 3104 dmload - ok
17:49:51.0484 3104 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:49:51.0484 3104 dmserver - ok
17:49:51.0500 3104 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:49:51.0500 3104 DMusic - ok
17:49:51.0546 3104 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:49:51.0546 3104 Dnscache - ok
17:49:51.0593 3104 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:49:51.0593 3104 Dot3svc - ok
17:49:51.0609 3104 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:49:51.0609 3104 dpti2o - ok
17:49:51.0656 3104 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:49:51.0656 3104 drmkaud - ok
17:49:51.0671 3104 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:49:51.0687 3104 E100B - ok
17:49:51.0703 3104 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:49:51.0703 3104 EapHost - ok
17:49:51.0750 3104 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:49:51.0750 3104 ERSvc - ok
17:49:51.0781 3104 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:49:51.0796 3104 Eventlog - ok
17:49:51.0843 3104 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:49:51.0843 3104 EventSystem - ok
17:49:51.0859 3104 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:49:51.0875 3104 Fastfat - ok
17:49:51.0921 3104 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:49:51.0921 3104 FastUserSwitchingCompatibility - ok
17:49:51.0968 3104 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
17:49:51.0984 3104 Fax - ok
17:49:52.0031 3104 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:49:52.0031 3104 Fdc - ok
17:49:52.0031 3104 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:49:52.0031 3104 Fips - ok
17:49:52.0046 3104 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:49:52.0046 3104 Flpydisk - ok
17:49:52.0093 3104 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:49:52.0093 3104 FltMgr - ok
17:49:52.0171 3104 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:49:52.0187 3104 FontCache3.0.0.0 - ok
17:49:52.0187 3104 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:49:52.0187 3104 Fs_Rec - ok
17:49:52.0234 3104 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:49:52.0234 3104 Ftdisk - ok
17:49:52.0281 3104 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:49:52.0281 3104 GEARAspiWDM - ok
17:49:52.0312 3104 [ 483924F92E55A5F9423201EC635E2CED ] gfibto C:\WINDOWS\system32\drivers\gfibto.sys
17:49:52.0328 3104 gfibto - ok
17:49:52.0359 3104 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:49:52.0359 3104 Gpc - ok
17:49:52.0500 3104 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:52.0500 3104 gupdate - ok
17:49:52.0500 3104 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:52.0515 3104 gupdatem - ok
17:49:52.0562 3104 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:49:52.0562 3104 gusvc - ok
17:49:52.0625 3104 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:49:52.0640 3104 helpsvc - ok
17:49:52.0671 3104 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:49:52.0687 3104 HidServ - ok
17:49:52.0718 3104 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:49:52.0718 3104 HidUsb - ok
17:49:52.0765 3104 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:49:52.0765 3104 hkmsvc - ok
17:49:52.0781 3104 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
17:49:52.0781 3104 hpn - ok
17:49:52.0828 3104 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:49:52.0843 3104 HTTP - ok
17:49:52.0859 3104 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:49:52.0859 3104 HTTPFilter - ok
17:49:52.0859 3104 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
17:49:52.0859 3104 i2omgmt - ok
17:49:52.0890 3104 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:49:52.0890 3104 i2omp - ok
17:49:52.0906 3104 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:49:52.0906 3104 i8042prt - ok
17:49:52.0953 3104 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:49:53.0000 3104 ialm - ok
17:49:53.0078 3104 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:49:53.0078 3104 IDriverT - ok
17:49:53.0156 3104 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:49:53.0156 3104 idsvc - ok
17:49:53.0187 3104 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:49:53.0187 3104 Imapi - ok
17:49:53.0234 3104 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:49:53.0234 3104 ImapiService - ok
17:49:53.0265 3104 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:49:53.0265 3104 ini910u - ok
17:49:53.0296 3104 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:49:53.0296 3104 IntelIde - ok
17:49:53.0359 3104 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:49:53.0359 3104 intelppm - ok
17:49:53.0468 3104 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
17:49:53.0468 3104 IntuitUpdateService - ok
17:49:53.0546 3104 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
17:49:53.0546 3104 IntuitUpdateServiceV4 - ok
17:49:53.0562 3104 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:49:53.0562 3104 Ip6Fw - ok
17:49:53.0593 3104 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:49:53.0593 3104 IpFilterDriver - ok
17:49:53.0609 3104 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:49:53.0609 3104 IpInIp - ok
17:49:53.0656 3104 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:49:53.0656 3104 IpNat - ok
17:49:53.0734 3104 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:49:53.0734 3104 iPod Service - ok
17:49:53.0750 3104 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:49:53.0750 3104 IPSec - ok
17:49:53.0765 3104 IPVNMon - ok
17:49:53.0781 3104 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:49:53.0781 3104 IRENUM - ok
17:49:53.0796 3104 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:49:53.0796 3104 isapnp - ok
17:49:53.0812 3104 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:49:53.0812 3104 Kbdclass - ok
17:49:53.0828 3104 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:49:53.0828 3104 kbdhid - ok
17:49:53.0859 3104 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:49:53.0859 3104 kmixer - ok
17:49:53.0875 3104 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:49:53.0890 3104 KSecDD - ok
17:49:53.0921 3104 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:49:53.0921 3104 lanmanserver - ok
17:49:53.0968 3104 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:49:53.0968 3104 lanmanworkstation - ok
17:49:54.0000 3104 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:49:54.0000 3104 Lbd - ok
17:49:54.0000 3104 lbrtfdc - ok
17:49:54.0046 3104 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:49:54.0046 3104 LmHosts - ok
17:49:54.0109 3104 [ A9D8D63C7378DD34E4E19036093A9264 ] lxeeCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe
17:49:54.0109 3104 lxeeCATSCustConnectService - ok
17:49:54.0125 3104 lxee_device - ok
17:49:54.0125 3104 MCSTRM - ok
17:49:54.0156 3104 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:49:54.0156 3104 Messenger - ok
17:49:54.0171 3104 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:49:54.0171 3104 mnmdd - ok
17:49:54.0218 3104 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:49:54.0218 3104 mnmsrvc - ok
17:49:54.0218 3104 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:49:54.0218 3104 Modem - ok
17:49:54.0250 3104 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:49:54.0250 3104 Mouclass - ok
17:49:54.0265 3104 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:49:54.0265 3104 mouhid - ok
17:49:54.0281 3104 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:49:54.0281 3104 MountMgr - ok
17:49:54.0312 3104 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:49:54.0312 3104 mraid35x - ok
17:49:54.0312 3104 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:49:54.0312 3104 MRxDAV - ok
17:49:54.0375 3104 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:49:54.0375 3104 MRxSmb - ok
17:49:54.0421 3104 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:49:54.0421 3104 MSDTC - ok
17:49:54.0453 3104 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:49:54.0453 3104 Msfs - ok
17:49:54.0453 3104 MSIServer - ok
17:49:54.0468 3104 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:49:54.0484 3104 MSKSSRV - ok
17:49:54.0484 3104 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:49:54.0484 3104 MSPCLOCK - ok
17:49:54.0500 3104 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:49:54.0500 3104 MSPQM - ok
17:49:54.0546 3104 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:49:54.0546 3104 mssmbios - ok
17:49:54.0593 3104 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
17:49:54.0593 3104 MSTEE - ok
17:49:54.0640 3104 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:49:54.0640 3104 Mup - ok
17:49:54.0687 3104 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:49:54.0687 3104 NABTSFEC - ok
17:49:54.0750 3104 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:49:54.0765 3104 napagent - ok
17:49:54.0812 3104 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:49:54.0812 3104 NDIS - ok
17:49:54.0828 3104 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:49:54.0828 3104 NdisIP - ok
17:49:54.0875 3104 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:49:54.0875 3104 NdisTapi - ok
17:49:54.0890 3104 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:49:54.0890 3104 Ndisuio - ok
17:49:54.0921 3104 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:49:54.0921 3104 NdisWan - ok
17:49:54.0968 3104 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:49:54.0984 3104 NDProxy - ok
17:49:55.0000 3104 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:49:55.0000 3104 NetBIOS - ok
17:49:55.0000 3104 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:49:55.0015 3104 NetBT - ok
17:49:55.0046 3104 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:49:55.0062 3104 NetDDE - ok
17:49:55.0062 3104 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:49:55.0062 3104 NetDDEdsdm - ok
17:49:55.0109 3104 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:49:55.0109 3104 Netlogon - ok
17:49:55.0125 3104 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:49:55.0140 3104 Netman - ok
17:49:55.0187 3104 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:49:55.0187 3104 NetTcpPortSharing - ok
17:49:55.0234 3104 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:49:55.0250 3104 Nla - ok
17:49:55.0281 3104 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:49:55.0281 3104 Npfs - ok
17:49:55.0296 3104 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:49:55.0312 3104 Ntfs - ok
17:49:55.0312 3104 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:49:55.0312 3104 NtLmSsp - ok
17:49:55.0343 3104 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:49:55.0359 3104 NtmsSvc - ok
17:49:55.0390 3104 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:49:55.0390 3104 Null - ok
17:49:55.0437 3104 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:49:55.0484 3104 nv - ok
17:49:55.0500 3104 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:49:55.0500 3104 NwlnkFlt - ok
17:49:55.0531 3104 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:49:55.0531 3104 NwlnkFwd - ok
17:49:55.0578 3104 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:49:55.0578 3104 ose - ok
17:49:55.0625 3104 [ 4A410C7AEA51123519C20D43A20BCE96 ] PAC207 C:\WINDOWS\system32\DRIVERS\PFC027.SYS
17:49:55.0640 3104 PAC207 - ok
17:49:55.0703 3104 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:49:55.0703 3104 Parport - ok
17:49:55.0718 3104 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:49:55.0718 3104 PartMgr - ok
17:49:55.0734 3104 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:49:55.0734 3104 ParVdm - ok
17:49:55.0781 3104 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:49:55.0781 3104 PCI - ok
17:49:55.0781 3104 PCIDump - ok
17:49:55.0812 3104 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:49:55.0812 3104 PCIIde - ok
17:49:55.0828 3104 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:49:55.0828 3104 Pcmcia - ok
17:49:55.0843 3104 PDCOMP - ok
17:49:55.0843 3104 PDFRAME - ok
17:49:55.0843 3104 PDRELI - ok
17:49:55.0859 3104 PDRFRAME - ok
17:49:55.0875 3104 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
17:49:55.0875 3104 perc2 - ok
17:49:55.0890 3104 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:49:55.0890 3104 perc2hib - ok
17:49:55.0921 3104 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:49:55.0921 3104 PlugPlay - ok
17:49:55.0937 3104 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:49:55.0937 3104 PolicyAgent - ok
17:49:55.0984 3104 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:49:55.0984 3104 PptpMiniport - ok
17:49:56.0000 3104 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:49:56.0000 3104 ProtectedStorage - ok
17:49:56.0000 3104 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:49:56.0015 3104 PSched - ok
17:49:56.0031 3104 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:49:56.0031 3104 Ptilink - ok
17:49:56.0062 3104 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:49:56.0078 3104 PxHelp20 - ok
17:49:56.0109 3104 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:49:56.0109 3104 ql1080 - ok
17:49:56.0125 3104 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:49:56.0125 3104 Ql10wnt - ok
17:49:56.0156 3104 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:49:56.0156 3104 ql12160 - ok
17:49:56.0187 3104 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:49:56.0187 3104 ql1240 - ok
17:49:56.0218 3104 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:49:56.0218 3104 ql1280 - ok
17:49:56.0250 3104 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:49:56.0250 3104 RasAcd - ok
17:49:56.0296 3104 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:49:56.0312 3104 RasAuto - ok
17:49:56.0328 3104 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:49:56.0343 3104 Rasl2tp - ok
17:49:56.0375 3104 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:49:56.0390 3104 RasMan - ok
17:49:56.0421 3104 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:49:56.0421 3104 RasPppoe - ok
17:49:56.0437 3104 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:49:56.0437 3104 Raspti - ok
17:49:56.0453 3104 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:49:56.0468 3104 Rdbss - ok
17:49:56.0468 3104 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:49:56.0468 3104 RDPCDD - ok
17:49:56.0500 3104 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:49:56.0500 3104 rdpdr - ok
17:49:56.0546 3104 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:49:56.0546 3104 RDPWD - ok
17:49:56.0593 3104 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:49:56.0593 3104 RDSessMgr - ok
17:49:56.0625 3104 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:49:56.0625 3104 redbook - ok
17:49:56.0671 3104 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:49:56.0671 3104 RemoteAccess - ok
17:49:56.0718 3104 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:49:56.0718 3104 RemoteRegistry - ok
17:49:56.0750 3104 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
17:49:56.0750 3104 ROOTMODEM - ok
17:49:56.0765 3104 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:49:56.0765 3104 RpcLocator - ok
17:49:56.0796 3104 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:49:56.0796 3104 RpcSs - ok
17:49:56.0828 3104 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:49:56.0828 3104 RSVP - ok
17:49:56.0843 3104 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:49:56.0843 3104 SamSs - ok
17:49:56.0890 3104 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:49:56.0906 3104 SCardSvr - ok
17:49:56.0953 3104 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:49:56.0953 3104 Schedule - ok
17:49:57.0000 3104 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:49:57.0000 3104 Secdrv - ok
17:49:57.0015 3104 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:49:57.0015 3104 seclogon - ok
17:49:57.0062 3104 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
17:49:57.0078 3104 senfilt - ok
17:49:57.0093 3104 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:49:57.0109 3104 SENS - ok
17:49:57.0156 3104 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:49:57.0171 3104 serenum - ok
17:49:57.0171 3104 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:49:57.0187 3104 Serial - ok
17:49:57.0218 3104 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:49:57.0218 3104 Sfloppy - ok
17:49:57.0265 3104 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:49:57.0281 3104 SharedAccess - ok
17:49:57.0328 3104 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:49:57.0328 3104 ShellHWDetection - ok
17:49:57.0328 3104 Simbad - ok
17:49:57.0375 3104 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:49:57.0375 3104 sisagp - ok
17:49:57.0437 3104 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:49:57.0437 3104 SLIP - ok
17:49:57.0500 3104 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
17:49:57.0500 3104 smwdm - ok
17:49:57.0546 3104 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:49:57.0562 3104 Sparrow - ok
17:49:57.0562 3104 SPLITCAM - ok
17:49:57.0625 3104 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:49:57.0625 3104 splitter - ok
17:49:57.0671 3104 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:49:57.0671 3104 Spooler - ok
17:49:57.0718 3104 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:49:57.0718 3104 sr - ok
17:49:57.0781 3104 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:49:57.0781 3104 srservice - ok
17:49:57.0812 3104 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:49:57.0812 3104 Srv - ok
17:49:57.0828 3104 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:49:57.0843 3104 SSDPSRV - ok
17:49:57.0890 3104 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
17:49:57.0890 3104 StillCam - ok
17:49:57.0937 3104 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:49:57.0953 3104 stisvc - ok
17:49:58.0000 3104 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:49:58.0000 3104 streamip - ok
17:49:58.0031 3104 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:49:58.0031 3104 swenum - ok
17:49:58.0046 3104 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:49:58.0046 3104 swmidi - ok
17:49:58.0062 3104 SwPrv - ok
17:49:58.0078 3104 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
17:49:58.0078 3104 symc810 - ok
17:49:58.0093 3104 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:49:58.0109 3104 symc8xx - ok
17:49:58.0125 3104 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:49:58.0125 3104 sym_hi - ok
17:49:58.0171 3104 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:49:58.0171 3104 sym_u3 - ok
17:49:58.0187 3104 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:49:58.0187 3104 sysaudio - ok
17:49:58.0234 3104 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:49:58.0234 3104 SysmonLog - ok
17:49:58.0296 3104 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:49:58.0296 3104 TapiSrv - ok
17:49:58.0343 3104 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:49:58.0359 3104 Tcpip - ok
17:49:58.0406 3104 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:49:58.0406 3104 TDPIPE - ok
17:49:58.0437 3104 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:49:58.0437 3104 TDTCP - ok
17:49:58.0468 3104 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:49:58.0468 3104 TermDD - ok
17:49:58.0515 3104 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:49:58.0531 3104 TermService - ok
17:49:58.0562 3104 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:49:58.0562 3104 Themes - ok
17:49:58.0609 3104 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:49:58.0609 3104 TlntSvr - ok
17:49:58.0625 3104 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
17:49:58.0625 3104 TosIde - ok
17:49:58.0656 3104 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:49:58.0656 3104 TrkWks - ok
17:49:58.0671 3104 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:49:58.0671 3104 Udfs - ok
17:49:58.0703 3104 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
17:49:58.0703 3104 ultra - ok
17:49:58.0750 3104 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:49:58.0750 3104 Update - ok
17:49:58.0796 3104 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Program Files\UPHClean\uphclean.exe
17:49:58.0796 3104 UPHClean - ok
17:49:58.0828 3104 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:49:58.0828 3104 upnphost - ok
17:49:58.0843 3104 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:49:58.0859 3104 UPS - ok
17:49:58.0906 3104 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:49:58.0906 3104 USBAAPL - ok
17:49:58.0921 3104 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:49:58.0937 3104 usbccgp - ok
17:49:58.0953 3104 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:49:58.0953 3104 usbehci - ok
17:49:58.0968 3104 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:49:58.0984 3104 usbhub - ok
17:49:59.0000 3104 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:49:59.0000 3104 usbprint - ok
17:49:59.0046 3104 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:49:59.0046 3104 usbscan - ok
17:49:59.0078 3104 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:49:59.0078 3104 USBSTOR - ok
17:49:59.0125 3104 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:49:59.0125 3104 usbuhci - ok
17:49:59.0140 3104 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:49:59.0140 3104 VgaSave - ok
17:49:59.0156 3104 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:49:59.0156 3104 viaagp - ok
17:49:59.0171 3104 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
17:49:59.0171 3104 ViaIde - ok
17:49:59.0203 3104 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:49:59.0203 3104 VolSnap - ok
17:49:59.0250 3104 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:49:59.0265 3104 VSS - ok
17:49:59.0281 3104 vToolbarUpdater14.2.0 - ok
17:49:59.0312 3104 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
17:49:59.0312 3104 w32time - ok
17:49:59.0328 3104 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:49:59.0328 3104 Wanarp - ok
17:49:59.0343 3104 WDICA - ok
17:49:59.0390 3104 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:49:59.0390 3104 wdmaud - ok
17:49:59.0406 3104 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:49:59.0406 3104 WebClient - ok
17:49:59.0484 3104 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:49:59.0484 3104 winmgmt - ok
17:49:59.0546 3104 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:49:59.0546 3104 WmdmPmSN - ok
17:49:59.0593 3104 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:49:59.0609 3104 Wmi - ok
17:49:59.0640 3104 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:49:59.0640 3104 WmiApSrv - ok
17:49:59.0703 3104 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:49:59.0734 3104 WMPNetworkSvc - ok
17:49:59.0750 3104 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:49:59.0750 3104 WpdUsb - ok
17:49:59.0843 3104 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:49:59.0875 3104 WPFFontCache_v0400 - ok
17:49:59.0921 3104 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:49:59.0937 3104 wscsvc - ok
17:50:00.0000 3104 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:50:00.0000 3104 WSTCODEC - ok
17:50:00.0015 3104 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:50:00.0062 3104 wuauserv - ok
17:50:00.0093 3104 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:50:00.0093 3104 WudfPf - ok
17:50:00.0125 3104 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:50:00.0125 3104 WudfRd - ok
17:50:00.0187 3104 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:50:00.0187 3104 WudfSvc - ok
17:50:00.0250 3104 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:50:00.0265 3104 WZCSVC - ok
17:50:00.0312 3104 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:50:00.0328 3104 xmlprov - ok
17:50:00.0343 3104 ================ Scan global ===============================
17:50:00.0406 3104 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:50:00.0453 3104 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:50:00.0468 3104 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:50:00.0500 3104 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:50:00.0500 3104 [Global] - ok
17:50:00.0500 3104 ================ Scan MBR ==================================
17:50:00.0515 3104 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:50:00.0656 3104 \Device\Harddisk0\DR0 - ok
17:50:00.0656 3104 ================ Scan VBR ==================================
17:50:00.0656 3104 [ 99F943474AED76AD484803449D3D63D6 ] \Device\Harddisk0\DR0\Partition1
17:50:00.0656 3104 \Device\Harddisk0\DR0\Partition1 - ok
17:50:00.0656 3104 ============================================================
17:50:00.0656 3104 Scan finished
17:50:00.0656 3104 ============================================================
17:50:00.0671 2620 Detected object count: 0
17:50:00.0671 2620 Actual detected object count: 0
17:50:08.0171 1152 Deinitialize success
Tunaheart
Regular Member
 
Posts: 23
Joined: March 18th, 2013, 3:45 pm

Rogue Killer report

Unread postby Tunaheart » March 20th, 2013, 6:01 pm

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Chambers William [Admin rights]
Mode : Scan -- Date : 03/20/2013 17:59:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll [x] -> UNLOADED
[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Temp (rundll32 "C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll",SCBB2_CreateTransformTablesW) [-] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : SearchProtection (C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat) -> FOUND
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : Temp (rundll32 "C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll",SCBB2_CreateTransformTablesW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : Temp (rundll32 "C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll",SCBB2_CreateTransformTablesW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-19_Classes[...]\Run : Temp (rundll32 "C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll",SCBB2_CreateTransformTablesW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : Temp (rundll32 "C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll",SCBB2_CreateTransformTablesW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-20_Classes[...]\Run : Temp (rundll32 "C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll",SCBB2_CreateTransformTablesW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2444304784-286345585-3085264512-1005[...]\Run : Temp (rundll32 "C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll",SCBB2_CreateTransformTablesW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2444304784-286345585-3085264512-1005_Classes[...]\Run : Temp (rundll32 "C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll",SCBB2_CreateTransformTablesW) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18[...]\Run : Temp (rundll32 "C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll",SCBB2_CreateTransformTablesW) [-] -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3808110AS +++++
--- User ---
[MBR] 2eb7f8fb2038b9a98980033a9dee5e18
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 76245 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03202013_02d1759.txt >>
RKreport[1]_S_03202013_02d1759.txt
Tunaheart
Regular Member
 
Posts: 23
Joined: March 18th, 2013, 3:45 pm

OTL Txt

Unread postby Tunaheart » March 20th, 2013, 6:15 pm

OTL logfile created on: 3/20/2013 6:05:34 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Chambers William\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 3.03 Gb Available Physical Memory | 86.91% Memory free
4.82 Gb Paging File | 4.39 Gb Available in Paging File | 91.20% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 8.68 Gb Free Space | 11.66% Space Free | Partition Type: NTFS

Computer Name: 51WELLINGOFFICE | User Name: Chambers William | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/19 19:12:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chambers William\Desktop\OTL.exe
PRC - [2013/01/29 17:00:00 | 000,685,936 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 05:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 14:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 14:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 14:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/07/29 11:12:40 | 000,431,608 | ---- | M] (Virgin HealthMiles Inc.) -- C:\Program Files\GoZone\GoZone_iSync.exe
PRC - [2011/01/23 19:37:02 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\ezprint.exe
PRC - [2011/01/23 19:37:00 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
PRC - [2010/04/14 14:01:23 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeecoms.exe
PRC - [2009/09/16 19:31:35 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2007/02/07 16:26:52 | 000,538,096 | ---- | M] ( ) -- C:\WINDOWS\system32\dlbccoms.exe
PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/10/05 11:19:12 | 000,040,960 | ---- | M] () -- C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
PRC - [2002/10/11 14:32:30 | 000,065,536 | ---- | M] () -- C:\WINDOWS\twain_32\ca561a\SnapDetect.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/17 11:21:40 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll
MOD - [2013/03/17 11:13:13 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
MOD - [2013/01/31 20:02:24 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll
MOD - [2013/01/31 20:02:20 | 000,786,944 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\578e2c661908dea0af10151bc199f347\System.EnterpriseServices.ni.dll
MOD - [2013/01/31 20:02:19 | 000,646,656 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll
MOD - [2013/01/30 21:43:01 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013/01/30 21:42:48 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll
MOD - [2013/01/30 21:42:30 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013/01/30 21:42:18 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
MOD - [2013/01/30 21:42:11 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll
MOD - [2013/01/30 21:41:49 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013/01/30 21:41:34 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/23 19:37:02 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\ezprint.exe
MOD - [2011/01/23 19:37:00 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeedrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeescw.dll
MOD - [2009/11/26 01:08:23 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LXEEPMON.DLL
MOD - [2009/11/26 01:07:23 | 000,032,768 | ---- | M] () -- c:\Program Files\Lexmark Pro700 Series\ipcmt.dll
MOD - [2009/11/04 08:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeedrpp.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeedatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeecaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro700 Series\lxeeptp.dll
MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\LXEEsmr.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\WINDOWS\system32\LXEEsm.dll
MOD - [2009/01/13 08:15:12 | 004,485,120 | ---- | M] () -- C:\WINDOWS\system32\LXEEoem.dll
MOD - [2007/01/31 22:11:52 | 000,102,400 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbcpp5c.dll
MOD - [2004/10/05 11:19:12 | 000,040,960 | ---- | M] () -- C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
MOD - [2004/10/05 11:19:10 | 000,172,032 | ---- | M] () -- C:\Program Files\EarthLink\spamBlocker\ELSBOEHook.dll
MOD - [2002/10/11 14:32:30 | 000,065,536 | ---- | M] () -- C:\WINDOWS\twain_32\ca561a\SnapDetect.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/03/12 17:44:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/14 14:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxeecoms.exe -- (lxee_device)
SRV - [2010/04/14 14:01:11 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2007/02/07 16:26:52 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dlbccoms.exe -- (dlbc_device)
SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\splitcam.sys -- (SPLITCAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Unknown] -- -- (IPVNMon)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/03/17 09:00:42 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/02/28 19:10:34 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/16 00:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 14:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 04:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/07/02 21:20:41 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2008/06/18 11:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/02/13 13:17:26 | 000,618,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2005/04/01 10:52:46 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..\SearchScopes\{6F62BF60-4AEC-4446-8470-89847A139943}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found


[2013/03/19 18:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chambers William\Application Data\Mozilla\Firefox\Profiles\yuur66od.default\extensions
[2012/04/18 20:24:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Chambers William\Application Data\Mozilla\Firefox\Profiles\yuur66od.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2004/08/04 06:00:00 | 000,004,816 | ---- | M] () (No name found) -- C:\Documents and Settings\Chambers William\Application Data\Mozilla\Firefox\Profiles\yuur66od.default\extensions\ycahqkvqjz@ycahqkvqjz.org.xpi

========== Chrome ==========

CHR - default_search_provider: EarthLink ()
CHR - default_search_provider: search_url = http://eimg.net/sw/toolbar/4/2/rd601.ht ... archbox&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://securesearch.lavasoft.com/?sourc ... 5145BED77D
CHR - homepage: http://securesearch.lavasoft.com/?sourc ... 5145BED77D

O1 HOSTS File: ([2013/03/17 19:39:51 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro700 Series\ezprint.exe ()
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe ()
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe ()
O4 - HKLM..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Lexmark Pro700 Series Fax Server] C:\Program Files\Lexmark Pro700 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxeemon.exe] C:\Program Files\Lexmark Pro700 Series\lxeemon.exe ()
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [SearchProtection] C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Temp] C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll (SEC)
O4 - HKU\S-1-5-18..\Run: [Temp] C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll (SEC)
O4 - HKU\S-1-5-19..\Run: [Temp] C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll (SEC)
O4 - HKU\S-1-5-20..\Run: [Temp] C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll (SEC)
O4 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized File not found
O4 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005..\Run: [SplitCam] C:\Program Files\SplitCam\SplitCam.exe /play File not found
O4 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005..\Run: [Temp] C:\Documents and Settings\Chambers William\Local Settings\Application Data\Wal-Mart Music Downloads\Temp\pswro.dll (SEC)
O4 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; WinNT-EVI 03.07.2010)" -"http://selair.selkirk.bc.ca/Training/systems/Alsim-start.html" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Chambers William\Start Menu\Programs\StartUp\GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O15 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..Trusted Domains: navyfcu.org ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..Trusted Domains: vatsim.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2444304784-286345585-3085264512-1005\..Trusted Domains: xpressdeposit.com ([nfcu] https in Trusted sites)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (ILINCInstall102 Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 1407581734 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonW ... ontrol.cab (Verizon Wireless Media Upload)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} http://www.installengine.com/engine/isetup.cab (InstallShield International Setup Player)
O16 - DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} http://onbase.ci.palm-coast.fl.us//activex/OBXPopup.cab (OBXPopupBlockerAssistant Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/ph ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB61D0CA-6788-4907-991E-AA05A8599CFF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chambers William\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chambers William\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2a4d3e6f-0daf-11e1-b09c-0014223bae41}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4d3e6f-0daf-11e1-b09c-0014223bae41}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4d3e6f-0daf-11e1-b09c-0014223bae41}\Shell\AutoRun\command - "" = J:\TLBootstrap_WPP.exe
O33 - MountPoints2\{4f8f8362-3bd1-11dc-b093-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f8f8362-3bd1-11dc-b093-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f8f8362-3bd1-11dc-b093-806d6172696f}\Shell\AutoRun\command - "" = D:\SetupMG.exe
O33 - MountPoints2\{51b24cda-bae6-11dc-b6ce-0014223bae41}\Shell\AutoRun\command - "" = J:\RCAMemoryMgr.exe
O33 - MountPoints2\{51b24cda-bae6-11dc-b6ce-0014223bae41}\Shell\Manage your videos\command - "" = J:\RCAMemoryMgr.exe
O33 - MountPoints2\{f8d11ec4-e1d1-11de-b03a-0014223bae41}\Shell\AutoRun\command - "" = I:\asfocineLKNSD45835dsklnsdd8ssknfldk23nlekwqndlskanflckn324235wlskdn\asflkn434efodknzalknel2k3nqwdaslfe0ihreoitk\iexplorer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/20 17:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Desktop\RK_Quarantine
[2013/03/20 17:47:57 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chambers William\Desktop\tdsskiller.exe
[2013/03/20 12:59:55 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chambers William\Desktop\TFC.exe
[2013/03/20 12:47:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/19 18:51:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/03/18 20:53:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chambers William\Desktop\OTL.exe
[2013/03/18 20:08:01 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Chambers William\Desktop\dds.scr
[2013/03/18 19:59:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/03/18 19:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/03/18 19:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/03/17 09:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Application Data\LavasoftStatistics
[2013/03/17 09:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/03/17 09:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Application Data\SecureSearch
[2013/03/17 09:00:42 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/03/17 09:00:42 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/03/16 22:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Application Data\Sammsoft
[2013/03/16 19:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Desktop\mbar
[2013/03/16 19:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\WinZip
[2013/03/16 19:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2013/03/16 19:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/03/16 19:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/03/16 18:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\Aurigma
[2013/03/12 17:44:08 | 015,859,416 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/03/09 16:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/03/03 18:13:11 | 000,000,000 | ---D | C] -- C:\Output
[2013/03/03 18:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\PowerPoint-PPT to Pdf Converter
[2013/03/03 17:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chambers William\Desktop\(60-61)Rotodome Antenna Group and RMS 1-31-12

========== Files - Modified Within 30 Days ==========

[2013/03/20 17:55:58 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Chambers William\Desktop\RogueKiller.exe
[2013/03/20 17:48:02 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chambers William\Desktop\tdsskiller.exe
[2013/03/20 17:43:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/20 17:35:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/20 17:35:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/20 17:35:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2013/03/20 17:35:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/20 17:35:07 | 3747,753,984 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/20 12:59:55 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chambers William\Desktop\TFC.exe
[2013/03/19 20:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/19 19:30:18 | 002,499,054 | ---- | M] () -- C:\Documents and Settings\Chambers William\Desktop\avg alert after otl.bmp
[2013/03/19 19:12:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chambers William\Desktop\OTL.exe
[2013/03/19 19:01:51 | 000,609,993 | ---- | M] () -- C:\Documents and Settings\Chambers William\Desktop\adwcleaner.exe
[2013/03/19 18:49:37 | 000,000,105 | ---- | M] () -- C:\prefs.js
[2013/03/18 20:08:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Chambers William\Desktop\dds.scr
[2013/03/18 19:58:35 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Chambers William\Desktop\NTREGOPT.lnk
[2013/03/18 19:58:35 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Chambers William\Desktop\ERUNT.lnk
[2013/03/18 19:38:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2013/03/18 19:37:08 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/03/17 19:39:51 | 000,000,732 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/17 17:07:51 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/17 11:24:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/17 11:11:24 | 000,483,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/17 11:11:24 | 000,080,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/17 09:00:42 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/03/17 09:00:42 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/03/16 19:56:42 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2013/03/16 19:56:42 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/03/16 19:46:22 | 013,786,977 | ---- | M] () -- C:\Documents and Settings\Chambers William\Desktop\mbar-1.01.0.1021.zip
[2013/03/16 12:44:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/14 19:15:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/12 17:44:18 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/12 17:44:18 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/12 17:44:08 | 015,859,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/28 22:33:07 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/02/28 19:10:34 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys

========== Files Created - No Company Name ==========

[2013/03/20 17:55:58 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Chambers William\Desktop\RogueKiller.exe
[2013/03/19 19:30:17 | 002,499,054 | ---- | C] () -- C:\Documents and Settings\Chambers William\Desktop\avg alert after otl.bmp
[2013/03/19 19:01:51 | 000,609,993 | ---- | C] () -- C:\Documents and Settings\Chambers William\Desktop\adwcleaner.exe
[2013/03/19 18:49:37 | 000,000,105 | ---- | C] () -- C:\prefs.js
[2013/03/18 19:58:35 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Chambers William\Desktop\NTREGOPT.lnk
[2013/03/18 19:58:35 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Chambers William\Desktop\ERUNT.lnk
[2013/03/17 18:11:32 | 3747,753,984 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/16 19:56:42 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2013/03/16 19:56:36 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2013/03/16 19:46:22 | 013,786,977 | ---- | C] () -- C:\Documents and Settings\Chambers William\Desktop\mbar-1.01.0.1021.zip
[2013/03/16 12:44:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/26 12:16:27 | 000,637,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2444304784-286345585-3085264512-1005-0.dat
[2013/01/26 12:16:26 | 000,143,482 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/01/26 11:25:21 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/08/27 00:51:35 | 000,118,784 | ---- | C] () -- C:\WINDOWS\ShowBmp.exe
[2012/08/27 00:51:35 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2012/08/27 00:51:35 | 000,000,180 | ---- | C] () -- C:\WINDOWS\ap561.ini
[2012/08/27 00:51:35 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2012/08/12 06:57:44 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\dt.dat
[2012/04/18 21:13:17 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/04/18 21:13:15 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/04/18 21:13:15 | 000,564,224 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2012/04/18 21:13:15 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/04/18 21:13:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2012/04/18 21:13:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/03/30 23:22:48 | 000,000,316 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2012/02/17 16:21:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/25 01:13:54 | 000,011,884 | -HS- | C] () -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\13732673a7a4
[2011/12/25 01:13:54 | 000,011,884 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\13732673a7a4
[2011/09/18 20:51:54 | 000,129,024 | ---- | C] () -- C:\Documents and Settings\Chambers William\metadata.db
[2011/07/29 22:26:40 | 000,002,212 | ---- | C] () -- C:\WINDOWS\spca561.ini
[2011/07/29 15:47:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeevs.dll
[2011/07/29 15:47:41 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecoin.dll
[2011/07/29 15:47:31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeecuir.dll
[2011/07/29 15:47:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeegcfg.dll
[2011/07/29 15:47:30 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeecui.dll
[2011/07/29 15:46:29 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXEEPMON.DLL
[2011/07/29 15:46:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXEEFXPU.DLL
[2011/07/29 15:46:09 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEEoem.dll
[2011/07/29 15:44:13 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEEhcp.dll
[2011/07/29 15:44:13 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXEEinst.dll
[2011/07/29 15:44:12 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeusb1.dll
[2011/07/29 15:44:12 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeinpa.dll
[2011/07/29 15:44:12 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeiesc.dll
[2011/07/29 15:44:11 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeserv.dll
[2011/07/29 15:44:11 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeepmui.dll
[2011/07/29 15:44:10 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeelmpm.dll
[2011/07/29 15:44:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeejswr.dll
[2011/07/29 15:44:09 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeih.exe
[2011/07/29 15:44:09 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeeins.dll
[2011/07/29 15:44:09 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeeinsb.dll
[2011/07/29 15:44:09 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxeeinsr.dll
[2011/07/29 15:44:08 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeehbn3.dll
[2011/07/29 15:44:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeegrd.dll
[2011/07/29 15:44:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeecub.dll
[2011/07/29 15:44:07 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecoms.exe
[2011/07/29 15:44:07 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeecu.dll
[2011/07/29 15:44:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeecur.dll
[2011/07/29 15:44:06 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecomc.dll
[2011/07/29 15:44:06 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecomm.dll
[2011/07/29 15:44:05 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecfg.exe
[2011/07/29 15:40:34 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEEsmr.dll
[2011/07/29 15:40:32 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEEsm.dll
[2011/05/28 21:56:46 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\fusioncache.dat
[2011/05/27 14:52:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\Download.INI
[2011/03/22 22:23:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18210612r
[2011/03/22 22:23:27 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18210612
[2011/03/22 22:23:00 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18210612
[2010/02/25 19:51:53 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Chambers William\g2mdlhlpx.exe
[2009/12/26 12:00:38 | 000,000,486 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/09/13 10:01:46 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Chambers William\webct_upload_applet.properties
[2009/09/09 18:06:19 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Chambers William\Application Data\mcs.rma
[2009/09/09 18:06:19 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Chambers William\Application Data\68BB2D
[2009/09/05 11:22:44 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\d3d9caps.dat
[2007/05/20 17:02:00 | 000,003,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/29 16:04:46 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\Chambers William\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/17 18:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sammsoft
[2013/02/07 22:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/10/08 18:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/03/30 18:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 17:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/17 09:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/04/27 20:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2010/10/30 19:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlightPrep
[2011/09/18 19:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro700 Series
[2013/03/20 17:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/29 15:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pro700 Series
[2011/11/13 00:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/04/18 21:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/05 19:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2013/03/16 19:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/06/09 20:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD YouTube Downloader & Converter
[2009/04/05 13:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/08/27 17:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/21 22:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/08/16 17:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\Ad-Aware Antivirus
[2012/03/11 12:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\Amazon
[2012/06/09 21:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\Audacity
[2012/10/08 18:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\AVG2013
[2010/12/27 13:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\calibre
[2012/04/18 21:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\DVDVideoSoft
[2008/12/06 15:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\EarthLink
[2012/10/13 22:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\ElevatedDiagnostics
[2011/07/30 10:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\Pro700 Series
[2012/05/13 22:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\RipIt4Me
[2013/03/16 22:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\Sammsoft
[2013/03/17 09:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\SecureSearch
[2010/07/04 15:30:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chambers William\Application Data\SoundSpectrum
[2012/10/08 18:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chambers William\Application Data\TuneUp Software
[2010/11/04 19:01:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chambers William\Application Data\webex
[2012/10/13 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2008/06/05 19:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\EarthLink

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2008/06/05 17:09:21 | 000,000,152 | ---- | M] ()(C:\WINDOWS\System32\???????????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䕜牡桴楌歮䕜牡桴楌歮倠潲整瑣潩潃瑮潲敃瑮牥卜湡屡潃普杩塜楖睥挮湯楦g
[2008/06/05 17:09:21 | 000,000,152 | ---- | C] ()(C:\WINDOWS\System32\???????????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥䕜牡桴楌歮䕜牡桴楌歮倠潲整瑣潩潃瑮潲敃瑮牥卜湡屡潃普杩塜楖睥挮湯楦g

< End of report >
Tunaheart
Regular Member
 
Posts: 23
Joined: March 18th, 2013, 3:45 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware