1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Help against hacker in my system

Discussion in 'Malware Removal Help' started by roy1972, Apr 16, 2013.

  1. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    OTL RunScan Log No 2 :-

    OTL logfile created on: 22/04/2013 15:38:29 - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.14% Memory free
    3.85 Gb Paging File | 2.78 Gb Available in Paging File | 72.28% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 372.60 Gb Total Space | 42.07 Gb Free Space | 11.29% Space Free | Partition Type: NTFS
    Drive E: | 3.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: EXPERIENCE | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\Norton 360\Engine\20.3.1.22\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
    PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
    MOD - C:\Program Files\Norton 360\Engine\20.3.1.22\wincfi39.dll ()
    MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\bb044cd004af2e4fb1375e507a27db56\System.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\666b46e6cb9abe4dbe6c6dfcc8568cf3\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\1a030f7a6283454da01a2b1af8e577ff\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\68797bd1efbfae44bff716cb63911472\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\36d9e0cf6c5af34f987c77820faa0084\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\5d3d529b23845f47993cc1fd34f294fa\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\42c974e2ff259548b7a092975e4f9334\mscorlib.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\WINDOWS\system32\Primomonnt.dll ()


    ========== Services (SafeList) ==========

    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (N360) -- C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130421.007\NAVEX15.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130421.007\NAVENG.SYS (Symantec Corporation)
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130419.001\IDSXpx86.sys (Symantec Corporation)
    DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys (Symantec Corporation)
    DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\1403010.016\symtdi.sys (Symantec Corporation)
    DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\1403010.016\symefa.sys (Symantec Corporation)
    DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\1403010.016\srtsp.sys (Symantec Corporation)
    DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\N360\1403010.016\srtspx.sys (Symantec Corporation)
    DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\1403010.016\symds.sys (Symantec Corporation)
    DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\1403010.016\ironx86.sys (Symantec Corporation)
    DRV - (ccSet_N360) -- C:\WINDOWS\system32\drivers\N360\1403010.016\ccsetx86.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (dtscsi) -- C:\WINDOWS\system32\drivers\dtscsi.sys (DT Soft Ltd.)
    DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
    DRV - (Pcatip) -- C:\WINDOWS\system32\drivers\Pcatip.sys (VSO Software)
    DRV - (CV2K1) -- C:\WINDOWS\system32\drivers\cv2k1.sys (TamoSoft, Inc.)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
    DRV - (se27unic) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
    DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI)
    DRV - (se27nd5) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI)
    DRV - (SE27mgmt) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI)
    DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
    DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
    DRV - (SE27bus) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
    DRV - (ATIAVAIW) -- C:\WINDOWS\system32\drivers\atinavt2.sys (ATI Technologies Inc.)
    DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (ts_lb) -- C:\WINDOWS\system32\drivers\ts_lb.sys (TamoSoft, Inc.)
    DRV - (viaagp1) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS (VIA Technologies, Inc.)
    DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\zoek, = http://www.google.com/search?q=%s
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Web Search"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: ""
    FF - prefs.js..extensions.enabledAddons: %7B3DB5ABE1-407D-458F-AD5D-8D89BD625CCC%7D:1.2.0
    FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
    FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
    FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%204
    FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.3.19
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems:
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
    FF - prefs.js..extensions.enabledItems: avg@igeared:7.007.026.001
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
    FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {f4fd6a58-532e-b9e7-a3fd-8c4b3e7bedd3}:4.6.6.8
    FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.1
    FF - prefs.js..extensions.enabledItems: {70a9aa80-d283-4eae-8a87-ee7b769edf53}:1.0
    FF - prefs.js..extensions.enabledItems:
    FF - prefs.js..extensions.enabledItems: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}:1.2.0
    FF - prefs.js..keyword.URL: "http://www.searchamong.com/searchvi...38ba09d0a9caf2367b43&cat=webs&bar=true&query="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/16 03:08:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/04/19 20:51:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/04/22 15:31:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 01:23:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 01:23:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/17 14:47:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012/01/21 00:27:54 | 000,000,000 | ---D | M]

    [2009/07/23 03:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2009/07/30 19:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\daftbackup delete if all well\Profiles\n9tszq57.default\extensions
    [2013/04/20 11:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions
    [2011/05/11 01:17:58 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
    [2013/04/10 22:53:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/03/16 06:23:29 | 000,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
    [2013/02/25 15:11:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/12/27 02:13:17 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
    [2011/04/26 23:00:52 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\illimitux@illimitux.net
    [2013/03/10 21:38:57 | 000,275,665 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\artur.dubovoy@gmail.com.xpi
    [2013/02/23 20:32:13 | 002,163,784 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\firebug@software.joehewitt.com.xpi
    [2013/02/15 20:39:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/04/20 01:26:58 | 000,002,534 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\safesearch.xml
    [2009/10/06 21:55:31 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\searchalot.xml
    [2009/10/06 21:56:45 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\searchgeek.xml
    [2009/10/06 21:56:25 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\snappy-words.xml
    [2012/10/16 03:20:23 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\Web Search.xml
    [2013/04/12 01:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/04/12 01:22:59 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{f4fd6a58-532e-b9e7-a3fd-8c4b3e7bedd3}
    [2013/04/22 15:31:17 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN
    [2013/04/19 20:51:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN
    [2013/04/12 01:23:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/12/27 02:13:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/02/19 20:53:09 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Web Search (Enabled)
    CHR - default_search_provider: search_url = http://www.searchamong.com/searchvi...2367b43&query={searchTerms}&cat=webs&bar=true
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.searchamong.com/?source=cf9e35ac618438ba09d0a9caf2367b43
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
    CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.72_0\crossrider
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.72_0\
    CHR - Extension: FVD Video Downloader = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.0.5_0\
    CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
    CHR - Extension: Ghostery = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2010/09/21 17:52:14 | 000,785,565 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
    O1 - Hosts: 127.0.0.1localhost
    O1 - Hosts: 127.0.0.1 .impresionesweb.com
    O1 - Hosts: 127.0.0.1 .banners.publipagos.com
    O1 - Hosts: 127.0.0.1 .publipagos.com
    O1 - Hosts: 127.0.0.1 v3.publipagos.com
    O1 - Hosts: 127.0.0.1 red.as-eu.falkag.net
    O1 - Hosts: 127.0.0.1 .googlesyndication.com
    O1 - Hosts: 127.0.0.1 pagead2.googlesyndication.com
    O1 - Hosts: 127.0.0.1 pagead1.googlesyndication.com
    O1 - Hosts: 127.0.0.1 morannon.fok.nl
    O1 - Hosts: 127.0.0.1 ad.firstadsolution.com
    O1 - Hosts: 127.0.0.1 .clicktorrent.info
    O1 - Hosts: 127.0.0.1.aavc.com
    O1 - Hosts: 127.0.0.1.acjp.com
    O1 - Hosts: 127.0.0.1.ebav.com
    O1 - Hosts: 127.0.0.1.ebaw.com
    O1 - Hosts: 127.0.0.1.ebch.com
    O1 - Hosts: 127.0.0.1.ebdv.com
    O1 - Hosts: 127.0.0.1.ebdw.com
    O1 - Hosts: 127.0.0.1.ebgo.com
    O1 - Hosts: 127.0.0.1.ebjp.com
    O1 - Hosts: 127.0.0.1.ebkb.com
    O1 - Hosts: 127.0.0.1.ebkn.com
    O1 - Hosts: 127.0.0.1.ebky.com
    O1 - Hosts: 127.0.0.1.eblv.com
    O1 - Hosts: 26658 more lines...
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoGear SA3MXX Device Manager.lnk = C:\Program Files\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
    O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C6BF1D7-281C-461D-A3F1-48F07ED56B84}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/23 02:04:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{9cebc1fa-772c-11de-85df-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{9cebc1fa-772c-11de-85df-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9cebc1fa-772c-11de-85df-806d6172696f}\Shell\AutoRun\command - "" = G:\setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/04/22 15:29:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
    [2013/04/22 15:20:25 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/04/22 14:25:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2013/04/21 11:17:45 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
    [2013/04/20 12:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Steps done so far
    [2013/04/20 11:54:03 | 005,057,575 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\etavaresCF.exe
    [2013/04/20 11:49:32 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
    [2013/04/20 02:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2013/04/20 01:03:26 | 002,986,440 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Administrator\Desktop\NPE.exe
    [2013/04/20 01:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)
    [2013/04/20 00:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
    [2013/04/20 00:35:52 | 000,934,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symefa.sys
    [2013/04/20 00:35:52 | 000,394,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symtdi.sys
    [2013/04/20 00:35:52 | 000,367,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symds.sys
    [2013/04/20 00:35:52 | 000,350,368 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symtdiv.sys
    [2013/04/20 00:35:52 | 000,338,592 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnets.sys
    [2013/04/20 00:35:52 | 000,032,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtspx.sys
    [2013/04/20 00:35:52 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symelam.sys
    [2013/04/20 00:35:51 | 000,602,712 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtsp.sys
    [2013/04/20 00:35:51 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\ironx86.sys
    [2013/04/20 00:35:51 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\ccsetx86.sys
    [2013/04/20 00:35:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\1403010.016
    [2013/04/19 20:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Symantec
    [2013/04/19 20:50:21 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2013/04/19 20:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2013/04/19 20:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2013/04/19 20:49:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
    [2013/04/19 20:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
    [2013/04/19 20:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
    [2013/04/19 20:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2013/04/19 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2013/04/19 20:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    [2013/04/19 19:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Windows 7 Upgrade advisor reports
    [2013/04/19 19:27:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
    [2013/04/19 19:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
    [2013/04/19 12:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GOT
    [2013/04/19 11:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\DONE
    [2013/04/18 01:16:59 | 000,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe
    [2013/04/16 19:26:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2013/04/16 19:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/04/16 19:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2013/04/16 19:21:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2013/04/14 07:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
    [2013/04/12 19:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
    [2013/04/12 01:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/04/08 02:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
    [2012/10/16 03:20:00 | 000,442,048 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Administrator\Application Data\vioer.exe
    [2012/10/16 03:19:38 | 006,312,677 | ---- | C] (VIO ) -- C:\Documents and Settings\Administrator\Application Data\vio_clean.exe
    [2009/07/23 03:42:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
    [147 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/04/22 15:31:11 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/04/22 15:30:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/04/22 14:59:15 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_Administrator.job
    [2013/04/22 14:55:55 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/04/22 14:47:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1965331169-1801674531-500UA.job
    [2013/04/22 14:30:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/04/22 14:15:02 | 000,000,485 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Not Burned.lnk
    [2013/04/22 14:09:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/04/21 22:02:45 | 000,078,923 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Image2.jpg
    [2013/04/21 12:31:03 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Trans444.lnk
    [2013/04/21 03:47:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1965331169-1801674531-500Core.job
    [2013/04/20 14:04:01 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Matthew of Westminster (pre1800s).lnk
    [2013/04/20 14:04:01 | 000,000,959 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Matthew Paris (1200s).lnk
    [2013/04/20 12:29:58 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Security 2013.lnk
    [2013/04/20 11:54:41 | 005,057,575 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\etavaresCF.exe
    [2013/04/20 11:49:33 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
    [2013/04/20 11:23:42 | 000,000,287 | ---- | M] () -- C:\(C) MainDisc.lnk
    [2013/04/20 02:01:36 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2013/04/20 01:54:58 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/04/20 01:30:30 | 000,000,211 | ---- | M] () -- C:\boot.ini
    [2013/04/20 01:08:23 | 000,628,057 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\Cat.DB
    [2013/04/20 01:08:07 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\VT20130115.021
    [2013/04/20 01:04:07 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Administrator\Desktop\NPE.exe
    [2013/04/19 20:50:21 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2013/04/19 20:50:21 | 000,007,446 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2013/04/19 20:50:21 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2013/04/19 19:15:02 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\books - NEW.lnk
    [2013/04/19 13:54:01 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tcpview.exe.lnk
    [2013/04/19 11:34:48 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TRANS333.lnk
    [2013/04/17 17:03:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
    [2013/04/17 15:49:46 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2013/04/17 05:16:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2013/04/16 19:25:22 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/04/16 19:21:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2013/04/15 17:04:00 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk
    [2013/04/15 16:54:57 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\procexp.exe.lnk
    [2013/04/13 00:23:03 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/04/12 23:53:56 | 000,186,368 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/04/08 02:14:02 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/04/03 09:21:26 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\isolate.ini
    [2013/03/31 20:09:51 | 000,392,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/31 20:09:51 | 000,058,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [147 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/04/22 14:15:01 | 000,000,485 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Not Burned.lnk
    [2013/04/21 22:02:45 | 000,078,923 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Image2.jpg
    [2013/04/21 12:31:03 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Trans444.lnk
    [2013/04/20 14:04:01 | 000,001,019 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Matthew of Westminster (pre1800s).lnk
    [2013/04/20 14:04:01 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Matthew Paris (1200s).lnk
    [2013/04/20 12:29:58 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Security 2013.lnk
    [2013/04/20 11:23:42 | 000,000,287 | ---- | C] () -- C:\(C) MainDisc.lnk
    [2013/04/20 02:01:35 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2013/04/20 01:08:07 | 000,628,057 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\Cat.DB
    [2013/04/20 01:08:07 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\VT20130115.021
    [2013/04/20 00:35:52 | 000,009,670 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symelam.cat
    [2013/04/20 00:35:52 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnetv.cat
    [2013/04/20 00:35:52 | 000,007,601 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnet.cat
    [2013/04/20 00:35:52 | 000,007,583 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symefa.cat
    [2013/04/20 00:35:52 | 000,007,577 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symds.cat
    [2013/04/20 00:35:52 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symefa.inf
    [2013/04/20 00:35:52 | 000,002,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symds.inf
    [2013/04/20 00:35:52 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnetv.inf
    [2013/04/20 00:35:52 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnet.inf
    [2013/04/20 00:35:52 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtspx.inf
    [2013/04/20 00:35:52 | 000,000,996 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symelam.inf
    [2013/04/20 00:35:51 | 000,007,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\ccsetx86.cat
    [2013/04/20 00:35:51 | 000,007,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\iron.cat
    [2013/04/20 00:35:51 | 000,007,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtspx.cat
    [2013/04/20 00:35:51 | 000,007,577 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtsp.cat
    [2013/04/20 00:35:51 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtsp.inf
    [2013/04/20 00:35:51 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\ccsetx86.inf
    [2013/04/20 00:35:51 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\iron.inf
    [2013/04/20 00:35:27 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symvtcer.dat
    [2013/04/20 00:35:27 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\isolate.ini
    [2013/04/19 20:50:21 | 000,007,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2013/04/19 20:50:21 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2013/04/19 19:15:02 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\books - NEW.lnk
    [2013/04/19 13:54:01 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tcpview.exe.lnk
    [2013/04/19 11:34:48 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TRANS333.lnk
    [2013/04/17 17:03:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
    [2013/04/16 19:25:22 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/04/15 17:03:58 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk
    [2013/04/15 16:54:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\procexp.exe.lnk
    [2013/04/08 02:14:02 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2012/08/10 18:28:54 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
    [2011/10/29 01:43:44 | 000,179,712 | ---- | C] () -- C:\WINDOWS\System32\DPUNINST.DLL
    [2011/06/06 07:03:32 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/06/06 07:03:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/03/21 09:29:13 | 000,001,396 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2011/01/05 00:49:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\AstroViewer 3.1.3-Path
    [2009/09/30 16:11:14 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
    [2009/07/25 18:31:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\.gtk-bookmarks
    [2009/07/25 18:29:06 | 000,205,905 | ---- | C] () -- C:\Documents and Settings\Administrator\.fonts.cache-1
    [2009/07/23 04:02:43 | 000,186,368 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/23 03:43:04 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
    [2009/07/23 03:42:37 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
    [2009/07/23 03:42:37 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
    [2009/07/23 03:42:37 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf

    ========== ZeroAccess Check ==========

    [2009/07/23 02:23:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2006/10/01 13:00:00 | 001,497,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2006/10/01 13:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2006/10/01 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
     
  2. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Tdsskiller log :-

    15:44:59.0140 2676 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    15:44:59.0468 2676 ============================================================
    15:44:59.0468 2676 Current date / time: 2013/04/22 15:44:59.0468
    15:44:59.0468 2676 SystemInfo:
    15:44:59.0468 2676
    15:44:59.0468 2676 OS Version: 5.1.2600 ServicePack: 2.0
    15:44:59.0468 2676 Product type: Workstation
    15:44:59.0468 2676 ComputerName: EXPERIENCE
    15:44:59.0468 2676 UserName: Administrator
    15:44:59.0468 2676 Windows directory: C:\WINDOWS
    15:44:59.0468 2676 System windows directory: C:\WINDOWS
    15:44:59.0468 2676 Processor architecture: Intel x86
    15:44:59.0468 2676 Number of processors: 2
    15:44:59.0468 2676 Page size: 0x1000
    15:44:59.0468 2676 Boot type: Normal boot
    15:44:59.0468 2676 ============================================================
    15:45:01.0015 2676 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    15:45:01.0031 2676 ============================================================
    15:45:01.0031 2676 \Device\Harddisk0\DR0:
    15:45:01.0031 2676 MBR partitions:
    15:45:01.0031 2676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E933DC1
    15:45:01.0031 2676 ============================================================
    15:45:01.0046 2676 C: <-> \Device\Harddisk0\DR0\Partition1
    15:45:01.0046 2676 ============================================================
    15:45:01.0046 2676 Initialize success
    15:45:01.0046 2676 ============================================================
    15:45:32.0890 2144 ============================================================
    15:45:32.0890 2144 Scan started
    15:45:32.0890 2144 Mode: Manual;
    15:45:32.0890 2144 ============================================================
    15:45:33.0109 2144 ================ Scan system memory ========================
    15:45:33.0109 2144 System memory - ok
    15:45:33.0109 2144 ================ Scan services =============================
    15:45:33.0218 2144 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    15:45:33.0218 2144 !SASCORE - ok
    15:45:33.0296 2144 Abiosdsk - ok
    15:45:33.0296 2144 abp480n5 - ok
    15:45:33.0343 2144 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    15:45:33.0343 2144 ACPI - ok
    15:45:33.0390 2144 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    15:45:33.0390 2144 ACPIEC - ok
    15:45:33.0453 2144 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    15:45:33.0453 2144 AdobeFlashPlayerUpdateSvc - ok
    15:45:33.0453 2144 adpu160m - ok
    15:45:33.0500 2144 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
    15:45:33.0500 2144 aec - ok
    15:45:33.0531 2144 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
    15:45:33.0531 2144 AFD - ok
    15:45:33.0546 2144 Aha154x - ok
    15:45:33.0546 2144 aic78u2 - ok
    15:45:33.0546 2144 aic78xx - ok
    15:45:33.0578 2144 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    15:45:33.0578 2144 Alerter - ok
    15:45:33.0593 2144 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
    15:45:33.0593 2144 ALG - ok
    15:45:33.0593 2144 AliIde - ok
    15:45:33.0593 2144 amsint - ok
    15:45:33.0640 2144 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    15:45:33.0640 2144 AppMgmt - ok
    15:45:33.0640 2144 asc - ok
    15:45:33.0656 2144 asc3350p - ok
    15:45:33.0656 2144 asc3550 - ok
    15:45:33.0718 2144 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    15:45:33.0718 2144 aspnet_state - ok
    15:45:33.0734 2144 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    15:45:33.0734 2144 AsyncMac - ok
    15:45:33.0734 2144 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    15:45:33.0734 2144 atapi - ok
    15:45:33.0750 2144 Atdisk - ok
    15:45:33.0781 2144 [ F57801F641E6DF9F4FD4B29D6DEB422C ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    15:45:33.0781 2144 Ati HotKey Poller - ok
    15:45:33.0812 2144 [ 9459F0247D8911CFDF1DC509517AF5B6 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
    15:45:33.0812 2144 ATI Smart - ok
    15:45:33.0906 2144 [ BF94A12F9D86B28FECF00B24B7129013 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    15:45:33.0921 2144 ati2mtag - ok
    15:45:33.0953 2144 [ AF800321680EB915D8F03014B94FF3D3 ] ATIAVAIW C:\WINDOWS\system32\DRIVERS\atinavt2.sys
    15:45:33.0953 2144 ATIAVAIW - ok
    15:45:34.0000 2144 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    15:45:34.0000 2144 Atmarpc - ok
    15:45:34.0015 2144 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    15:45:34.0015 2144 AudioSrv - ok
    15:45:34.0046 2144 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    15:45:34.0046 2144 audstub - ok
    15:45:34.0093 2144 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    15:45:34.0093 2144 Beep - ok
    15:45:34.0296 2144 [ 89BF5550E4FC31E3FE728E68C558BF10 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys
    15:45:34.0312 2144 BHDrvx86 - ok
    15:45:34.0343 2144 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
    15:45:34.0343 2144 BITS - ok
    15:45:34.0375 2144 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
    15:45:34.0375 2144 Browser - ok
    15:45:34.0406 2144 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    15:45:34.0406 2144 cbidf2k - ok
    15:45:34.0421 2144 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    15:45:34.0421 2144 CCDECODE - ok
    15:45:34.0484 2144 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_N360 C:\WINDOWS\system32\drivers\N360\1403010.016\ccSetx86.sys
    15:45:34.0484 2144 ccSet_N360 - ok
    15:45:34.0484 2144 cd20xrnt - ok
    15:45:34.0500 2144 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    15:45:34.0500 2144 Cdaudio - ok
    15:45:34.0546 2144 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    15:45:34.0546 2144 Cdfs - ok
    15:45:34.0546 2144 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    15:45:34.0546 2144 Cdrom - ok
    15:45:34.0562 2144 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
    15:45:34.0562 2144 CiSvc - ok
    15:45:34.0578 2144 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    15:45:34.0609 2144 ClipSrv - ok
    15:45:34.0640 2144 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:45:34.0640 2144 clr_optimization_v2.0.50727_32 - ok
    15:45:34.0640 2144 CmdIde - ok
    15:45:34.0640 2144 COMSysApp - ok
    15:45:34.0656 2144 Cpqarray - ok
    15:45:34.0687 2144 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    15:45:34.0687 2144 CryptSvc - ok
    15:45:34.0718 2144 [ 7F992645CFB3CE16946748A9D1EACBC6 ] CV2K1 C:\WINDOWS\system32\DRIVERS\cv2k1.sys
    15:45:34.0718 2144 CV2K1 - ok
    15:45:34.0718 2144 dac2w2k - ok
    15:45:34.0718 2144 dac960nt - ok
    15:45:34.0765 2144 [ C369DF215D352B6F3A0B8C3469AA34F8 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    15:45:34.0765 2144 DcomLaunch - ok
    15:45:34.0781 2144 [ 3F15A1DBD86F7BDAF404648282D11ECE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    15:45:34.0781 2144 Dhcp - ok
    15:45:34.0796 2144 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    15:45:34.0796 2144 Disk - ok
    15:45:34.0796 2144 dmadmin - ok
    15:45:34.0828 2144 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    15:45:34.0843 2144 dmboot - ok
    15:45:34.0859 2144 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    15:45:34.0859 2144 dmio - ok
    15:45:34.0890 2144 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    15:45:34.0890 2144 dmload - ok
    15:45:34.0890 2144 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
    15:45:34.0890 2144 dmserver - ok
    15:45:34.0906 2144 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    15:45:34.0906 2144 DMusic - ok
    15:45:34.0921 2144 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    15:45:34.0921 2144 Dnscache - ok
    15:45:34.0921 2144 dpti2o - ok
    15:45:34.0937 2144 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    15:45:34.0937 2144 drmkaud - ok
    15:45:34.0968 2144 [ 12ACA694B50EA53563C1E7C99E7BB27D ] dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys
    15:45:34.0968 2144 dtscsi - ok
    15:45:35.0093 2144 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    15:45:35.0093 2144 eeCtrl - ok
    15:45:35.0125 2144 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    15:45:35.0125 2144 EraserUtilRebootDrv - ok
    15:45:35.0140 2144 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
    15:45:35.0140 2144 ERSvc - ok
    15:45:35.0171 2144 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
    15:45:35.0171 2144 Eventlog - ok
    15:45:35.0203 2144 [ 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 ] EventSystem C:\WINDOWS\system32\es.dll
    15:45:35.0203 2144 EventSystem - ok
    15:45:35.0218 2144 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    15:45:35.0218 2144 Fastfat - ok
    15:45:35.0250 2144 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    15:45:35.0250 2144 FastUserSwitchingCompatibility - ok
    15:45:35.0265 2144 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    15:45:35.0265 2144 Fdc - ok
    15:45:35.0296 2144 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    15:45:35.0296 2144 Fips - ok
    15:45:35.0343 2144 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    15:45:35.0343 2144 Flpydisk - ok
    15:45:35.0359 2144 [ 5A85CD3D07273E3F6FE72EE9C6431632 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    15:45:35.0359 2144 FltMgr - ok
    15:45:35.0375 2144 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    15:45:35.0375 2144 Fs_Rec - ok
    15:45:35.0406 2144 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    15:45:35.0406 2144 Ftdisk - ok
    15:45:35.0421 2144 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
    15:45:35.0421 2144 gameenum - ok
    15:45:35.0421 2144 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
    15:45:35.0421 2144 giveio - ok
    15:45:35.0453 2144 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    15:45:35.0453 2144 Gpc - ok
    15:45:35.0468 2144 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
    15:45:35.0468 2144 grmnusb - ok
    15:45:35.0546 2144 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    15:45:35.0546 2144 gupdate - ok
    15:45:35.0546 2144 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    15:45:35.0546 2144 gupdatem - ok
    15:45:35.0593 2144 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    15:45:35.0593 2144 HDAudBus - ok
    15:45:35.0625 2144 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    15:45:35.0625 2144 helpsvc - ok
    15:45:35.0640 2144 HidServ - ok
    15:45:35.0671 2144 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    15:45:35.0671 2144 hidusb - ok
    15:45:35.0687 2144 hpn - ok
    15:45:35.0734 2144 [ 909D110C9634B0F1487EAAEA837317D9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    15:45:35.0734 2144 HTTP - ok
    15:45:35.0765 2144 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    15:45:35.0765 2144 HTTPFilter - ok
    15:45:35.0765 2144 i2omp - ok
    15:45:35.0781 2144 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    15:45:35.0781 2144 i8042prt - ok
    15:45:35.0843 2144 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    15:45:35.0843 2144 IDriverT - ok
    15:45:35.0921 2144 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130419.001\IDSxpx86.sys
    15:45:35.0937 2144 IDSxpx86 - ok
    15:45:35.0968 2144 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    15:45:35.0968 2144 Imapi - ok
    15:45:35.0984 2144 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
    15:45:35.0984 2144 ImapiService - ok
    15:45:35.0984 2144 ini910u - ok
    15:45:36.0171 2144 [ 284BCB80391783D328A8D8163E97FD58 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    15:45:36.0203 2144 IntcAzAudAddService - ok
    15:45:36.0203 2144 IntelIde - ok
    15:45:36.0234 2144 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    15:45:36.0234 2144 intelppm - ok
    15:45:36.0250 2144 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    15:45:36.0250 2144 Ip6Fw - ok
    15:45:36.0281 2144 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    15:45:36.0281 2144 IpFilterDriver - ok
    15:45:36.0296 2144 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    15:45:36.0296 2144 IpInIp - ok
    15:45:36.0312 2144 [ D58ECD3B3969A670E68588F1640920B6 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    15:45:36.0312 2144 IpNat - ok
    15:45:36.0343 2144 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    15:45:36.0343 2144 IPSec - ok
    15:45:36.0390 2144 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    15:45:36.0390 2144 IRENUM - ok
    15:45:36.0406 2144 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    15:45:36.0406 2144 isapnp - ok
    15:45:36.0515 2144 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    15:45:36.0515 2144 JavaQuickStarterService - ok
    15:45:36.0546 2144 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    15:45:36.0546 2144 Kbdclass - ok
    15:45:36.0593 2144 [ 8531438246CE9474E41EE1599904C0C7 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    15:45:36.0609 2144 kmixer - ok
    15:45:36.0625 2144 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    15:45:36.0625 2144 KSecDD - ok
    15:45:36.0640 2144 [ 4E9EA6CC8DB8DCEF7FB37F2C9B4CC556 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    15:45:36.0640 2144 lanmanserver - ok
    15:45:36.0656 2144 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    15:45:36.0671 2144 lanmanworkstation - ok
    15:45:36.0718 2144 [ B7C19EC8B0DD7EFA58AD41FFEB8B8CDA ] Lbd C:\WINDOWS\system32\DRIVERS\Lbd.sys
    15:45:36.0718 2144 Lbd - ok
    15:45:36.0750 2144 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    15:45:36.0750 2144 LmHosts - ok
    15:45:36.0765 2144 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    15:45:36.0765 2144 Messenger - ok
    15:45:36.0796 2144 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    15:45:36.0796 2144 mnmdd - ok
    15:45:36.0843 2144 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    15:45:36.0843 2144 mnmsrvc - ok
    15:45:36.0859 2144 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    15:45:36.0859 2144 Modem - ok
    15:45:36.0875 2144 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    15:45:36.0875 2144 Mouclass - ok
    15:45:36.0890 2144 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    15:45:36.0890 2144 mouhid - ok
    15:45:36.0890 2144 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    15:45:36.0890 2144 MountMgr - ok
    15:45:36.0937 2144 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    15:45:36.0953 2144 MozillaMaintenance - ok
    15:45:36.0968 2144 [ 55A9A7E6BB297BF0F5B144029DCB79CC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
    15:45:36.0968 2144 MPE - ok
    15:45:36.0968 2144 mraid35x - ok
    15:45:36.0984 2144 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    15:45:36.0984 2144 MRxDAV - ok
    15:45:37.0015 2144 [ 7412CE77C6FD823F8889B4DF420C680B ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    15:45:37.0031 2144 MRxSmb - ok
    15:45:37.0046 2144 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    15:45:37.0046 2144 MSDTC - ok
    15:45:37.0062 2144 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    15:45:37.0062 2144 Msfs - ok
    15:45:37.0062 2144 MSIServer - ok
    15:45:37.0078 2144 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    15:45:37.0078 2144 MSKSSRV - ok
    15:45:37.0093 2144 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    15:45:37.0093 2144 MSPCLOCK - ok
    15:45:37.0109 2144 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    15:45:37.0109 2144 MSPQM - ok
    15:45:37.0109 2144 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    15:45:37.0109 2144 mssmbios - ok
    15:45:37.0125 2144 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    15:45:37.0125 2144 MSTEE - ok
    15:45:37.0125 2144 [ F66B6B1CDDEE6CA87CEFC016EB7A0D8E ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    15:45:37.0125 2144 Mup - ok
    15:45:37.0203 2144 [ 241BD3019FB31E812A51B31B06906335 ] N360 C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe
    15:45:37.0203 2144 N360 - ok
    15:45:37.0218 2144 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    15:45:37.0218 2144 NABTSFEC - ok
    15:45:37.0296 2144 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130421.007\NAVENG.SYS
    15:45:37.0296 2144 NAVENG - ok
    15:45:37.0375 2144 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130421.007\NAVEX15.SYS
    15:45:37.0375 2144 NAVEX15 - ok
    15:45:37.0453 2144 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    15:45:37.0468 2144 NBService - ok
    15:45:37.0500 2144 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    15:45:37.0500 2144 NDIS - ok
    15:45:37.0531 2144 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    15:45:37.0531 2144 NdisIP - ok
    15:45:37.0562 2144 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    15:45:37.0562 2144 NdisTapi - ok
    15:45:37.0562 2144 [ 8D3CE6B579CDE8D37ACC690B67DC2106 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    15:45:37.0562 2144 Ndisuio - ok
    15:45:37.0578 2144 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    15:45:37.0578 2144 NdisWan - ok
    15:45:37.0609 2144 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    15:45:37.0609 2144 NDProxy - ok
    15:45:37.0625 2144 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    15:45:37.0625 2144 NetBIOS - ok
    15:45:37.0640 2144 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    15:45:37.0640 2144 NetBT - ok
    15:45:37.0656 2144 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
    15:45:37.0671 2144 NetDDE - ok
    15:45:37.0671 2144 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    15:45:37.0671 2144 NetDDEdsdm - ok
    15:45:37.0703 2144 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
    15:45:37.0703 2144 Netlogon - ok
    15:45:37.0734 2144 [ 3516D8A18B36784B1005B950B84232E1 ] Netman C:\WINDOWS\System32\netman.dll
    15:45:37.0734 2144 Netman - ok
    15:45:37.0765 2144 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
    15:45:37.0765 2144 Nla - ok
    15:45:37.0843 2144 [ 060DAF68493AD7ADF104413E5A62AFA8 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    15:45:37.0843 2144 NMIndexingService - ok
    15:45:37.0906 2144 [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU C:\Program Files\CDBurnerXP\NMSAccessU.exe
    15:45:37.0906 2144 NMSAccessU - ok
    15:45:37.0937 2144 [ B9730495E0CF674680121E34BD95A73B ] npf C:\WINDOWS\system32\drivers\npf.sys
    15:45:37.0953 2144 npf - ok
    15:45:37.0968 2144 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    15:45:37.0968 2144 Npfs - ok
    15:45:38.0000 2144 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    15:45:38.0000 2144 Ntfs - ok
    15:45:38.0015 2144 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    15:45:38.0015 2144 NtLmSsp - ok
    15:45:38.0031 2144 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    15:45:38.0046 2144 NtmsSvc - ok
    15:45:38.0062 2144 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    15:45:38.0062 2144 Null - ok
    15:45:38.0093 2144 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    15:45:38.0093 2144 NwlnkFlt - ok
    15:45:38.0109 2144 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    15:45:38.0109 2144 NwlnkFwd - ok
    15:45:38.0171 2144 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:45:38.0171 2144 ose - ok
    15:45:38.0187 2144 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    15:45:38.0187 2144 Parport - ok
    15:45:38.0218 2144 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    15:45:38.0218 2144 PartMgr - ok
    15:45:38.0234 2144 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    15:45:38.0234 2144 ParVdm - ok
    15:45:38.0281 2144 [ 6D3C5DEEF9A7EC5CD2A40E0113192D27 ] Pcatip C:\WINDOWS\system32\DRIVERS\Pcatip.sys
    15:45:38.0281 2144 Pcatip - ok
    15:45:38.0281 2144 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    15:45:38.0281 2144 PCI - ok
    15:45:38.0281 2144 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    15:45:38.0281 2144 PCIIde - ok
    15:45:38.0312 2144 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    15:45:38.0312 2144 Pcmcia - ok
    15:45:38.0343 2144 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
    15:45:38.0343 2144 pcouffin - ok
    15:45:38.0343 2144 perc2 - ok
    15:45:38.0343 2144 perc2hib - ok
    15:45:38.0375 2144 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
    15:45:38.0390 2144 PlugPlay - ok
    15:45:38.0406 2144 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    15:45:38.0406 2144 PolicyAgent - ok
    15:45:38.0421 2144 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    15:45:38.0421 2144 PptpMiniport - ok
    15:45:38.0421 2144 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    15:45:38.0421 2144 ProtectedStorage - ok
    15:45:38.0437 2144 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    15:45:38.0437 2144 PSched - ok
    15:45:38.0437 2144 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    15:45:38.0437 2144 Ptilink - ok
    15:45:38.0468 2144 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    15:45:38.0468 2144 PxHelp20 - ok
    15:45:38.0468 2144 ql1080 - ok
    15:45:38.0468 2144 Ql10wnt - ok
    15:45:38.0484 2144 ql12160 - ok
    15:45:38.0484 2144 ql1240 - ok
    15:45:38.0484 2144 ql1280 - ok
    15:45:38.0500 2144 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    15:45:38.0500 2144 RasAcd - ok
    15:45:38.0531 2144 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
    15:45:38.0531 2144 RasAuto - ok
    15:45:38.0531 2144 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    15:45:38.0531 2144 Rasl2tp - ok
    15:45:38.0562 2144 [ ED5E89DEDB0111E2869CB37D62B46C7A ] RasMan C:\WINDOWS\System32\rasmans.dll
    15:45:38.0562 2144 RasMan - ok
    15:45:38.0578 2144 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    15:45:38.0578 2144 RasPppoe - ok
    15:45:38.0593 2144 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    15:45:38.0593 2144 Raspti - ok
    15:45:38.0625 2144 [ ED375CE745C42A14F10753F7022ECD6A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    15:45:38.0625 2144 Rdbss - ok
    15:45:38.0625 2144 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    15:45:38.0625 2144 RDPCDD - ok
    15:45:38.0671 2144 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    15:45:38.0687 2144 rdpdr - ok
    15:45:38.0703 2144 [ 047BEA21274C8A4A233674A76C958C2C ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    15:45:38.0703 2144 RDPWD - ok
    15:45:38.0718 2144 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    15:45:38.0718 2144 RDSessMgr - ok
    15:45:38.0750 2144 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    15:45:38.0750 2144 redbook - ok
    15:45:38.0781 2144 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    15:45:38.0781 2144 RemoteAccess - ok
    15:45:38.0796 2144 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    15:45:38.0796 2144 RemoteRegistry - ok
    15:45:38.0843 2144 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
    15:45:38.0843 2144 RichVideo - ok
    15:45:38.0875 2144 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
    15:45:38.0875 2144 RpcLocator - ok
    15:45:38.0906 2144 [ C369DF215D352B6F3A0B8C3469AA34F8 ] RpcSs C:\WINDOWS\system32\rpcss.dll
    15:45:38.0906 2144 RpcSs - ok
    15:45:38.0937 2144 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    15:45:38.0937 2144 RSVP - ok
    15:45:38.0953 2144 [ 7988BFE882BCD94199225B5C3482F1BD ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
    15:45:38.0953 2144 RTL8023xp - ok
    15:45:38.0968 2144 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
    15:45:38.0968 2144 SamSs - ok
    15:45:39.0000 2144 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    15:45:39.0000 2144 SASDIFSV - ok
    15:45:39.0031 2144 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    15:45:39.0031 2144 SASENUM - ok
    15:45:39.0062 2144 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    15:45:39.0062 2144 SASKUTIL - ok
    15:45:39.0078 2144 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    15:45:39.0078 2144 SCardSvr - ok
    15:45:39.0109 2144 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
    15:45:39.0109 2144 Schedule - ok
    15:45:39.0140 2144 [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus C:\WINDOWS\system32\DRIVERS\SE27bus.sys
    15:45:39.0140 2144 SE27bus - ok
    15:45:39.0171 2144 [ D53E7E53107D1796825540129F8FE89F ] SE27mdfl C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
    15:45:39.0171 2144 SE27mdfl - ok
    15:45:39.0187 2144 [ 2AFA2F65A6E91DA5B5070E734769827E ] SE27mdm C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
    15:45:39.0187 2144 SE27mdm - ok
    15:45:39.0203 2144 [ 5A33A8D7B44C7BD8ABE248B4DCD1FF3C ] SE27mgmt C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
    15:45:39.0203 2144 SE27mgmt - ok
    15:45:39.0234 2144 [ BB30139683BBF3EE89EC931393D9335C ] se27nd5 C:\WINDOWS\system32\DRIVERS\se27nd5.sys
    15:45:39.0234 2144 se27nd5 - ok
    15:45:39.0234 2144 [ 5DA6FF71E94B9134DDD094EBB09F05E6 ] SE27obex C:\WINDOWS\system32\DRIVERS\SE27obex.sys
    15:45:39.0234 2144 SE27obex - ok
    15:45:39.0250 2144 [ 4D54A9D7C22157AB3D2442E8BCF5ECD2 ] se27unic C:\WINDOWS\system32\DRIVERS\se27unic.sys
    15:45:39.0250 2144 se27unic - ok
    15:45:39.0265 2144 [ 07F7F501AD50DE2BA2D5842D9B6D6155 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    15:45:39.0281 2144 Secdrv - ok
    15:45:39.0281 2144 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
    15:45:39.0296 2144 seclogon - ok
    15:45:39.0296 2144 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
    15:45:39.0296 2144 SENS - ok
    15:45:39.0312 2144 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    15:45:39.0312 2144 serenum - ok
    15:45:39.0312 2144 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    15:45:39.0312 2144 Serial - ok
    15:45:39.0328 2144 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    15:45:39.0328 2144 Sfloppy - ok
    15:45:39.0359 2144 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    15:45:39.0359 2144 SharedAccess - ok
    15:45:39.0375 2144 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    15:45:39.0375 2144 ShellHWDetection - ok
    15:45:39.0375 2144 Simbad - ok
    15:45:39.0390 2144 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    15:45:39.0390 2144 SLIP - ok
    15:45:39.0390 2144 Sparrow - ok
    15:45:39.0421 2144 [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan C:\WINDOWS\system32\speedfan.sys
    15:45:39.0421 2144 speedfan - ok
    15:45:39.0437 2144 [ 9BB1DD670CB7505A90FC4E61D4AA8227 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    15:45:39.0437 2144 splitter - ok
    15:45:39.0437 2144 [ AD3D9D191AEA7B5445FE1D82FFBB4788 ] Spooler C:\WINDOWS\system32\spoolsv.exe
    15:45:39.0453 2144 Spooler - ok
    15:45:39.0453 2144 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    15:45:39.0453 2144 sr - ok
    15:45:39.0468 2144 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
    15:45:39.0484 2144 srservice - ok
    15:45:39.0531 2144 [ 0A8F71E1DB5432A5B9285111421E77EC ] SRTSP C:\WINDOWS\System32\Drivers\N360\1403010.016\SRTSP.SYS
    15:45:39.0531 2144 SRTSP - ok
    15:45:39.0546 2144 [ FE9BD381778A344F0E39AE2D5E607D7F ] SRTSPX C:\WINDOWS\system32\drivers\N360\1403010.016\SRTSPX.SYS
    15:45:39.0546 2144 SRTSPX - ok
    15:45:39.0578 2144 [ 58BB0CC6BE72899190505741E3B83464 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    15:45:39.0593 2144 Srv - ok
    15:45:39.0593 2144 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    15:45:39.0609 2144 SSDPSRV - ok
    15:45:39.0656 2144 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
    15:45:39.0656 2144 StarOpen - ok
    15:45:39.0671 2144 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    15:45:39.0671 2144 stisvc - ok
    15:45:39.0687 2144 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    15:45:39.0687 2144 streamip - ok
    15:45:39.0703 2144 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    15:45:39.0703 2144 swenum - ok
    15:45:39.0718 2144 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    15:45:39.0734 2144 swmidi - ok
    15:45:39.0734 2144 SwPrv - ok
    15:45:39.0734 2144 symc810 - ok
    15:45:39.0734 2144 symc8xx - ok
    15:45:39.0765 2144 [ 6EA77FF0CE4E839EA8B1CEA5F5B28C00 ] SymDS C:\WINDOWS\system32\drivers\N360\1403010.016\SYMDS.SYS
    15:45:39.0765 2144 SymDS - ok
    15:45:39.0812 2144 [ 1773FB2920EBB3A8BAD0360618091470 ] SymEFA C:\WINDOWS\system32\drivers\N360\1403010.016\SYMEFA.SYS
    15:45:39.0812 2144 SymEFA - ok
    15:45:39.0843 2144 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    15:45:39.0843 2144 SymEvent - ok
    15:45:39.0890 2144 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\WINDOWS\system32\drivers\N360\1403010.016\Ironx86.SYS
    15:45:39.0890 2144 SymIRON - ok
    15:45:39.0937 2144 [ EC979002EBA25C9D109B2FE0E03457DA ] SYMTDI C:\WINDOWS\System32\Drivers\N360\1403010.016\SYMTDI.SYS
    15:45:39.0937 2144 SYMTDI - ok
    15:45:39.0937 2144 sym_hi - ok
    15:45:39.0937 2144 sym_u3 - ok
    15:45:39.0968 2144 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    15:45:39.0968 2144 sysaudio - ok
    15:45:40.0000 2144 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    15:45:40.0000 2144 SysmonLog - ok
    15:45:40.0031 2144 [ 1418A3A6E76E5A2E3F5E43866E793A8B ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    15:45:40.0046 2144 TapiSrv - ok
    15:45:40.0062 2144 [ C7BE59B07C6EB74BEA6FD67C1B164015 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    15:45:40.0062 2144 Tcpip - ok
    15:45:40.0078 2144 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    15:45:40.0078 2144 TDPIPE - ok
    15:45:40.0093 2144 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    15:45:40.0093 2144 TDTCP - ok
    15:45:40.0109 2144 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    15:45:40.0109 2144 TermDD - ok
    15:45:40.0125 2144 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
    15:45:40.0140 2144 TermService - ok
    15:45:40.0156 2144 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
    15:45:40.0156 2144 Themes - ok
    15:45:40.0171 2144 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    15:45:40.0171 2144 TlntSvr - ok
    15:45:40.0187 2144 TosIde - ok
    15:45:40.0203 2144 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
    15:45:40.0203 2144 TrkWks - ok
    15:45:40.0218 2144 [ 8B7855A27AFCB8C66AAFAB67E859FDB6 ] ts_lb C:\WINDOWS\system32\drivers\ts_lb.sys
    15:45:40.0218 2144 ts_lb - ok
    15:45:40.0234 2144 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    15:45:40.0250 2144 Udfs - ok
    15:45:40.0250 2144 ultra - ok
    15:45:40.0265 2144 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
    15:45:40.0265 2144 UMWdf - ok
    15:45:40.0281 2144 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    15:45:40.0281 2144 Update - ok
    15:45:40.0296 2144 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
    15:45:40.0296 2144 upnphost - ok
    15:45:40.0312 2144 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
    15:45:40.0312 2144 UPS - ok
    15:45:40.0343 2144 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    15:45:40.0343 2144 usbccgp - ok
    15:45:40.0359 2144 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    15:45:40.0359 2144 usbehci - ok
    15:45:40.0375 2144 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    15:45:40.0375 2144 usbhub - ok
    15:45:40.0375 2144 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    15:45:40.0375 2144 usbprint - ok
    15:45:40.0406 2144 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    15:45:40.0406 2144 usbscan - ok
    15:45:40.0421 2144 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    15:45:40.0421 2144 usbstor - ok
    15:45:40.0437 2144 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    15:45:40.0437 2144 usbuhci - ok
    15:45:40.0468 2144 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    15:45:40.0468 2144 usbvideo - ok
    15:45:40.0484 2144 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    15:45:40.0500 2144 VgaSave - ok
    15:45:40.0531 2144 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
    15:45:40.0531 2144 viaagp1 - ok
    15:45:40.0531 2144 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    15:45:40.0531 2144 ViaIde - ok
    15:45:40.0531 2144 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    15:45:40.0531 2144 VolSnap - ok
    15:45:40.0562 2144 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
    15:45:40.0578 2144 VSS - ok
    15:45:40.0593 2144 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
    15:45:40.0593 2144 W32Time - ok
    15:45:40.0625 2144 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    15:45:40.0625 2144 Wanarp - ok
    15:45:40.0640 2144 [ 0BFA8203B8148FB4E54BC212C41CE497 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    15:45:40.0640 2144 wdmaud - ok
    15:45:40.0656 2144 [ 346E7D636ADFE4E3B1B32AF8326220FF ] WebClient C:\WINDOWS\System32\webclnt.dll
    15:45:40.0656 2144 WebClient - ok
    15:45:40.0718 2144 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    15:45:40.0718 2144 winmgmt - ok
    15:45:40.0750 2144 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
    15:45:40.0750 2144 WmdmPmSN - ok
    15:45:40.0796 2144 [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi C:\WINDOWS\System32\advapi32.dll
    15:45:40.0796 2144 Wmi - ok
    15:45:40.0828 2144 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    15:45:40.0828 2144 WmiApSrv - ok
    15:45:40.0859 2144 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    15:45:40.0859 2144 WS2IFSL - ok
    15:45:40.0875 2144 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    15:45:40.0875 2144 wscsvc - ok
    15:45:40.0890 2144 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    15:45:40.0890 2144 WSTCODEC - ok
    15:45:40.0906 2144 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    15:45:40.0921 2144 wuauserv - ok
    15:45:40.0937 2144 [ 9BE3612A127478B34700BEF4ACBA554D ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    15:45:40.0937 2144 WZCSVC - ok
    15:45:40.0953 2144 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    15:45:40.0953 2144 xmlprov - ok
    15:45:40.0968 2144 ================ Scan global ===============================
    15:45:41.0000 2144 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
    15:45:41.0031 2144 [ 3642C99D14EC986DDE123C9D2846427D ] C:\WINDOWS\system32\winsrv.dll
    15:45:41.0031 2144 [ 3642C99D14EC986DDE123C9D2846427D ] C:\WINDOWS\system32\winsrv.dll
    15:45:41.0062 2144 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
    15:45:41.0062 2144 [Global] - ok
    15:45:41.0062 2144 ================ Scan MBR ==================================
    15:45:41.0078 2144 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    15:45:41.0203 2144 \Device\Harddisk0\DR0 - ok
    15:45:41.0203 2144 ================ Scan VBR ==================================
    15:45:41.0218 2144 [ E7578F506DD03997B052604E7BDA6628 ] \Device\Harddisk0\DR0\Partition1
    15:45:41.0218 2144 \Device\Harddisk0\DR0\Partition1 - ok
    15:45:41.0218 2144 ============================================================
    15:45:41.0218 2144 Scan finished
    15:45:41.0218 2144 ============================================================
    15:45:41.0218 1964 Detected object count: 0
    15:45:41.0218 1964 Actual detected object count: 0
    15:47:10.0859 2960 Deinitialize success
     
  3. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Combofix (renamed to etavaresCF.exe) log :-

    ComboFix 13-04-22.01 - Administrator 22/04/2013 16:03:43.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2047.981 [GMT 1:00]
    Running from: c:\documents and settings\Administrator\Desktop\etavaresCF.exe
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Application Data\cacaoweb
    c:\documents and settings\Administrator\Application Data\cacaoweb\adstorage.db
    c:\documents and settings\Administrator\Application Data\cacaoweb\storage.db
    c:\documents and settings\Administrator\Application Data\inst.exe
    c:\documents and settings\Administrator\Application Data\vso_ts_preview.xml
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\windows\system32\Cache
    c:\windows\system32\Cache\25b4ef93958486c5.fb
    c:\windows\system32\Cache\26c630d098e22dd5.fb
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\95f567698be8a182.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\a8a990711f41fde0.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\e0de16f883bea794.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    c:\windows\system32\config\systemprofile\Local Settings\Temp\{702189CC-B450-4D80-99DF-10CF01815FE3}-GoogleEarth-Win-Bundle-7.0.3.8542.exe
    c:\windows\system32\ReadMe.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-03-22 to 2013-04-22 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-22 14:20 . 2013-04-22 14:20--------d-----w-C:\_OTL
    2013-04-22 13:25 . 2013-04-22 13:25--------d-----w-c:\windows\system32\LogFiles
    2013-04-21 10:17 . 2013-04-21 10:17--------d-----w-C:\N360_BACKUP
    2013-04-19 23:36 . 2013-04-20 00:39--------d-----w-c:\documents and settings\Administrator\Local Settings\Application Data\NPE
    2013-04-19 19:50 . 2013-04-19 20:18--------d-----w-c:\program files\Common Files\Symantec Shared
    2013-04-19 19:50 . 2013-04-19 19:50--------d-----w-c:\program files\Symantec
    2013-04-19 19:50 . 2013-04-19 19:50142496----a-w-c:\windows\system32\drivers\SYMEVENT.SYS
    2013-04-19 19:49 . 2013-04-20 00:12--------d-----w-c:\windows\system32\drivers\N360
    2013-04-19 19:49 . 2013-04-19 19:49--------d-----w-c:\program files\Norton 360
    2013-04-19 19:49 . 2013-04-19 23:38--------d-----w-c:\documents and settings\All Users\Application Data\Norton
    2013-04-19 19:46 . 2013-04-19 19:46--------d-----w-c:\program files\NortonInstaller
    2013-04-19 18:27 . 2013-04-19 18:27--------d-----w-c:\windows\Performance
    2013-04-19 18:27 . 2013-04-19 18:27--------d-----w-c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation
    2013-04-18 00:16 . 2006-10-01 12:00388608----a-w-c:\windows\system32\utilman.exe
    2013-04-16 18:25 . 2013-04-16 18:25--------d-----w-c:\program files\ERUNT
    2013-04-12 18:28 . 2013-04-12 23:26--------d-----w-c:\documents and settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-04 13:50 . 2010-09-21 16:1522856----a-w-c:\windows\system32\drivers\mbam.sys
    2013-03-21 16:28 . 2013-03-21 16:2898304----a-w-c:\windows\system32\OPSTMB00.EXE
    2013-03-14 12:30 . 2012-09-13 00:1973432----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-14 12:30 . 2012-09-13 00:19693976----a-w-c:\windows\system32\FlashPlayerApp.exe
    2013-03-14 12:30 . 2013-03-08 19:3016486616----a-w-c:\windows\system32\FlashPlayerInstaller.exe
    2013-03-10 22:07 . 2013-03-10 22:0779836----a-w-c:\windows\system32\fruninst.exe
    2013-03-10 21:23 . 2013-03-10 21:2394112----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2013-03-10 21:23 . 2012-05-12 00:35861088----a-w-c:\windows\system32\npDeployJava1.dll
    2013-03-10 21:23 . 2012-05-12 00:35782240----a-w-c:\windows\system32\deployJava1.dll
    2013-03-10 21:23 . 2010-01-25 13:58143872----a-w-c:\windows\system32\javacpl.cpl
    2013-03-08 19:26 . 2013-03-08 19:261409----a-w-c:\windows\QTFont.for
    2009-05-13 21:55 . 2009-05-13 21:551044480----a-w-c:\program files\opera\program\plugins\libdivx.dll
    2009-05-13 21:55 . 2009-05-13 21:55200704----a-w-c:\program files\opera\program\plugins\ssldivx.dll
    2013-04-12 00:23 . 2013-04-12 00:22263064----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2006-10-01 . C7BE59B07C6EB74BEA6FD67C1B164015 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-20 4763008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2006-10-01 53760]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    GoGear SA3MXX Device Manager.lnk - c:\program files\Philips\GoGear SA3MXX Device Manager\main.exe [2012-8-10 125160]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Adobe\\Adobe Digital Editions\\digitaleditions.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [21/07/2010 05:17 64288]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1403010.016\symds.sys [20/04/2013 00:35 367704]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1403010.016\symefa.sys [20/04/2013 00:35 934488]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys [13/04/2013 00:09 1000024]
    R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\1403010.016\ccsetx86.sys [20/04/2013 00:35 134304]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/10/2009 22:24 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 22:24 67664]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1403010.016\ironx86.sys [20/04/2013 00:35 175264]
    R1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [10/08/2009 09:48 48867]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [02/07/2010 15:18 116608]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\20.3.1.22\ccsvchst.exe [20/04/2013 00:35 144520]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 03:09 50704]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [20/04/2013 11:03 106656]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130419.001\IDSXpx86.sys [19/04/2013 23:51 373728]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [23/07/2009 03:42 47360]
    S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [10/08/2009 09:48 9906]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 22:24 12872]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 11218022
    *Deregistered* - 11218022
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-04-20 00:541642448----a-w-c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 12:30]
    .
    2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 02:09]
    .
    2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 02:09]
    .
    2013-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1965331169-1801674531-500Core.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-23 03:29]
    .
    2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1965331169-1801674531-500UA.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-23 03:29]
    .
    2013-04-22 c:\windows\Tasks\WpsUpdateTask_Administrator.job
    - c:\program files\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2012-09-17 16:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
    mStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
    uSearchAssistant =
    TCP: DhcpNameServer = 192.168.0.1
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage -
    FF - prefs.js: keyword.URL - hxxp://www.searchamong.com/searchview.php?source=cf9e35ac618438ba09d0a9caf2367b43&cat=webs&bar=true&query=
    FF - ExtSQL: 2013-03-10 20:38; artur.dubovoy@gmail.com; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\artur.dubovoy@gmail.com.xpi
    FF - ExtSQL: 2013-04-19 20:51; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
    FF - ExtSQL: 2013-04-19 20:57; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    AddRemove-NetworkActiv PIAFCTM 1.5 - c:\program files\NetworkActiv PIAFCTM 1.5\NetworkActivPIAFCTMv1.5.exe
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-04-22 16:09
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1547161642-1965331169-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:87,5f,f2,d0,11,58,f3,77,a1,96,52,c7,50,80,bd,f7,28,55,2e,4c,18,94,0f,
    39,2f,79,44,52,24,a5,c9,67,a6,82,b2,0e,f6,e6,9a,ca,90,75,40,8e,7c,61,e5,13,\
    "??"=hex:01,88,a1,36,09,50,e8,c3,78,fc,38,18,ed,7d,4e,4d
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(728)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2013-04-22 16:11:39
    ComboFix-quarantined-files.txt 2013-04-22 15:11
    .
    Pre-Run: 47,079,350,272 bytes free
    Post-Run: 47,641,841,664 bytes free
    .
    - - End Of File - - 47888782C46C8151128AB554C7069F91


    All done. Computer still seems to be fast and no problems so far.

    Thanks.
     
  4. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hello again Etavares,

    After you have studied my recent logs and hopefully everything is cleared up, can you take a peek at my earlier post near top of this thread with two images I posted there. I want to be sure the same MAC address shown is not actually from a hacker as I thought, maybe sygate cannot determine a MAC address so its nothing to worry about ?

    That post was dated Wednesday 17 at 10:20 AM

    Again, much thanks for all your effort.
     
  5. etavares

    etavares Malware Removal Specialist - Moderator Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hello, roy1972.

    Did you change your HOSTS file? If you don't know what I'm talking about, let me know that as well and that's my answer. :)

    It looks better. There is one file that is questionable in the logs so we'll look for a better replacement. I can't say it's malware, but it's not a known file signature.

    In regards to sygate, I don't have much experience with that software. A few things...do you know if Anti-MAC Spoofing is enabled on your firewall? I'd suggest changing your passwords for your network. Then, even with the spoofing, they couldn't log on. Do it from a clean system, or if you have to do it from this one, wait a bit until the computer appears clean. Do you still see signs of that in the log? Which "Traffic Log" view did you post?


    Step 1

    Download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    If you have a 64-bit system, please download the 64 bit version from here:
    SystemLook (64-bit)

    • Double-click SystemLook.exe to run it.
    • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
    • Copy and Paste the content of the following codebox into the main textfield under "File":
      Code:
      :filefind
      tcpip.*
      
    • Please Confirm everything is copied and Pasted as I have provided above
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan.
    • Please post this log in your next reply.


    Note: The log can also be found on your Desktop entitled SystemLook.txt
    2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task


    etavares
     
  6. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hi Etavares,

    I am responding to your very last post. This post is a little longer than I wanted but Windows installed more files recently to replace problem files since those last scans were done. I will explain below so bear with me.

    No, I have never knowingly changed any HOST file, nor do I really know what it does.

    Regarding Sygate. I recently uninstalled Sygate to put on Norton 360 Gold. I mentioned this in a previous post just in case you forgot or misunderstood. HOWEVER, at the time of the problem when I had Sygate installed, I did NOT have anti-MAC spoofing enabled - I remember seeing this tickbox in the options UNchecked, which is another reason I bought Norton.

    Regarding passwords, I recently changed all my passwords from another system so hopefully thats not a problem, but a few emails I still have used on this system with the old password. I can change them too if required, but until this system is clean I will not be able to log into them which is somewhat not practical at the moment so I am willing to take that risk just for emails.

    Again, with regard to seeing signs of that MAC address in the log, I now have Norton, and do not know how to access Nortons logs for any type of IP scans etc. I can only hope that its not an issue with Norton, and that Sygate was not really showing correct MAC address - one techy from a shop stated this was possible. The picture snippet I posted on first page regarding Traffic log and same the MAC address that showed up with port scans, was simply a part of my entire Sygate firewall - prior to installing Norton and removing Sygate.

    I hope what I have typed there comes across clear. If not please ask and I will clarify.

    With regards to your current checks you want done of me. I have just completed the SystemLook.exe software you recently asked me to run, including pasting in the required text. I will attached that log in my next post.

    HOWEVER, before we go any further though please note Windows XP had a problem.

    This is the first time I turned on my computer since your last post asking me to run all those steps with tdsskiller and combo (etavaresCF.exe) etc. At that time you asked me if anything might be wrong with my system after that and I said NO. As I have just now switched on my PC since then I got messages from Windows XP saying some system files were removed and were unrecognized, and stated that I needed to insert my XP disk to replace the original files lost. I was left with no choice but to do that as the system kept asking me for them. Since doing that my system appears just fine. Just thought I would update you on that because I do not know what files it has replaced or why.

    I have attached images below in the order they appeared showing what Windows asked me after switching on my computer :-
     

    Attached Files:

  7. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hi Etavares,

    Here is my recent scan log from SystemLook.exe :-

    SystemLook 30.07.11 by jpshortstuff
    Log created at 22:07 on 23/04/2013 by Administrator
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "tcpip.*"
    C:\Qoobox\Quarantine\Registry_backups\tcpip.reg--a---- 7325 bytes[15:07 22/04/2013][15:07 22/04/2013] FF6F9B94F6FC66CB56C2F7FD0ACC4F68
    C:\WINDOWS\Help\tcpip.chm--a---- 50586 bytes[12:00 01/10/2006][12:00 01/10/2006] 24FC18A9ED0AA561C5F5DC295F9AA9F2
    C:\WINDOWS\system32\drivers\tcpip.sys--a---- 360576 bytes[12:00 01/10/2006][12:00 01/10/2006] C7BE59B07C6EB74BEA6FD67C1B164015
    C:\_Drawer\ALL TOOLS\Programming Utilities\Delphi and Addons\Delphi addons\DelphiZIPSWINSOCK\tcpip.zip--a---- 69828 bytes[13:07 01/12/2009][23:36 23/04/2006] E856623C1075D194FE3F3D7DC77B470F
    C:\_Library\01 - Assorted PDF Books\02 - HTML - Assorted Articles Old\Tutorials - Cracking & Hacking\HACKING tutorials\tcpip.pdf-ra---- 162135 bytes[15:37 05/01/2013][13:34 23/04/2006] 061FC53F3875F94BA5B27297216CF657

    -= EOF =-


    Just to remind you (sorry but I like to be thorough) I did a post just before this answering your recent questions and showing you some recent Windows problems.

    Thanks.

    Roy.
     
  8. etavares

    etavares Malware Removal Specialist - Moderator Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hello, roy1972.


    Step 1

    I'd like us to scan your machine with ESET OnlineScan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]



    Step 2

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    alternate download link 1
    alternate download link 2

    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet.
    • Double-click on mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
    • Exit MBAM when done.
    Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


    Interesting...since nothing TDSSKiller or Combofix did in the logs should result in that error message. We'll run two more scans.

    I haven't used NOrton in years, it never seems to like running on my computers so I stopped trying. So, I don't have much experience with it.

    The only reason cloning MAC address would help that I"m aware of is to access your network if you have either MAC address filtering on the router, or you're paying per connection at a hotel where they keep track via MAC address. So my gut feel is that is not quite reported right by Sygate in the past. I just don't see the benefit unless they're stealing your wifi...but with a China IP address that doesn't make sense. You can check your router and see if there's anything connected that doesn't make sense.



    etavares
     
  9. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hi Etavares,

    Just completed those two scans. Eset took nearly four hours because I allowed it to scan my huge books library and its just as well because it found a trojan inside an html file, one I have opened within last few months.
    I was aware there may be some malware inside my old tools folder and xbox folder but I never used anything in there and it was due for deletion anyhow. The cracking and hacking tutorials were someone I had from years ago and never used so they were not a problem.

    Anyhow, I will post each one separately.

    Eset log :-

    C:\temp\zTransfer\More 2013\html stuff\They Are Blocking The Sun, Period. « Just Wondering ? Alternative News and Opinions.htmJS/Kryptik.AH trojancleaned by deleting - quarantined
    C:\_Drawer\ALL TOOLS\XBOX Tools\XBox Flashing.zipa variant of MSIL/TrojanDropper.Agent.EH trojandeleted - quarantined
    C:\_Drawer\ALL TOOLS\XBOX Tools\XBox Flashing\Tools\JungleFlasher v0.1.62 inc FW Pack\PortIO32.exea variant of MSIL/TrojanDropper.Agent.EH trojancleaned by deleting - quarantined
    C:\_Drawer\ALL TOOLS\XBOX Tools\XBox Flashing\Tools\JungleFlasher v0.1.62 inc FW Pack\What.NET.exea variant of MSIL/TrojanDropper.Agent.EH trojancleaned by deleting - quarantined
    C:\_Library\01 - Assorted PDF Books\02 - HTML - Assorted Articles Old\Tutorials - Cracking & Hacking\HACKING tutorials\nousebf.zipHackTool.John applicationdeleted - quarantined
    C:\_Library\01 - Assorted PDF Books\02 - HTML - Assorted Articles Old\Tutorials - Cracking & Hacking\HACKING tutorials\VB TUTORiAL\VB TUTORiAL.zipprobably unknown NewHeur_PE virusdeleted - quarantined
    C:\_standalone\XBox Flashing\JungleFlasher v0.1.62 inc FW Pack\PortIO32.exea variant of MSIL/TrojanDropper.Agent.EH trojancleaned by deleting - quarantined
    C:\_standalone\XBox Flashing\JungleFlasher v0.1.62 inc FW Pack\What.NET.exea variant of MSIL/TrojanDropper.Agent.EH trojancleaned by deleting - quarantined
     
  10. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hi Etavares,

    Malware Bytes scan came back without any problems. I guess the system files XP reinstalled must have been clean.

    Malware Bytes log :-

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.24.10

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 6.0.2900.2180
    Administrator :: EXPERIENCE [administrator]

    24/04/2013 23:21:18
    mbam-log-2013-04-24 (23-21-18).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203136
    Time elapsed: 5 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  11. etavares

    etavares Malware Removal Specialist - Moderator Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Looks good to me. How is everything running? I'm not 100% thrilled with the tcpip.sys file, but you have no suitable replacements. It's not a known bad file, it's just not a known positive file. We can try to replace it, or if you're comfortable where we are at, we can clean up. Please let me know.
     
  12. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Everything is working very well and fast. No problems at all. I understand tcpip.sys file is a windows system file and used for internet connections. Why are you not 100% about it? I am happy to leave it but just curious as to what you mean. Anyhow, I am ready to clean up if that is needed. Just let me know what else to do.

    Thanks.
     
  13. etavares

    etavares Malware Removal Specialist - Moderator Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hi roy1972,

    The file signature for it doesn't match the database I have of good signatures for that file. A search on the file signature only gives me 340 hits....a guaranteed legitimate file would have tens of thousands. Your file had been scanned before for viruses in my research and came up clean. Some people do hack their computer for various reasons (I have seen some edits to this file to allow faster network speeds...not sure if it works or not.) I just can guarantee the veracity of this file.

    We could pull it off of your installation CD if you have one. If not, we could download a service pack if you have enough hard drive space, expand it and copy it from there. You could get the file from a computer running the same exact version of Windows and we can replace it that way. Or if you're content where we are at, we can leave it. I would prefer to replace it.

    -etavares
     
  14. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hi Etavares,

    I have Windows XP disc and looking in its folder "F:\I386" there is a file called "TCPIP.SY_" but its file size (173KB) is different from the one on my computer (353KB). I dont know if thats a problem. If its easy enough to copy over and simply rename it to TCPIP.SYS I can do that.

    I may have ran into another potential problem. Last night sometime after my last post to you I ran Mozilla Firefox instead of Chrome. I havent used Firefox since I had these problems because it was running slow. Anyhow, as soon as it opened I got all sorts of activity going on with the harddisk and then Norton reported that my other browser Chrome (never had probs before) was using large amounts of memory. Strange why it didnt mention Firefox as thats the browers I dont trust.

    I looked into it and it seemed fine on Nortons end, however I looked into my settings for the Firefox browser and seen my home page had been changed from Google.com to "Yeppo.Net" - google search shows this may be part of a recent problem we already cleared up? Maybe its just something left over but I am doing another full Norton Scan until you reply.

    No hurry at all just reply when you can.

    Thanks.
     
  15. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hi Etavares, all seems well and Norton did not find anything suspicious on a full system scan. Maybe Yeppo being on my home page was something simply left behind thats all.

    I am ready to continue with replacing TCPIP.SYS when you are.

    Thanks.:)
     
  16. etavares

    etavares Malware Removal Specialist - Moderator Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hello, roy1972.


    Step 1

    Next, we need to update Java.
    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Windows Offline (32-bit)]Java Runtime Environment (JRE) 7 Update 21 32-bit version[/URL]. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
    • Save it to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java(TM) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version(s) shown below:
      Java(TM) 6 Update 18
      Java 7 Update 17
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the java file you downloaded to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.




    Step 2

    Your Adobe Reader software is out of date and has known security holes. Please launch it, go to Help --> Check for Updates and let it update the main program if needed. Updates the languages and/or dictionaries is optional.



    Step 3

    1. Boot Windows and insert your Windows XP CD
    2. Click Start  Run  type cmd and press Enter
    3. At the prompt type expand F:\i386\tcpip.sy_ C:\windows\system32\drivers\tcpip.sys (note the space between tcpip.sy_ and C:\windows) then press Enter
    4. It should say it was successful. Type exit and press Enter
    5. Reboot




    Step 4

    We need to create an OTL report,
    • Please download OTL from this link.
    • (If that link doesn't work, try this alternate link
    • Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Select "Use Safelist" under "Extra Registry"
    • Under the Custom Scan box paste this in:

      /md5start
      tcpip.sys
      /md5stop
      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.*
      %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.sys /90
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\*.exe /lockedfiles
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\*
      %USERPROFILE%\..|smtmp;true;true;true /FP
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      CREATERESTOREPOINT


    • Click the Quick Scan button.
    • The scan should take a few minutes.
    • Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

    etavares
     
  17. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hi Etavares,

    Sorry for not posting back until now but I have been doing overtime recently and not had the time. I am off the next few days again and will be completing your requests tomorrow and post my logs there when done.

    Thanks for all the help once again.
     
  18. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hi Etavares,

    Updated Java after uninstalling them. Rebooted. All ok.
    Updated Adobe. Rebooted. OK.

    Step 3 gave me slight problem. On using the command prompt it all appeared to go well then Windows gave me another popup window like last time I posted the picture of it. It basically says "Files that are required for windows to run properly have been replaced by unrecognized versions. To maintain system stability windows must replace with original versions. Please insert windows XP disk" etc etc. I clicked retry button twice and it eventually went away. Not certain if it actually replaced anything as no more popups came up.

    Step 4 done ok but I only received one log file. Below is that log :-

    OTL logfile created on: 30/04/2013 11:54:25 - Run 4
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.09% Memory free
    3.85 Gb Paging File | 2.43 Gb Available in Paging File | 63.01% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 372.60 Gb Total Space | 41.46 Gb Free Space | 11.13% Space Free | Partition Type: NTFS
    Drive E: | 3.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: EXPERIENCE | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files\Norton 360\Engine\20.3.1.22\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
    PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
    MOD - C:\Program Files\Norton 360\Engine\20.3.1.22\wincfi39.dll ()
    MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\bb044cd004af2e4fb1375e507a27db56\System.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\666b46e6cb9abe4dbe6c6dfcc8568cf3\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\1a030f7a6283454da01a2b1af8e577ff\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\68797bd1efbfae44bff716cb63911472\System.Windows.Forms.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\36d9e0cf6c5af34f987c77820faa0084\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\5d3d529b23845f47993cc1fd34f294fa\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\42c974e2ff259548b7a092975e4f9334\mscorlib.ni.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
    MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
    MOD - C:\WINDOWS\system32\Primomonnt.dll ()
    MOD - C:\WINDOWS\system32\devenum.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()


    ========== Services (SafeList) ==========

    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (N360) -- C:\Program Files\Norton 360\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
    SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (PCIDump) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys File not found
    DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130429.023\NAVEX15.SYS (Symantec Corporation)
    DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130429.023\NAVENG.SYS (Symantec Corporation)
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130430.001\IDSXpx86.sys (Symantec Corporation)
    DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx86.sys (Symantec Corporation)
    DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\1403010.016\symtdi.sys (Symantec Corporation)
    DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\1403010.016\symefa.sys (Symantec Corporation)
    DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\1403010.016\srtsp.sys (Symantec Corporation)
    DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\N360\1403010.016\srtspx.sys (Symantec Corporation)
    DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\1403010.016\symds.sys (Symantec Corporation)
    DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\1403010.016\ironx86.sys (Symantec Corporation)
    DRV - (ccSet_N360) -- C:\WINDOWS\system32\drivers\N360\1403010.016\ccsetx86.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (dtscsi) -- C:\WINDOWS\system32\drivers\dtscsi.sys (DT Soft Ltd.)
    DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
    DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
    DRV - (Pcatip) -- C:\WINDOWS\system32\drivers\Pcatip.sys (VSO Software)
    DRV - (CV2K1) -- C:\WINDOWS\system32\drivers\cv2k1.sys (TamoSoft, Inc.)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
    DRV - (se27unic) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
    DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI)
    DRV - (se27nd5) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI)
    DRV - (SE27mgmt) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI)
    DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
    DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
    DRV - (SE27bus) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
    DRV - (ATIAVAIW) -- C:\WINDOWS\system32\drivers\atinavt2.sys (ATI Technologies Inc.)
    DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
    DRV - (ts_lb) -- C:\WINDOWS\system32\drivers\ts_lb.sys (TamoSoft, Inc.)
    DRV - (viaagp1) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS (VIA Technologies, Inc.)
    DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\zoek, = http://www.google.com/search?q=%s
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\zoek, = http://www.google.com/search?q=%s
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
    IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\zoek, = http://www.google.com/search?q=%s
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
    IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\zoek, = http://www.google.com/search?q=%s
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/s...epage/index.jsp?lg=en&pid=N360&pvid=20.3.1.22
    IE - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
    IE - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\Software\Microsoft\Internet Explorer\SearchURL\zoek, = http://www.google.com/search?q=%s
    IE - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Norton Safe Search"
    FF - prefs.js..browser.search.selectedEngine: "Norton Safe Search"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledAddons: %7B3DB5ABE1-407D-458F-AD5D-8D89BD625CCC%7D:1.2.0
    FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
    FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
    FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%204
    FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.3.19
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - prefs.js..keyword.URL: "http://nortonsafe.search.ask.com/we...869&l=dis&prt=360&chn=retail&geo=GB&ver=20&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/16 03:08:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/04/19 20:51:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/04/30 11:43:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/12 01:23:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/30 11:41:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/17 14:47:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/04/30 11:41:20 | 000,000,000 | ---D | M]

    [2009/07/23 03:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2009/07/30 19:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\daftbackup delete if all well\Profiles\n9tszq57.default\extensions
    [2013/04/20 11:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions
    [2011/05/11 01:17:58 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
    [2013/04/10 22:53:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/03/16 06:23:29 | 000,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
    [2013/02/25 15:11:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/12/27 02:13:17 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
    [2011/04/26 23:00:52 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\illimitux@illimitux.net
    [2013/03/10 21:38:57 | 000,275,665 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\artur.dubovoy@gmail.com.xpi
    [2013/02/23 20:32:13 | 002,163,784 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\firebug@software.joehewitt.com.xpi
    [2013/02/15 20:39:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/04/20 01:26:58 | 000,002,534 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\safesearch.xml
    [2009/10/06 21:55:31 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\searchalot.xml
    [2009/10/06 21:56:45 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\searchgeek.xml
    [2009/10/06 21:56:25 | 000,002,256 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\snappy-words.xml
    [2012/10/16 03:20:23 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qscjj5yc.default\searchplugins\Web Search.xml
    [2013/04/12 01:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/04/12 01:22:59 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{f4fd6a58-532e-b9e7-a3fd-8c4b3e7bedd3}
    [2013/04/30 11:43:57 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN
    [2013/04/19 20:51:00 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN
    [2013/04/12 01:23:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/12/27 02:13:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/02/19 20:53:09 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.searchamong.com/?source=cf9e35ac618438ba09d0a9caf2367b43
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
    CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.72_0\crossrider
    CHR - Extension: Codec-V = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.23.72_0\
    CHR - Extension: FVD Video Downloader = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.1.0_0\
    CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
    CHR - Extension: Ghostery = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/04/22 16:09:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
    O3 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\..\Toolbar\ShellBrowser: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
    O3 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\..\Toolbar\WebBrowser: (WebFerret) - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll ()
    O3 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to NEW BLANK TEXT DOCUMENT.lnk = C:\Documents and Settings\Administrator\Desktop\NEW BLANK TEXT DOCUMENT.doc ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GoGear SA3MXX Device Manager.lnk = C:\Program Files\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
    O7 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
    O7 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O7 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
    O7 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1547161642-1965331169-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.21.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C6BF1D7-281C-461D-A3F1-48F07ED56B84}: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/07/23 02:04:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/10/01 13:00:00 | 000,000,110 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/04/30 11:51:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2013/04/30 11:42:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
    [2013/04/30 11:41:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/04/30 11:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2013/04/26 01:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MORE DOLLARD
    [2013/04/24 18:02:17 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
    [2013/04/23 21:45:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2013/04/23 21:45:28 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
    [2013/04/23 21:45:27 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
    [2013/04/23 21:45:19 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
    [2013/04/23 21:45:18 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
    [2013/04/23 21:45:09 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
    [2013/04/23 21:45:09 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
    [2013/04/23 21:44:58 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
    [2013/04/23 21:44:52 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
    [2013/04/23 21:44:47 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
    [2013/04/23 21:44:46 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
    [2013/04/23 21:44:46 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
    [2013/04/23 21:44:45 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
    [2013/04/23 21:44:44 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
    [2013/04/23 21:44:43 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
    [2013/04/23 21:44:43 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
    [2013/04/23 21:44:40 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
    [2013/04/23 21:44:38 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
    [2013/04/23 21:44:38 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
    [2013/04/23 21:44:38 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
    [2013/04/23 21:44:35 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
    [2013/04/23 21:44:33 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
    [2013/04/23 21:44:32 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
    [2013/04/23 21:44:32 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
    [2013/04/23 21:44:29 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
    [2013/04/23 21:44:29 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
    [2013/04/23 21:44:29 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
    [2013/04/23 21:44:29 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
    [2013/04/23 21:44:28 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
    [2013/04/23 21:44:28 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
    [2013/04/23 21:44:25 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
    [2013/04/23 21:44:24 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
    [2013/04/23 21:44:23 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
    [2013/04/23 21:44:23 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
    [2013/04/23 21:44:22 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
    [2013/04/23 21:44:22 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
    [2013/04/23 21:44:19 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
    [2013/04/23 21:44:19 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
    [2013/04/23 21:44:14 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
    [2013/04/23 21:44:14 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
    [2013/04/23 21:44:14 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
    [2013/04/23 21:44:13 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
    [2013/04/23 21:44:12 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
    [2013/04/23 21:44:09 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
    [2013/04/23 21:44:04 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
    [2013/04/23 21:44:03 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
    [2013/04/23 21:44:03 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
    [2013/04/23 21:44:02 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
    [2013/04/23 21:44:02 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
    [2013/04/23 21:43:55 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
    [2013/04/23 21:43:55 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
    [2013/04/23 21:43:54 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
    [2013/04/23 21:43:54 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
    [2013/04/23 21:43:49 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
    [2013/04/23 21:43:49 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
    [2013/04/23 21:43:49 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
    [2013/04/23 21:43:48 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
    [2013/04/23 21:43:45 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
    [2013/04/23 21:43:44 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
    [2013/04/23 21:43:44 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
    [2013/04/23 21:43:42 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
    [2013/04/23 21:43:42 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
    [2013/04/23 21:43:42 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
    [2013/04/23 21:43:42 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
    [2013/04/23 21:43:41 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
    [2013/04/23 21:43:41 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
    [2013/04/23 21:43:40 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
    [2013/04/23 21:43:40 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
    [2013/04/23 21:43:39 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
    [2013/04/23 21:43:38 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
    [2013/04/23 21:43:37 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
    [2013/04/23 21:43:37 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2013/04/23 21:43:37 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2013/04/23 21:43:36 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
    [2013/04/23 21:43:36 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
    [2013/04/23 21:43:36 | 000,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
    [2013/04/23 21:43:33 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
    [2013/04/23 21:43:32 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
    [2013/04/23 21:43:31 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
    [2013/04/23 21:43:30 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
    [2013/04/23 21:43:26 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
    [2013/04/23 21:43:25 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
    [2013/04/23 21:43:20 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
    [2013/04/23 21:43:19 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
    [2013/04/23 21:43:19 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
    [2013/04/23 21:43:17 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
    [2013/04/23 21:43:06 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
    [2013/04/23 21:43:05 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
    [2013/04/23 21:43:04 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
    [2013/04/23 21:43:04 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
    [2013/04/23 21:42:58 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
    [2013/04/23 21:42:57 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
    [2013/04/23 21:42:57 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
    [2013/04/23 21:42:57 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
    [2013/04/23 21:42:51 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
    [2013/04/23 21:42:48 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
    [2013/04/23 21:42:48 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
    [2013/04/23 21:42:47 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
    [2013/04/23 21:42:45 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
    [2013/04/23 21:42:44 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
    [2013/04/23 21:42:43 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
    [2013/04/23 21:42:43 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
    [2013/04/23 21:42:43 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
    [2013/04/23 21:42:42 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
    [2013/04/23 21:42:42 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
    [2013/04/23 21:42:42 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
    [2013/04/23 21:42:41 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
    [2013/04/23 21:42:41 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
    [2013/04/23 21:42:41 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
    [2013/04/23 21:42:40 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
    [2013/04/23 21:42:40 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
    [2013/04/23 21:42:27 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
    [2013/04/23 21:42:20 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
    [2013/04/23 21:42:17 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
    [2013/04/23 21:42:17 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
    [2013/04/23 21:42:16 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
    [2013/04/23 21:42:16 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
    [2013/04/23 21:42:16 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
    [2013/04/23 21:42:15 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
    [2013/04/23 21:42:13 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
    [2013/04/23 21:42:13 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
    [2013/04/23 21:42:13 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
    [2013/04/23 21:42:12 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
    [2013/04/23 21:42:12 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
    [2013/04/23 21:42:11 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
    [2013/04/23 21:41:58 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
    [2013/04/23 21:41:47 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
    [2013/04/23 21:41:31 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
    [2013/04/23 21:41:30 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
    [2013/04/23 21:41:24 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
    [2013/04/23 21:41:23 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
    [2013/04/23 21:41:23 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
    [2013/04/23 21:41:20 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
    [2013/04/23 21:41:16 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
    [2013/04/23 21:41:15 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
    [2013/04/23 21:41:14 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
    [2013/04/23 21:41:14 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
    [2013/04/23 21:41:14 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
    [2013/04/23 21:41:13 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
    [2013/04/23 21:41:10 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
    [2013/04/23 21:41:09 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
    [2013/04/23 21:41:09 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
    [2013/04/23 21:40:47 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
    [2013/04/23 21:40:46 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
    [2013/04/23 21:40:43 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
    [2013/04/23 21:40:42 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
    [2013/04/23 21:40:42 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
    [2013/04/23 21:40:41 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
    [2013/04/23 21:40:41 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
    [2013/04/23 21:40:40 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
    [2013/04/23 21:40:40 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
    [2013/04/23 21:40:39 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
    [2013/04/23 21:40:34 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
    [2013/04/23 21:40:34 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
    [2013/04/23 21:40:32 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
    [2013/04/23 21:40:26 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
    [2013/04/23 21:40:26 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
    [2013/04/23 21:40:26 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
    [2013/04/23 21:40:26 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
    [2013/04/23 21:40:25 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
    [2013/04/23 21:40:25 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
    [2013/04/23 21:40:25 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
    [2013/04/23 21:40:24 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
    [2013/04/23 21:40:23 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
    [2013/04/23 21:40:17 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
    [2013/04/23 21:40:14 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
    [2013/04/23 21:40:10 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
    [2013/04/23 21:40:10 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
    [2013/04/23 21:40:10 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
    [2013/04/23 21:40:09 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
    [2013/04/23 21:40:09 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
    [2013/04/23 21:40:08 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
    [2013/04/23 21:40:08 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
    [2013/04/23 21:40:08 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
    [2013/04/23 21:40:07 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
    [2013/04/23 21:40:07 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
    [2013/04/23 21:40:06 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
    [2013/04/23 21:40:06 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2013/04/23 21:39:51 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2013/04/23 21:39:51 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2013/04/23 21:39:50 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2013/04/23 21:39:50 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2013/04/23 21:39:50 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2013/04/23 21:39:50 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2013/04/23 21:39:49 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2013/04/23 21:39:49 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2013/04/23 21:39:48 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2013/04/23 21:39:48 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2013/04/23 21:39:48 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2013/04/23 21:39:48 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2013/04/23 21:39:47 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2013/04/23 21:39:47 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2013/04/23 21:39:47 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2013/04/23 21:39:47 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2013/04/23 21:39:46 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2013/04/23 21:39:46 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2013/04/23 21:39:45 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2013/04/23 21:39:44 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2013/04/23 21:39:44 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2013/04/23 21:39:43 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2013/04/23 21:39:43 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2013/04/23 21:39:42 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2013/04/23 21:39:42 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2013/04/23 21:39:42 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2013/04/23 21:39:25 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2013/04/23 21:39:22 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2013/04/23 21:39:15 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2013/04/23 21:39:14 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2013/04/23 21:39:14 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2013/04/23 21:39:14 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2013/04/23 21:39:13 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2013/04/23 21:39:12 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2013/04/23 21:39:11 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2013/04/23 21:39:11 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2013/04/23 21:39:10 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2013/04/23 21:39:09 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2013/04/23 21:39:09 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2013/04/23 19:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
    [2013/04/23 19:18:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\dllcache
    [2013/04/23 19:18:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
    [2013/04/23 19:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
    [2013/04/22 16:11:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2013/04/22 15:51:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2013/04/22 15:51:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2013/04/22 15:51:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2013/04/22 15:51:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2013/04/22 15:50:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/04/22 15:50:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
    [2013/04/22 15:49:34 | 005,058,971 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\etavaresCF.exe
    [2013/04/22 15:20:25 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/04/22 14:25:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
    [2013/04/21 11:17:45 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
    [2013/04/20 12:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Steps done so far
    [2013/04/20 11:49:32 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
    [2013/04/20 02:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2013/04/20 01:03:26 | 002,986,440 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Administrator\Desktop\NPE.exe
    [2013/04/20 01:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder (2)
    [2013/04/20 00:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
    [2013/04/20 00:35:52 | 000,934,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symefa.sys
    [2013/04/20 00:35:52 | 000,394,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symtdi.sys
    [2013/04/20 00:35:52 | 000,367,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symds.sys
    [2013/04/20 00:35:52 | 000,350,368 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symtdiv.sys
    [2013/04/20 00:35:52 | 000,338,592 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnets.sys
    [2013/04/20 00:35:52 | 000,032,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtspx.sys
    [2013/04/20 00:35:52 | 000,021,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\symelam.sys
    [2013/04/20 00:35:51 | 000,602,712 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtsp.sys
    [2013/04/20 00:35:51 | 000,175,264 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\ironx86.sys
    [2013/04/20 00:35:51 | 000,134,304 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\1403010.016\ccsetx86.sys
    [2013/04/20 00:35:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\1403010.016
    [2013/04/19 20:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Symantec
    [2013/04/19 20:50:21 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2013/04/19 20:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2013/04/19 20:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2013/04/19 20:49:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
    [2013/04/19 20:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
    [2013/04/19 20:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
    [2013/04/19 20:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2013/04/19 20:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2013/04/19 20:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    [2013/04/19 19:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Windows 7 Upgrade advisor reports
    [2013/04/19 19:27:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
    [2013/04/19 19:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Corporation
    [2013/04/19 12:51:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GOT
    [2013/04/19 11:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\DONE
    [2013/04/16 19:26:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2013/04/16 19:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/04/16 19:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2013/04/16 19:21:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2013/04/14 07:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
    [2013/04/12 19:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
    [2013/04/12 01:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/04/08 02:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
    [2012/10/16 03:20:00 | 000,442,048 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Administrator\Application Data\vioer.exe
    [2012/10/16 03:19:38 | 006,312,677 | ---- | C] (VIO ) -- C:\Documents and Settings\Administrator\Application Data\vio_clean.exe
    [2009/07/23 03:42:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
    [147 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/04/30 11:59:01 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\WpsUpdateTask_Administrator.job
    [2013/04/30 11:54:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/04/30 11:47:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1965331169-1801674531-500UA.job
    [2013/04/30 11:43:51 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/04/30 11:43:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/04/30 11:30:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/04/29 17:46:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/04/27 16:26:02 | 023,796,263 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Help against hacker in m...pdf
    [2013/04/26 20:44:16 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Elecy.lnk
    [2013/04/26 01:08:21 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Origins of Energy Synthesis by Professor Eric Dollard.lnk
    [2013/04/24 23:42:55 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to NEW BLANK TEXT DOCUMENT.lnk
    [2013/04/24 18:02:18 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe
    [2013/04/23 22:04:56 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
    [2013/04/22 21:56:58 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to 05 - Bootcamp.lnk
    [2013/04/22 16:09:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/04/22 15:49:31 | 005,058,971 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\etavaresCF.exe
    [2013/04/22 14:15:02 | 000,000,485 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Not Burned.lnk
    [2013/04/21 12:31:03 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Trans444.lnk
    [2013/04/21 03:47:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1965331169-1801674531-500Core.job
    [2013/04/20 14:04:01 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Matthew of Westminster (pre1800s).lnk
    [2013/04/20 14:04:01 | 000,000,959 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Matthew Paris (1200s).lnk
    [2013/04/20 12:29:58 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Security 2013.lnk
    [2013/04/20 11:49:33 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
    [2013/04/20 11:23:42 | 000,000,287 | ---- | M] () -- C:\(C) MainDisc.lnk
    [2013/04/20 02:01:36 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2013/04/20 01:54:58 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/04/20 01:30:30 | 000,000,211 | ---- | M] () -- C:\boot.ini
    [2013/04/20 01:08:23 | 000,628,057 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\Cat.DB
    [2013/04/20 01:08:07 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\VT20130115.021
    [2013/04/20 01:04:07 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Administrator\Desktop\NPE.exe
    [2013/04/19 20:50:21 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2013/04/19 20:50:21 | 000,007,446 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2013/04/19 20:50:21 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2013/04/19 19:15:02 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\books - NEW.lnk
    [2013/04/19 13:54:01 | 000,000,644 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tcpview.exe.lnk
    [2013/04/19 11:34:48 | 000,000,458 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TRANS333.lnk
    [2013/04/17 17:03:44 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
    [2013/04/17 15:49:46 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
    [2013/04/16 19:25:22 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/04/16 19:21:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2013/04/15 17:04:00 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk
    [2013/04/15 16:54:57 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\procexp.exe.lnk
    [2013/04/13 00:23:03 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2013/04/12 23:53:56 | 000,186,368 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/04/08 02:14:02 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/04/03 09:21:26 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\isolate.ini
    [2013/03/31 20:09:51 | 000,392,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/31 20:09:51 | 000,058,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [147 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/04/27 16:26:02 | 023,796,263 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Help against hacker in m...pdf
    [2013/04/26 20:44:16 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Elecy.lnk
    [2013/04/26 13:14:27 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Origins of Energy Synthesis by Professor Eric Dollard.lnk
    [2013/04/24 23:42:55 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to NEW BLANK TEXT DOCUMENT.lnk
    [2013/04/23 22:04:55 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
    [2013/04/23 21:45:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
    [2013/04/23 21:45:27 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
    [2013/04/23 21:43:13 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [2013/04/23 21:42:10 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2013/04/23 21:41:53 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
    [2013/04/23 21:41:52 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
    [2013/04/23 21:41:49 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
    [2013/04/23 21:41:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
    [2013/04/23 21:41:31 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
    [2013/04/23 21:41:30 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
    [2013/04/23 21:41:30 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
    [2013/04/23 21:41:29 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2013/04/23 21:41:29 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
    [2013/04/23 21:41:24 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
    [2013/04/23 21:41:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
    [2013/04/23 21:40:42 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
    [2013/04/23 21:40:42 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
    [2013/04/23 21:40:41 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
    [2013/04/23 21:40:13 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
    [2013/04/23 21:39:38 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2013/04/23 21:39:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2013/04/23 21:39:37 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2013/04/23 21:39:37 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2013/04/23 21:39:36 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2013/04/23 21:39:36 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2013/04/23 21:39:35 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2013/04/23 21:39:35 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2013/04/23 21:39:34 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2013/04/23 21:39:29 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2013/04/22 21:56:58 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to 05 - Bootcamp.lnk
    [2013/04/22 15:51:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2013/04/22 15:51:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2013/04/22 15:51:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2013/04/22 15:51:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2013/04/22 15:51:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2013/04/22 14:15:01 | 000,000,485 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Not Burned.lnk
    [2013/04/21 12:31:03 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Trans444.lnk
    [2013/04/20 14:04:01 | 000,001,019 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Matthew of Westminster (pre1800s).lnk
    [2013/04/20 14:04:01 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Matthew Paris (1200s).lnk
    [2013/04/20 12:29:58 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Security 2013.lnk
    [2013/04/20 11:23:42 | 000,000,287 | ---- | C] () -- C:\(C) MainDisc.lnk
    [2013/04/20 02:01:35 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2013/04/20 01:08:07 | 000,628,057 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\Cat.DB
    [2013/04/20 01:08:07 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\VT20130115.021
    [2013/04/20 00:35:52 | 000,009,670 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symelam.cat
    [2013/04/20 00:35:52 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnetv.cat
    [2013/04/20 00:35:52 | 000,007,601 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnet.cat
    [2013/04/20 00:35:52 | 000,007,583 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symefa.cat
    [2013/04/20 00:35:52 | 000,007,577 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symds.cat
    [2013/04/20 00:35:52 | 000,003,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symefa.inf
    [2013/04/20 00:35:52 | 000,002,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symds.inf
    [2013/04/20 00:35:52 | 000,001,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnetv.inf
    [2013/04/20 00:35:52 | 000,001,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symnet.inf
    [2013/04/20 00:35:52 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtspx.inf
    [2013/04/20 00:35:52 | 000,000,996 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symelam.inf
    [2013/04/20 00:35:51 | 000,007,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\ccsetx86.cat
    [2013/04/20 00:35:51 | 000,007,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\iron.cat
    [2013/04/20 00:35:51 | 000,007,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtspx.cat
    [2013/04/20 00:35:51 | 000,007,577 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtsp.cat
    [2013/04/20 00:35:51 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\srtsp.inf
    [2013/04/20 00:35:51 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\ccsetx86.inf
    [2013/04/20 00:35:51 | 000,000,737 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\iron.inf
    [2013/04/20 00:35:27 | 000,014,818 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\symvtcer.dat
    [2013/04/20 00:35:27 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\1403010.016\isolate.ini
    [2013/04/19 20:50:21 | 000,007,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2013/04/19 20:50:21 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2013/04/19 19:15:02 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\books - NEW.lnk
    [2013/04/19 13:54:01 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tcpview.exe.lnk
    [2013/04/19 11:34:48 | 000,000,458 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TRANS333.lnk
    [2013/04/17 17:03:44 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
    [2013/04/16 19:25:22 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/04/15 17:03:58 | 000,002,495 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2003.lnk
    [2013/04/15 16:54:57 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\procexp.exe.lnk
    [2013/04/08 02:14:02 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2012/08/10 18:28:54 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
    [2011/10/29 01:43:44 | 000,179,712 | ---- | C] () -- C:\WINDOWS\System32\DPUNINST.DLL
    [2011/06/06 07:03:32 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/06/06 07:03:32 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/03/21 09:29:13 | 000,001,396 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2011/01/05 00:49:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\AstroViewer 3.1.3-Path
    [2009/09/30 16:11:14 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
    [2009/07/25 18:31:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\.gtk-bookmarks
    [2009/07/25 18:29:06 | 000,205,905 | ---- | C] () -- C:\Documents and Settings\Administrator\.fonts.cache-1
    [2009/07/23 04:02:43 | 000,186,368 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/07/23 03:42:37 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
    [2009/07/23 03:42:37 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf

    ========== ZeroAccess Check ==========

    [2009/07/23 02:23:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2006/10/01 13:00:00 | 001,497,088 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2006/10/01 13:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2006/10/01 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2009/07/30 00:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.BitTornado
    [2009/12/21 22:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\abgx360
    [2012/01/05 15:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Any Video Converter
    [2012/01/18 04:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Balabolka
    [2011/03/01 22:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
    [2009/10/14 23:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe_Limited
    [2013/04/08 16:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
    [2009/11/12 02:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ChessBase
    [2012/10/16 03:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DDMSettings
    [2009/07/23 04:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit
    [2010/06/22 02:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\funkitron
    [2009/08/04 15:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN
    [2009/11/17 14:55:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Gmail Backup
    [2010/01/14 01:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabIt
    [2009/11/04 22:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
    [2013/01/24 23:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Kingsoft
    [2010/05/03 23:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Neoretix
    [2009/07/23 03:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
    [2012/05/12 01:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
    [2010/03/10 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pdfsvg
    [2013/04/27 16:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PrimoPDF
    [2010/03/11 17:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TamoSoft
    [2009/07/23 17:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teleca
    [2009/11/17 14:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
    [2013/04/20 12:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
    [2013/03/17 22:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
    [2011/08/04 13:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
    [2009/10/14 23:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2009/11/12 02:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ChessBase
    [2011/07/09 00:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CodecCheck
    [2011/03/17 01:18:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/03/10 14:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Copistar
    [2009/12/23 06:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCenter
    [2009/08/04 15:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2012/10/16 03:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
    [2011/07/11 07:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2013/01/24 23:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
    [2010/12/02 16:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/11/23 13:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OPLMNB00
    [2012/10/16 20:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
    [2011/07/09 00:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
    [2010/07/21 05:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Readon
    [2010/09/23 17:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/03/11 17:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TamoSoft
    [2009/07/23 04:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
    [2009/07/23 03:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2009/08/25 02:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < MD5 for: TCPIP.SYS >
    [2006/09/17 07:00:14 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=C7BE59B07C6EB74BEA6FD67C1B164015 -- C:\WINDOWS\LastGood\system32\drivers\tcpip.sys
    [2006/09/17 07:00:14 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=C7BE59B07C6EB74BEA6FD67C1B164015 -- C:\WINDOWS\system32\drivers\tcpip.sys

    < %SYSTEMDRIVE%\*.* >
    [2013/04/20 11:23:42 | 000,000,287 | ---- | M] () -- C:\(C) MainDisc.lnk
    [2012/07/24 15:50:47 | 000,143,987 | ---- | M] () -- C:\aaw7boot.log
    [2009/07/23 02:04:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2013/04/20 01:30:30 | 000,000,211 | ---- | M] () -- C:\boot.ini
    [2013/04/22 16:11:40 | 000,015,480 | ---- | M] () -- C:\ComboFix.txt
    [2009/02/09 19:24:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/02/09 19:24:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/02/09 19:24:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/10/01 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2006/10/01 13:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2012/12/19 21:09:16 | 530,579,456 | ---- | M] () -- C:\ophcrack-vista-livecd-3.4.0.iso
    [2013/04/30 11:43:18 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2013/04/22 15:47:10 | 000,086,590 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_22.04.2013_15.44.59_log.txt
    [2013/03/05 14:42:15 | 000,000,150 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2006/10/01 13:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\mdippr.dll
    [2006/08/09 12:04:00 | 000,025,036 | R--- | M] (Oki Data Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\OPLWPP3.DLL

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.sys /90 >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.exe /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\System32\config\*.sav >
    [2009/07/23 02:47:06 | 000,098,304 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2009/07/23 02:47:06 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2009/07/23 02:47:06 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\* >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2006/10/01 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/04/12 01:23:31 | 000,865,808 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/04/12 01:23:46 | 000,920,472 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2006/10/01 13:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2006/10/01 13:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2013/03/08 20:07:14 | 000,879,456 | ---- | M] (Opera Software)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/02/15 23:18:16 | 002,388,264 | ---- | M] (Apple Inc.)

    < End of report >


    Thanks for your help. I am ready to continue when you are.
     
  19. etavares

    etavares Malware Removal Specialist - Moderator Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Actually, I have a better idea. I see you're running Service Pack 2 and IE6. We do need to update. That is not secure and has known security holes. Go to
    http://update.microsoft.com

    and update to Service Pack 3. You'll want to backup first, it is a major update. Once that's done, please post a new OTL log as before (same custom scan as the last instructions).

    -etavares
     
  20. roy1972

    roy1972 Registered Members

    Joined:
    Apr 16, 2013
    Messages:
    29
    Operating System:
    Windows XP Professional
    Hi Etavares,

    This is all taking me a very long time but I hope by now I am finally free of malware. From your not being worried by my last OTL log I assume this is so. I do not want to install any major service pack at this time - especially if its a major one. Nor do I ever use IE6 so that is not an issue.

    I have lots of books and files on my computer that is in urgent need for backup. I didnt want to do this because I literally have well 100 Gigabytes of ebooks alone, not to mention huge amounts of documentaries. At the time my computer was slow and all I needed was to be free of malware, and to know from an expert like yourself that my computer was not indeed being hijacked by a remote user. You dont appear to think that is the case so I will leave things there for now.

    My computer is running very fast and I dont want to rock the boat by installing major new service packs before I have backed everything up externally. I am also starting to work lots more hours so this will no doubt take me days to do if not weeks! This whole cleaning experience of my computer has already taken lots of time, and I dont mean to offend you by saying that, because you have offered brilliant advice and I am so thankful for this, truly. However you are a volunteer and have others to help and communication by posting online is slow at the best of times. Like I said while my computer is clean and working fast I want to concentrate on backing up.

    Another reason I don't want to continue is I am saving up for a new operating system and hopefully this will end any future problems. It will take me a month or so but I plan to buy Windows 7 (64bit version for my E6400 Core2Duo) and install that. I didnt think that would be necessary but considering your advice and that XP is no longer being supported etc, it seems the smart way to go.

    BTW, these programs you pointed me to use for this entire cleaning process, can I use them anytime as extra security precautions? I dont think I can use the custom scans you gave but can I generally use them to check my computer for future, including on Windows 7 when I finally buy it?

    Thanks once again you have been so very helpful and I will recommend you all to my friends. :)
     

Share This Page