A Google redirect problem

View previous topic View next topic Go down

A Google redirect problem

Post by lcander on 24th March 2010, 4:40 am

I am working on a friend's netbook that has the google redirect virus. She had downloaded a number of anti-virus programs, some real some rouge malware programs when this started. I have most of them uninstalled. I was able to install MBAM by copying from a USB drive but was not able to update it (error code 732 which I assumed was because of the redirect issue). I also ran CCleaner and had it fix what it found.
Not quite sure where to go from here.
I'd appreciated some help on this one.
Thanks

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Some progress

Post by lcander on 24th March 2010, 3:29 pm

I found a program--Hitman Pro 3 -- that I was able to install and run. It found a number of suspect files and deleted them. I am now able to go to the web sites that I intend to visit without being redirected. I have been able to update MBAM and ran that which found some more problem files and have deleted those also. I see no indication of the rouge 'antivirus' programs that were on the machine. Is there any additional cleaning that I should be doing?
Thanks

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A Google redirect problem

Post by Dr Jay on 24th March 2010, 8:40 pm

Hello! We need to do some diagnostics to get started.

1. Please download [You must be registered and logged in to see this link.] by noahdfear.
  • Save it to your desktop.
  • Double-click profiles.exe and post its log when you reply


2. Download [You must be registered and logged in to see this link.] by ad13 and save it to your Desktop.
  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


3. Please download [You must be registered and logged in to see this link.] by me, and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


4. In your next reply, please post the following logs for my review:
  • Profiles log (1)
  • Win32kDiag log (2)
  • Cheetah log (3)


Thanks! Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Logs

Post by lcander on 24th March 2010, 10:03 pm

The Profile log:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1997984916-3822111949-2833970192-1000
ProfileImagePath REG_EXPAND_SZ C:\Users\McKee

SystemRoot REG_SZ C:\Windows

The Win32KDiag log:

Running from: C:\Users\McKee\Desktop\Win32kDiag.exe

Log file at : C:\Users\McKee\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2010-03-24 16:47:37 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2010-03-24 16:47:31 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2010-03-24 16:47:31 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2010-03-24 16:47:31 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl

[1] 2010-03-24 16:47:46 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl ()



Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat

[1] 2010-03-23 11:17:02 8192 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat ()



Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1

[1] 2010-03-23 11:17:02 5120 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 ()



Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2

[1] 2010-03-23 11:15:58 0 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 ()



Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{0bf6a81f-3697-11df-bee9-705ab60b3b53}.TM.blf

[1] 2010-03-23 11:15:58 65536 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{0bf6a81f-3697-11df-bee9-705ab60b3b53}.TM.blf ()



Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{0bf6a81f-3697-11df-bee9-705ab60b3b53}.TMContainer00000000000000000001.regtrans-ms

[1] 2010-03-23 11:15:58 524288 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{0bf6a81f-3697-11df-bee9-705ab60b3b53}.TMContainer00000000000000000001.regtrans-ms ()



Cannot access: C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{0bf6a81f-3697-11df-bee9-705ab60b3b53}.TMContainer00000000000000000002.regtrans-ms

[1] 2010-03-23 11:15:58 524288 C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{0bf6a81f-3697-11df-bee9-705ab60b3b53}.TMContainer00000000000000000002.regtrans-ms ()





Finished!



The Cheetah-Anti-Rogue log:

Cheetah-Anti-Rogue v1.3.30
by DragonMaster Jay

Microsoft Windows [Version 6.1.7600]
Date: 03/24/2010 - Time: 16:55:53 - Arch.: x86


-- Malware removal tools check --
CCleaner
Malwarebytes' Anti-Malware


-- Known infection --

C:\Program Files\Common Files\ParetoLogic (ParetoLogic.RGE)
C:\programdata\ParetoLogic (ParetoLogic.RGE)
C:\Users\McKee\AppData\Local\Temp\del.bat (Trj.FakeAlert)


Extra message: Detection only.


EOF


Thanks for your help on this. :smile2:

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A Google redirect problem

Post by Dr Jay on 25th March 2010, 2:40 am

Please download Stealth MBR Rootkit Detector by GMER from [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

mbr log

Post by lcander on 25th March 2010, 3:06 am

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: error reading MBR
kernel: error reading MBR

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A Google redirect problem

Post by Dr Jay on 25th March 2010, 3:42 am

Download [You must be registered and logged in to see this link.] to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

OTL logs pt 1

Post by lcander on 25th March 2010, 5:12 am

OTL txt.
OTL logfile created on: 3/24/2010 10:56:24 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\McKee\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 248.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.95 Gb Total Space | 115.77 Gb Free Space | 84.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCKEE-PC
Current User Name: McKee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/24 22:53:18 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\McKee\Desktop\OTL.exe
PRC - [2010/03/24 00:48:15 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/24 00:48:14 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/24 00:48:12 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/24 00:48:08 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/24 00:47:45 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/03/24 00:47:12 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/24 00:47:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/04 22:52:57 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/11/05 18:06:03 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/30 17:47:36 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/09/30 17:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009/09/30 17:46:28 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009/09/10 08:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 04:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/08/14 02:12:44 | 000,173,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2009/08/10 08:14:26 | 000,027,184 | ---- | M] () -- C:\Windows\snuvcdsm.exe
PRC - [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/17 22:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/10 18:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 05:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/06 04:47:00 | 007,600,672 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 22:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/03 07:58:22 | 000,094,208 | ---- | M] (sonix) -- C:\Windows\PLFSetL.exe


========== Modules (SafeList) ==========

MOD - [2010/03/24 22:53:18 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\McKee\Desktop\OTL.exe
MOD - [2010/03/24 00:49:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/09/30 17:52:10 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\SysHook.dll
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/07/13 20:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MpfService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - File not found [Auto | Stopped] -- -- (McAfee SiteAdvisor Service)
SRV - [2010/03/24 00:47:12 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/24 00:47:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/23 14:04:14 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/30 17:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/10 05:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 00:49:39 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/24 00:49:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/24 00:49:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/20 21:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/10 10:29:50 | 001,761,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/09/03 05:15:26 | 000,228,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/08/05 21:02:58 | 004,786,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/27 02:06:44 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/07 04:45:32 | 002,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/06 04:12:00 | 002,657,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/23 21:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/06/02 06:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 06:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 06:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2009/03/25 22:14:34 | 000,021,000 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/03/21 18:34:23 | 000,000,365 | RHS- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Authentication Packages - (7/13) - File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (settings...) - File not found
O30 - LSA: Security Packages - (ecution Options\seccenter.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 21:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/24 22:53:18 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\McKee\Desktop\OTL.exe
[2010/03/24 10:22:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/24 10:07:42 | 000,000,000 | ---D | C] -- C:\Users\McKee\AppData\Roaming\Template
[2010/03/24 10:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/03/24 01:05:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/24 00:49:39 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/24 00:49:36 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/24 00:49:24 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/24 00:49:21 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/24 00:49:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/03/24 00:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/03/24 00:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/24 00:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/03/24 00:42:49 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/03/24 00:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/03/24 00:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/03/23 23:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/23 22:58:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/23 22:58:38 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/23 22:28:33 | 000,000,000 | ---D | C] -- C:\Users\McKee\AppData\Roaming\Malwarebytes
[2010/03/23 22:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/23 22:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/23 14:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/03/23 09:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/03/23 09:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/03/23 09:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/03/23 09:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/03/23 09:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/03/23 09:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/03/23 09:10:37 | 000,000,000 | ---D | C] -- C:\Users\McKee\AppData\Local\Downloaded Installations
[2010/03/21 18:12:39 | 000,000,000 | ---D | C] -- C:\Users\McKee\AppData\Local\Diagnostics
[2010/03/21 18:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\85a84
[2010/03/21 18:02:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\CUEUHEA
[2010/03/21 18:01:13 | 000,000,000 | -HSD | C] -- C:\7886ebe
[2010/02/23 15:07:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 15:07:41 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/02/23 15:07:40 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/02/23 15:07:39 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/02/23 15:07:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files - Modified Within 30 Days ==========

[2010/03/24 23:01:06 | 001,048,576 | -HS- | M] () -- C:\Users\McKee\ntuser.dat
[2010/03/24 22:57:26 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 22:57:26 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 22:54:42 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/24 22:54:42 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/24 22:54:42 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/24 22:53:18 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\McKee\Desktop\OTL.exe
[2010/03/24 22:50:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/24 22:49:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/24 22:49:48 | 797,396,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/24 22:22:26 | 003,319,364 | -H-- | M] () -- C:\Users\McKee\AppData\Local\IconCache.db
[2010/03/24 22:07:34 | 057,644,995 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/24 22:05:16 | 000,077,312 | ---- | M] () -- C:\Users\McKee\Desktop\mbr.exe
[2010/03/24 16:51:06 | 000,013,604 | ---- | M] () -- C:\Users\McKee\Desktop\Cheetah-Anti-Rogue.zip
[2010/03/24 16:50:29 | 000,047,616 | ---- | M] () -- C:\Users\McKee\Desktop\Win32kDiag.exe
[2010/03/24 16:50:03 | 000,147,832 | ---- | M] () -- C:\Users\McKee\Desktop\profiles.exe
[2010/03/24 10:23:54 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/24 10:06:50 | 000,000,000 | ---- | M] () -- C:\Users\McKee\AppData\Roaming\wklnhst.dat
[2010/03/24 00:49:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/24 00:49:42 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/03/24 00:49:39 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/24 00:49:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/24 00:49:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/24 00:49:21 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/24 00:31:04 | 000,002,470 | ---- | M] () -- C:\Windows\System32\.crusader
[2010/03/24 00:25:38 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/03/23 23:00:01 | 000,001,839 | ---- | M] () -- C:\Users\McKee\Desktop\CCleaner.lnk
[2010/03/23 22:58:44 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/23 22:36:46 | 000,020,667 | ---- | M] () -- C:\Windows\fs1235.dat1
[2010/03/23 22:24:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/03/23 21:43:59 | 000,004,286 | ---- | M] () -- C:\Windows\System32\CUA.ico
[2010/03/23 21:33:31 | 000,002,983 | ---- | M] () -- C:\rollback.ini
[2010/03/23 14:18:52 | 000,000,614 | ---- | M] () -- C:\Windows\win.ini
[2010/03/23 09:58:09 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/23 09:39:29 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/03/21 22:01:26 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata
[2010/03/21 21:52:14 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\host_new
[2010/03/21 18:34:23 | 000,000,365 | RHS- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2010/03/24 22:05:16 | 000,077,312 | ---- | C] () -- C:\Users\McKee\Desktop\mbr.exe
[2010/03/24 16:51:05 | 000,013,604 | ---- | C] () -- C:\Users\McKee\Desktop\Cheetah-Anti-Rogue.zip
[2010/03/24 16:50:28 | 000,047,616 | ---- | C] () -- C:\Users\McKee\Desktop\Win32kDiag.exe
[2010/03/24 16:50:02 | 000,147,832 | ---- | C] () -- C:\Users\McKee\Desktop\profiles.exe
[2010/03/24 10:23:54 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/24 10:06:50 | 000,000,000 | ---- | C] () -- C:\Users\McKee\AppData\Roaming\wklnhst.dat
[2010/03/24 00:49:42 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/03/24 00:49:21 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/24 00:49:18 | 057,644,995 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/24 00:31:04 | 000,002,470 | ---- | C] () -- C:\Windows\System32\.crusader
[2010/03/24 00:25:38 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/03/23 23:00:01 | 000,001,839 | ---- | C] () -- C:\Users\McKee\Desktop\CCleaner.lnk
[2010/03/23 22:58:44 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/23 22:24:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/03/23 21:43:59 | 000,004,286 | ---- | C] () -- C:\Windows\System32\CUA.ico
[2010/03/23 11:12:30 | 000,020,667 | ---- | C] () -- C:\Windows\fs1235.dat1
[2010/03/23 09:39:23 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/03/23 09:28:48 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/23 09:26:37 | 000,002,983 | ---- | C] () -- C:\rollback.ini
[2010/03/21 22:01:26 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata
[2009/09/10 10:29:50 | 001,761,280 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/11 09:39:16 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2008/12/29 09:13:30 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/11/05 17:23:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/03/23 19:25:32 | 000,027,171 | ---- | M] () -- C:\CybDefInstallInfo.log
[2010/03/24 22:49:48 | 797,396,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/24 22:49:50 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2010/03/23 21:25:33 | 000,000,000 | -HS- | M] () -- C:\ProgramData.LOG1
[2010/03/23 21:25:33 | 000,000,000 | -HS- | M] () -- C:\ProgramData.LOG2
[2009/11/05 17:42:15 | 000,001,937 | ---- | M] () -- C:\RHDSetup.log
[2010/03/23 21:33:31 | 000,002,983 | ---- | M] () -- C:\rollback.ini

< %PROGRAMFILES%\*. >
[2010/02/04 22:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\Acer
[2009/12/24 07:33:32 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Crystal Eye webcam
[2009/11/05 17:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Games
[2009/11/05 18:15:18 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/03/23 09:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/03/24 00:44:35 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/03/23 14:17:21 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2010/03/23 23:00:01 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/03/23 22:02:16 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2009/11/05 18:06:17 | 000,000,000 | ---D | M] -- C:\Program Files\EgisTec
[2009/11/05 18:06:24 | 000,000,000 | ---D | M] -- C:\Program Files\EgisTec Egis Software Update
[2009/11/05 18:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\eSobi
[2010/02/04 23:09:14 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/03/24 00:25:25 | 000,000,000 | ---D | M] -- C:\Program Files\Hitman Pro 3.5
[2009/11/05 18:18:33 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/11/05 17:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/03/24 10:01:56 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/12/24 07:29:59 | 000,000,000 | ---D | M] -- C:\Program Files\Launch Manager
[2010/03/23 22:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/24 07:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/11/05 17:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/05 17:59:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2010/02/07 01:09:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/12/24 07:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/12/24 07:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/11/05 17:53:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/03/23 09:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSSOAP
[2010/03/24 10:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/02/04 22:37:23 | 000,000,000 | ---D | M] -- C:\Program Files\OEM
[2009/11/05 17:41:39 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/11/05 18:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/12/24 07:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/11/05 17:42:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2009/07/13 23:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/23 09:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/12/24 07:38:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/12/24 07:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/02/07 10:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/13 23:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar


< MD5 for: AGP440.SYS >
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/08/11 23:49:04 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy64\IaStor.sys
[2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/11 23:49:00 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy32\IaStor.sys
[2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-25 03:13:55


< End of report >

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

OTL log pt2

Post by lcander on 25th March 2010, 5:13 am

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/03/21 18:34:23 | 000,000,365 | RHS- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Authentication Packages - (7/13) - File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (settings...) - File not found
O30 - LSA: Security Packages - (ecution Options\seccenter.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/24 22:53:18 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\McKee\Desktop\OTL.exe
[2010/03/24 10:22:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/24 10:07:42 | 000,000,000 | ---D | C] -- C:\Users\McKee\AppData\Roaming\Template
[2010/03/24 10:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/03/24 01:05:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/24 00:49:39 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/24 00:49:36 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/24 00:49:24 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/24 00:49:21 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/24 00:49:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/03/24 00:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/03/24 00:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/24 00:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/03/24 00:42:49 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/03/24 00:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/03/24 00:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/03/23 23:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/23 22:58:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/23 22:58:38 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/23 22:28:33 | 000,000,000 | ---D | C] -- C:\Users\McKee\AppData\Roaming\Malwarebytes
[2010/03/23 22:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/23 22:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/23 14:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/03/23 09:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/03/23 09:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/03/23 09:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/03/23 09:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/03/23 09:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/03/23 09:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/03/23 09:10:37 | 000,000,000 | ---D | C] -- C:\Users\McKee\AppData\Local\Downloaded Installations
[2010/03/21 18:12:39 | 000,000,000 | ---D | C] -- C:\Users\McKee\AppData\Local\Diagnostics
[2010/03/21 18:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\85a84
[2010/03/21 18:02:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\CUEUHEA
[2010/03/21 18:01:13 | 000,000,000 | -HSD | C] -- C:\7886ebe
[2010/02/23 15:07:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 15:07:41 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/02/23 15:07:40 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/02/23 15:07:39 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/02/23 15:07:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files - Modified Within 30 Days ==========

[2010/03/24 23:18:12 | 001,048,576 | -HS- | M] () -- C:\Users\McKee\ntuser.dat
[2010/03/24 22:57:26 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 22:57:26 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 22:54:42 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/24 22:54:42 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/24 22:54:42 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/24 22:53:18 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\McKee\Desktop\OTL.exe
[2010/03/24 22:50:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/24 22:49:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/24 22:49:48 | 797,396,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/24 22:22:26 | 003,319,364 | -H-- | M] () -- C:\Users\McKee\AppData\Local\IconCache.db
[2010/03/24 22:07:34 | 057,644,995 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/24 22:05:16 | 000,077,312 | ---- | M] () -- C:\Users\McKee\Desktop\mbr.exe
[2010/03/24 16:51:06 | 000,013,604 | ---- | M] () -- C:\Users\McKee\Desktop\Cheetah-Anti-Rogue.zip
[2010/03/24 16:50:29 | 000,047,616 | ---- | M] () -- C:\Users\McKee\Desktop\Win32kDiag.exe
[2010/03/24 16:50:03 | 000,147,832 | ---- | M] () -- C:\Users\McKee\Desktop\profiles.exe
[2010/03/24 10:23:54 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/24 10:06:50 | 000,000,000 | ---- | M] () -- C:\Users\McKee\AppData\Roaming\wklnhst.dat
[2010/03/24 00:49:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/24 00:49:42 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/03/24 00:49:39 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/24 00:49:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/24 00:49:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/24 00:49:21 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/24 00:31:04 | 000,002,470 | ---- | M] () -- C:\Windows\System32\.crusader
[2010/03/24 00:25:38 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/03/23 23:00:01 | 000,001,839 | ---- | M] () -- C:\Users\McKee\Desktop\CCleaner.lnk
[2010/03/23 22:58:44 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/23 22:36:46 | 000,020,667 | ---- | M] () -- C:\Windows\fs1235.dat1
[2010/03/23 22:24:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/03/23 21:43:59 | 000,004,286 | ---- | M] () -- C:\Windows\System32\CUA.ico
[2010/03/23 21:33:31 | 000,002,983 | ---- | M] () -- C:\rollback.ini
[2010/03/23 14:18:52 | 000,000,614 | ---- | M] () -- C:\Windows\win.ini
[2010/03/23 09:58:09 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/23 09:39:29 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/03/21 22:01:26 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata
[2010/03/21 21:52:14 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\host_new
[2010/03/21 18:34:23 | 000,000,365 | RHS- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2010/03/24 22:05:16 | 000,077,312 | ---- | C] () -- C:\Users\McKee\Desktop\mbr.exe
[2010/03/24 16:51:05 | 000,013,604 | ---- | C] () -- C:\Users\McKee\Desktop\Cheetah-Anti-Rogue.zip
[2010/03/24 16:50:28 | 000,047,616 | ---- | C] () -- C:\Users\McKee\Desktop\Win32kDiag.exe
[2010/03/24 16:50:02 | 000,147,832 | ---- | C] () -- C:\Users\McKee\Desktop\profiles.exe
[2010/03/24 10:23:54 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/24 10:06:50 | 000,000,000 | ---- | C] () -- C:\Users\McKee\AppData\Roaming\wklnhst.dat
[2010/03/24 00:49:42 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/03/24 00:49:21 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/24 00:49:18 | 057,644,995 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/24 00:31:04 | 000,002,470 | ---- | C] () -- C:\Windows\System32\.crusader
[2010/03/24 00:25:38 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/03/23 23:00:01 | 000,001,839 | ---- | C] () -- C:\Users\McKee\Desktop\CCleaner.lnk
[2010/03/23 22:58:44 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/23 22:24:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/03/23 21:43:59 | 000,004,286 | ---- | C] () -- C:\Windows\System32\CUA.ico
[2010/03/23 11:12:30 | 000,020,667 | ---- | C] () -- C:\Windows\fs1235.dat1
[2010/03/23 09:39:23 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/03/23 09:28:48 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/23 09:26:37 | 000,002,983 | ---- | C] () -- C:\rollback.ini
[2010/03/21 22:01:26 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata
[2009/09/10 10:29:50 | 001,761,280 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/11 09:39:16 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2008/12/29 09:13:30 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/11/05 17:23:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/03/23 19:25:32 | 000,027,171 | ---- | M] () -- C:\CybDefInstallInfo.log
[2010/03/24 22:49:48 | 797,396,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/24 22:49:50 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2010/03/23 21:25:33 | 000,000,000 | -HS- | M] () -- C:\ProgramData.LOG1
[2010/03/23 21:25:33 | 000,000,000 | -HS- | M] () -- C:\ProgramData.LOG2
[2009/11/05 17:42:15 | 000,001,937 | ---- | M] () -- C:\RHDSetup.log
[2010/03/23 21:33:31 | 000,002,983 | ---- | M] () -- C:\rollback.ini

< %PROGRAMFILES%\*. >
[2010/02/04 22:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\Acer
[2009/12/24 07:33:32 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Crystal Eye webcam
[2009/11/05 17:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Games
[2009/11/05 18:15:18 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/03/23 09:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/03/24 00:44:35 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/03/23 14:17:21 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2010/03/23 23:00:01 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/03/23 22:02:16 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2009/11/05 18:06:17 | 000,000,000 | ---D | M] -- C:\Program Files\EgisTec
[2009/11/05 18:06:24 | 000,000,000 | ---D | M] -- C:\Program Files\EgisTec Egis Software Update
[2009/11/05 18:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\eSobi
[2010/02/04 23:09:14 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/03/24 00:25:25 | 000,000,000 | ---D | M] -- C:\Program Files\Hitman Pro 3.5
[2009/11/05 18:18:33 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/11/05 17:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/03/24 10:01:56 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/12/24 07:29:59 | 000,000,000 | ---D | M] -- C:\Program Files\Launch Manager
[2010/03/23 22:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/24 07:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/11/05 17:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/05 17:59:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2010/02/07 01:09:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/12/24 07:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/12/24 07:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/11/05 17:53:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/03/23 09:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSSOAP
[2010/03/24 10:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/02/04 22:37:23 | 000,000,000 | ---D | M] -- C:\Program Files\OEM
[2009/11/05 17:41:39 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/11/05 18:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/12/24 07:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/11/05 17:42:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2009/07/13 23:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/23 09:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/12/24 07:38:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/12/24 07:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/02/07 10:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/13 23:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar


< MD5 for: AGP440.SYS >
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/08/11 23:49:04 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy64\IaStor.sys
[2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/11 23:49:00 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy32\IaStor.sys
[2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-25 03:13:55

< End of report >

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

OTL log pt3

Post by lcander on 25th March 2010, 5:15 am

DRV - [2010/03/24 00:49:39 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/24 00:49:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/24 00:49:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/09/20 21:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/10 10:29:50 | 001,761,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/09/03 05:15:26 | 000,228,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/08/05 21:02:58 | 004,786,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/27 02:06:44 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/07 04:45:32 | 002,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/07/06 04:12:00 | 002,657,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/23 21:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/06/02 06:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 06:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 06:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2009/03/25 22:14:34 | 000,021,000 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/03/21 18:34:23 | 000,000,365 | RHS- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Authentication Packages - (7/13) - File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (settings...) - File not found
O30 - LSA: Security Packages - (ecution Options\seccenter.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/24 22:53:18 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\McKee\Desktop\OTL.exe
[2010/03/24 10:22:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/03/24 10:07:42 | 000,000,000 | ---D | C] -- C:\Users\McKee\AppData\Roaming\Template
[2010/03/24 10:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/03/24 01:05:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/24 00:49:39 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/24 00:49:36 | 000,242,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/24 00:49:24 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/24 00:49:21 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/24 00:49:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/03/24 00:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/03/24 00:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/03/24 00:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/03/24 00:42:49 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/03/24 00:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/03/24 00:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/03/23 23:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/23 22:58:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/23 22:58:38 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/23 22:28:33 | 000,000,000 | ---D | C] -- C:\Users\McKee\AppData\Roaming\Malwarebytes
[2010/03/23 22:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/23 22:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/23 14:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/03/23 09:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/03/23 09:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/03/23 09:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/03/23 09:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/03/23 09:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/03/23 09:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/03/23 09:10:37 | 000,000,000 | ---D | C] -- C:\Users\McKee\AppData\Local\Downloaded Installations
[2010/03/21 18:12:39 | 000,000,000 | ---D | C] -- C:\Users\McKee\AppData\Local\Diagnostics
[2010/03/21 18:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\85a84
[2010/03/21 18:02:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\CUEUHEA
[2010/03/21 18:01:13 | 000,000,000 | -HSD | C] -- C:\7886ebe
[2010/02/23 15:07:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/02/23 15:07:41 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/02/23 15:07:40 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/02/23 15:07:39 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/02/23 15:07:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files - Modified Within 30 Days ==========

[2010/03/24 23:35:49 | 001,048,576 | -HS- | M] () -- C:\Users\McKee\ntuser.dat
[2010/03/24 22:57:26 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 22:57:26 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/24 22:54:42 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/24 22:54:42 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/24 22:54:42 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/24 22:53:18 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\McKee\Desktop\OTL.exe
[2010/03/24 22:50:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/24 22:49:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/24 22:49:48 | 797,396,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/24 22:22:26 | 003,319,364 | -H-- | M] () -- C:\Users\McKee\AppData\Local\IconCache.db
[2010/03/24 22:07:34 | 057,644,995 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/24 22:05:16 | 000,077,312 | ---- | M] () -- C:\Users\McKee\Desktop\mbr.exe
[2010/03/24 16:51:06 | 000,013,604 | ---- | M] () -- C:\Users\McKee\Desktop\Cheetah-Anti-Rogue.zip
[2010/03/24 16:50:29 | 000,047,616 | ---- | M] () -- C:\Users\McKee\Desktop\Win32kDiag.exe
[2010/03/24 16:50:03 | 000,147,832 | ---- | M] () -- C:\Users\McKee\Desktop\profiles.exe
[2010/03/24 10:23:54 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/24 10:06:50 | 000,000,000 | ---- | M] () -- C:\Users\McKee\AppData\Roaming\wklnhst.dat
[2010/03/24 00:49:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/24 00:49:42 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/03/24 00:49:39 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/03/24 00:49:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/24 00:49:24 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/24 00:49:21 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/24 00:31:04 | 000,002,470 | ---- | M] () -- C:\Windows\System32\.crusader
[2010/03/24 00:25:38 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/03/23 23:00:01 | 000,001,839 | ---- | M] () -- C:\Users\McKee\Desktop\CCleaner.lnk
[2010/03/23 22:58:44 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/23 22:36:46 | 000,020,667 | ---- | M] () -- C:\Windows\fs1235.dat1
[2010/03/23 22:24:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/03/23 21:43:59 | 000,004,286 | ---- | M] () -- C:\Windows\System32\CUA.ico
[2010/03/23 21:33:31 | 000,002,983 | ---- | M] () -- C:\rollback.ini
[2010/03/23 14:18:52 | 000,000,614 | ---- | M] () -- C:\Windows\win.ini
[2010/03/23 09:58:09 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/23 09:39:29 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/03/21 22:01:26 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata
[2010/03/21 21:52:14 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\host_new
[2010/03/21 18:34:23 | 000,000,365 | RHS- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2010/03/24 22:05:16 | 000,077,312 | ---- | C] () -- C:\Users\McKee\Desktop\mbr.exe
[2010/03/24 16:51:05 | 000,013,604 | ---- | C] () -- C:\Users\McKee\Desktop\Cheetah-Anti-Rogue.zip
[2010/03/24 16:50:28 | 000,047,616 | ---- | C] () -- C:\Users\McKee\Desktop\Win32kDiag.exe
[2010/03/24 16:50:02 | 000,147,832 | ---- | C] () -- C:\Users\McKee\Desktop\profiles.exe
[2010/03/24 10:23:54 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/03/24 10:06:50 | 000,000,000 | ---- | C] () -- C:\Users\McKee\AppData\Roaming\wklnhst.dat
[2010/03/24 00:49:42 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/03/24 00:49:21 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/03/24 00:49:18 | 057,644,995 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/03/24 00:31:04 | 000,002,470 | ---- | C] () -- C:\Windows\System32\.crusader
[2010/03/24 00:25:38 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/03/23 23:00:01 | 000,001,839 | ---- | C] () -- C:\Users\McKee\Desktop\CCleaner.lnk
[2010/03/23 22:58:44 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/23 22:24:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/03/23 21:43:59 | 000,004,286 | ---- | C] () -- C:\Windows\System32\CUA.ico
[2010/03/23 11:12:30 | 000,020,667 | ---- | C] () -- C:\Windows\fs1235.dat1
[2010/03/23 09:39:23 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/03/23 09:28:48 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/03/23 09:26:37 | 000,002,983 | ---- | C] () -- C:\rollback.ini
[2010/03/21 22:01:26 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata
[2009/09/10 10:29:50 | 001,761,280 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/11 09:39:16 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2008/12/29 09:13:30 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/11/05 17:23:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/03/23 19:25:32 | 000,027,171 | ---- | M] () -- C:\CybDefInstallInfo.log
[2010/03/24 22:49:48 | 797,396,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/24 22:49:50 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
[2010/03/23 21:25:33 | 000,000,000 | -HS- | M] () -- C:\ProgramData.LOG1
[2010/03/23 21:25:33 | 000,000,000 | -HS- | M] () -- C:\ProgramData.LOG2
[2009/11/05 17:42:15 | 000,001,937 | ---- | M] () -- C:\RHDSetup.log
[2010/03/23 21:33:31 | 000,002,983 | ---- | M] () -- C:\rollback.ini

< %PROGRAMFILES%\*. >
[2010/02/04 22:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\Acer
[2009/12/24 07:33:32 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Crystal Eye webcam
[2009/11/05 17:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Games
[2009/11/05 18:15:18 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/03/23 09:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010/03/24 00:44:35 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/03/23 14:17:21 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2010/03/23 23:00:01 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/03/23 22:02:16 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2009/11/05 18:06:17 | 000,000,000 | ---D | M] -- C:\Program Files\EgisTec
[2009/11/05 18:06:24 | 000,000,000 | ---D | M] -- C:\Program Files\EgisTec Egis Software Update
[2009/11/05 18:15:49 | 000,000,000 | ---D | M] -- C:\Program Files\eSobi
[2010/02/04 23:09:14 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/03/24 00:25:25 | 000,000,000 | ---D | M] -- C:\Program Files\Hitman Pro 3.5
[2009/11/05 18:18:33 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/11/05 17:36:53 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/03/24 10:01:56 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/12/24 07:29:59 | 000,000,000 | ---D | M] -- C:\Program Files\Launch Manager
[2010/03/23 22:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/24 07:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/11/05 17:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/05 17:59:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2010/02/07 01:09:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/12/24 07:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/12/24 07:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/11/05 17:53:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/03/23 09:55:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSSOAP
[2010/03/24 10:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/02/04 22:37:23 | 000,000,000 | ---D | M] -- C:\Program Files\OEM
[2009/11/05 17:41:39 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/11/05 18:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/12/24 07:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/11/05 17:42:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2009/07/13 23:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/23 09:54:50 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/12/24 07:38:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/12/24 07:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/02/07 10:13:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/13 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/13 23:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/07/13 23:56:49 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar


< MD5 for: AGP440.SYS >
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/08/11 23:49:04 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy64\IaStor.sys
[2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/11 23:49:00 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy32\IaStor.sys
[2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 21:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-03-25 03:13:55

< End of report >

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Extrras log

Post by lcander on 25th March 2010, 5:15 am

OTL Extras logfile created on: 3/24/2010 10:56:24 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\McKee\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 248.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.95 Gb Total Space | 115.77 Gb Free Space | 84.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCKEE-PC
Current User Name: McKee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.1 MUI
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2010 9:03:45 PM | Computer Name = McKee-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\EgisTec\mywinlocker
3\x64\mwlCSP.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/11/2010 9:03:45 PM | Computer Name = McKee-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\EgisTec\mywinlocker
3\x64\mwlDaemon.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/11/2010 9:03:46 PM | Computer Name = McKee-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\EgisTec\mywinlocker
3\x64\mwlRF.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/11/2010 9:03:46 PM | Computer Name = McKee-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\EgisTec\mywinlocker
3\x64\mwlTBMNGR.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/11/2010 9:05:05 PM | Computer Name = McKee-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/11/2010 9:05:05 PM | Computer Name = McKee-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/11/2010 9:05:06 PM | Computer Name = McKee-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/11/2010 9:05:06 PM | Computer Name = McKee-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/21/2010 7:21:53 PM | Computer Name = McKee-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: fc8 Start
Time: 01cac1793abd02d5 Termination Time: 3938 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 78451480-3540-11df-9aa4-705ab60b3b53

Error - 3/21/2010 8:53:58 PM | Computer Name = McKee-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: Multimedia.api, version: 9.1.0.163,
time stamp: 0x49a88620 Exception code: 0xc0000005 Fault offset: 0x00043114 Faulting
process id: 0x4074 Faulting application start time: 0x01cac95a048cb579 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
Files\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api Report Id: 652aadcd-354d-11df-9aa4-705ab60b3b53

[ System Events ]
Error - 3/23/2010 10:53:24 PM | Computer Name = McKee-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the McAfee
Services service to connect.

Error - 3/23/2010 10:53:24 PM | Computer Name = McKee-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Services service failed to start due to the following error:
%%1053

Error - 3/23/2010 10:53:24 PM | Computer Name = McKee-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the McAfee
Network Agent service to connect.

Error - 3/23/2010 10:53:24 PM | Computer Name = McKee-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Network Agent service failed to start due to the following
error: %%1053

Error - 3/23/2010 10:53:39 PM | Computer Name = McKee-PC | Source = Service Control Manager | ID = 7034
Description = The plasservice service terminated unexpectedly. It has done this
1 time(s).

Error - 3/23/2010 11:00:42 PM | Computer Name = McKee-PC | Source = DCOM | ID = 10010
Description =

Error - 3/23/2010 11:02:02 PM | Computer Name = McKee-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%2

Error - 3/23/2010 11:02:02 PM | Computer Name = McKee-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%2

Error - 3/23/2010 11:02:02 PM | Computer Name = McKee-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Personal Firewall Service service failed to start due to
the following error: %%2

Error - 3/23/2010 11:04:03 PM | Computer Name = McKee-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Network Agent service failed to start due to the following
error: %%2


< End of report >

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A Google redirect problem

Post by Dr Jay on 25th March 2010, 2:28 pm

Are you still running McAfee products?

What about ParetoLogic? If so, are you satisfied with ParetoLogic products?

I see you are using Ask Toolbar and Bing bar. Web toolbars have trackers, and some have adware. I recommend to remove these toolbars. If you decide to, do so via Start > Control Panel > Programs (Uninstall a Program).




Warning: this OTL fix has active links. Please do not click on the links below, or your computer might become infected immediately!

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :processes
    c:\windows\explorer.exe

    :otl
    PRC - [2009/08/10 08:14:26 | 000,027,184 | ---- | M] () -- C:\Windows\snuvcdsm.exe
    O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 - Hosts: 74.125.45.100 urs.microsoft.com
    O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
    O1 - Hosts: 74.125.45.100 [You must be registered and logged in to see this link.]
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    [2010/03/21 18:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\85a84
    [2010/03/21 18:02:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\CUEUHEA
    [2010/03/21 18:01:13 | 000,000,000 | -HSD | C] -- C:\7886ebe
    [2010/03/21 22:01:26 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata
    [2010/03/21 21:52:14 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\host_new

    :commands
    [resethosts]
    [emptytemp]
    [purity]
    [reboot]


  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A Google redirect problem

Post by lcander on 25th March 2010, 3:03 pm

I had tried to uninstall McAfee and ParetoLogic. but saw there were still indications of them in the logs. I did install AVG to be used on this machine.

I will remove the toolbars, not sure when they got installed.

Will run the OTL and post the log.

Thanks

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A Google redirect problem

Post by lcander on 25th March 2010, 3:35 pm

I chose OK for an error message that came up and the OTL started to run hiding the desktop and start menu.
I has been on the Processing 01 ... safebrowsing-cache.google.com for several minutes. I know you said it would take a while to run but wondered if it should take this long. The HDD light is blinking as though there is activity but I see no activity on the OTL bar at the bottom.

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A Google redirect problem

Post by lcander on 25th March 2010, 3:54 pm

I'm thinking the OTL must be froze. Still on same Processing 01.
How should I proceed?
Thanks

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A Google redirect problem

Post by Dr Jay on 25th March 2010, 5:32 pm

Ok. Manually reboot. Then, try this new fix:

Warning: this OTL fix has active links. Please do not click on the links below, or your computer might become infected immediately!

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :processes
    c:\windows\explorer.exe

    :otl
    PRC - [2009/08/10 08:14:26 | 000,027,184 | ---- | M] () -- C:\Windows\snuvcdsm.exe
    [2010/03/21 18:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\85a84
    [2010/03/21 18:02:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\CUEUHEA
    [2010/03/21 18:01:13 | 000,000,000 | -HSD | C] -- C:\7886ebe
    [2010/03/21 22:01:26 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata
    [2010/03/21 21:52:14 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\host_new

    :commands
    [emptytemp]
    [purity]
    [reboot]


  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

OTL log

Post by lcander on 25th March 2010, 7:33 pm

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== OTL ==========
No active process named snuvcdsm.exe was found!
C:\ProgramData\85a84\Quarantine Items folder moved successfully.
C:\ProgramData\85a84\CUASys folder moved successfully.
C:\ProgramData\85a84 folder moved successfully.
C:\ProgramData\CUEUHEA folder moved successfully.
C:\7886ebe\Quarantine Items folder moved successfully.
C:\7886ebe\CUASys folder moved successfully.
C:\7886ebe\BackUp folder moved successfully.
C:\7886ebe folder moved successfully.
C:\Windows\mfebcdata moved successfully.
C:\Windows\System32\drivers\etc\host_new moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: McKee
->Temp folder emptied: 97360097 bytes
->Temporary Internet Files folder emptied: 6931080 bytes
->Flash cache emptied: 1026 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1400074 bytes
RecycleBin emptied: 367858 bytes

Total Files Cleaned = 101.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03252010_140908

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A Google redirect problem

Post by Dr Jay on 25th March 2010, 9:02 pm

Do you still have Google redirects?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A Google redirect problem

Post by lcander on 25th March 2010, 9:35 pm

It seems to be going where it should on the searches I've tried.
Thanks for all your help getting this fixed.
Thank You!

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A Google redirect problem

Post by Dr Jay on 26th March 2010, 1:16 am

Now, let's make sure your computer is clean.

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A Google redirect problem

Post by lcander on 26th March 2010, 3:04 am

Ran MBAM and it found malicious files/programs.

Malwarebytes' Anti-Malware 1.44
Database version: 3915
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/25/2010 10:03:54 PM
mbam-log-2010-03-25 (22-03-54).txt

Scan type: Quick Scan
Objects scanned: 113539
Time elapsed: 11 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks again for your help Big Grin

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A Google redirect problem

Post by lcander on 26th March 2010, 3:05 am

That should have read 'found NO malicious files/programs'
Sorry.

lcander
Intermediate
Intermediate

Posts Posts : 103
Joined Joined : 2009-06-16
OS OS : Xp, Vista
Points Points : 28664
# Likes # Likes : 0

View user profile

Back to top Go down

Re: A Google redirect problem

Post by Dr Jay on 26th March 2010, 4:17 am

One more:

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: A Google redirect problem

Post by Dr Jay on 29th March 2010, 3:35 pm

Still with us?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum