[A] Unnamed virus, black screen, no access to task manager or any icons or files

Broni,

As usual, thank you for all of your help. I was able to download and run Combofix without any problem. It seemed to have found several more items. MBAM now runs as a background anti-malware [I did disable everything before running Combofix], and it seems to continually pick up both inbound and outbound "suspicious" attempts to access the internet. Is this normal, particularly the outbound attempts? Let me know. Here is the Combofix log file. Steve

ComboFix 12-10-03.03 - Steve Kwartin 10/03/2012 23:26:12.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2671 [GMT -4:00]
Running from: c:\documents and settings\Steve Kwartin\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Steve Kwartin\Application Data\Roaming
c:\documents and settings\Steve Kwartin\Application Data\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#konugani.com\settings.sol
c:\documents and settings\Steve Kwartin\Application Data\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
c:\documents and settings\Steve Kwartin\My Documents\~WRL0597.tmp
c:\documents and settings\Steve Kwartin\My Documents\~WRL1116.tmp
c:\documents and settings\Steve Kwartin\My Documents\~WRL1195.tmp
c:\documents and settings\Steve Kwartin\My Documents\~WRL1328.tmp
c:\documents and settings\Steve Kwartin\My Documents\~WRL3636.tmp
c:\documents and settings\Steve Kwartin\WINDOWS
c:\program files\Internet Explorer\SET14E.tmp
c:\program files\Internet Explorer\SET14F.tmp
c:\program files\Internet Explorer\SET150.tmp
c:\program files\Internet Explorer\SET2.tmp
c:\program files\Internet Explorer\SET20.tmp
c:\program files\Internet Explorer\SET21.tmp
c:\program files\Internet Explorer\SET22.tmp
c:\program files\Internet Explorer\SET3.tmp
c:\program files\Internet Explorer\SET4.tmp
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
H:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2012-10-03 22:22 . 2012-10-03 22:22 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-10-03 04:04 . 2012-10-03 04:04 -------- d-----w- C:\_OTL
2012-10-02 18:59 . 2012-10-02 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-10-01 22:03 . 2012-10-01 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles
2012-10-01 09:55 . 2012-10-01 21:22 -------- d-----w- c:\documents and settings\Administrator.STEVE-QUAD
2012-09-25 15:39 . 2012-09-27 17:13 -------- d-----w- c:\program files\Open Freely
2012-09-17 22:08 . 2012-09-18 17:14 -------- d-----w- c:\documents and settings\Steve Kwartin\Application Data\Sound Devices
2012-09-17 21:55 . 2012-09-17 21:55 -------- d-----w- c:\program files\Silabs
2012-09-17 21:55 . 2012-09-17 21:55 -------- d-----w- c:\windows\system32\Silabs
2012-09-17 21:55 . 2012-09-17 21:55 -------- d-----w- c:\program files\Sound Devices
2012-09-13 02:05 . 2012-09-13 02:05 -------- d-----w- c:\program files\ERUNT
2012-09-09 06:26 . 2012-09-09 06:26 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-08 03:36 . 2012-09-08 03:37 -------- d-----w- c:\windows\system32\NtmsData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 21:04 . 2011-12-25 08:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 09:13 . 2011-06-03 05:18 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-01-05 21:28 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-01-05 21:28 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-01-05 21:28 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-01-05 21:28 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-01-05 21:28 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-01-05 21:28 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2011-01-05 21:28 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-01-05 21:27 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-01-05 21:27 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-09 06:25 . 2011-11-08 05:01 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-08-30 738984]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Steve Kwartin^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\Steve Kwartin\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Steve Kwartin^Start Menu^Programs^Startup^Launch Utility Application.lnk]
backup=c:\windows\pss\Launch Utility Application.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IVONA Reader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-01-23 19:35 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltTray]
2004-08-27 03:43 56320 ------w- c:\windows\system32\delttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-13 15:46 166912 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-13 15:46 134656 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Indexer]
2005-02-08 00:40 184320 ----a-w- c:\program files\Sharp\Sharpdesk\Indexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexTray]
2005-02-08 00:38 106496 ----a-w- c:\program files\Sharp\Sharpdesk\IndexTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 15:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
2007-01-25 15:54 154112 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2008-07-21 21:54 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-01-13 15:46 135680 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-10-23 22:24 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SharpTray]
2005-02-08 00:47 32768 ----a-w- c:\program files\Sharp\Sharpdesk\SharpTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-05 00:59 4777856 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TypeRegChecker]
2005-02-08 00:40 57344 ----a-w- c:\program files\Sharp\Sharpdesk\TypeRegChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec AntiVirus"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=2 (0x2)
"SavRoam"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"AOL ACS"=2 (0x2)
"Symantec RemoteAssist"=2 (0x2)
"TeamViewer6"=2 (0x2)
"CiSvc"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/3/2011 1:18 AM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/5/2011 5:28 PM 355632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/5/2011 5:28 PM 21256]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [8/30/2012 7:03 AM 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [8/30/2012 7:03 AM 497320]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/1/2012 12:44 PM 399432]
S1 A2DDA;A2 Direct Disk Access Support Driver;\??\c:\docume~1\ADMINI~1.ST~\LOCALS~1\temp\Rar$EX01.094\Run\a2ddax86.sys --> c:\docume~1\ADMINI~1.ST~\LOCALS~1\temp\Rar$EX01.094\Run\a2ddax86.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 12:54 AM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/25/2011 4:39 AM 676936]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11/22/2011 2:39 PM 2358656]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/28/2012 6:37 PM 253088]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys --> c:\windows\system32\DRIVERS\MAudioDelta.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/5/2012 3:28 AM 13192]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/5/2012 3:28 AM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 12:54 AM 136176]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [10/3/2012 6:22 PM 35144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/25/2011 4:39 AM 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 10:59 PM 114144]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 6:00 AM 14336]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/4/2011 6:25 AM 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [8/4/2011 6:25 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [8/4/2011 6:25 AM 136680]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7/27/2012 7:56 PM 11520]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 22:37]
.
2012-10-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-06 09:12]
.
2012-10-04 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-11-03 19:24]
.
2012-10-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-08-04 02:16]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 04:53]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 04:53]
.
2012-10-03 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 16:25]
.
2012-09-27 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]
.
2012-09-09 c:\windows\Tasks\Rescue Reminder for 2HAA48PR.job
- c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 21:52]
.
2012-10-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Steve Kwartin\Application Data\Mozilla\Firefox\Profiles\5l5wp0pq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-GoogleChrome - c:\docume~1\STEVEK~1\LOCALS~1\Temp\buuso.exe
MSConfigStartUp-xeqhwjmVOs - (no file)
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Steve Kwartin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-03 23:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(868)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-10-03 23:33:29
ComboFix-quarantined-files.txt 2012-10-04 03:33
.
Pre-Run: 68,225,462,272 bytes free
Post-Run: 68,191,170,560 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 89A953786C2B30228D4BAA003BD3DAEA

There have not been any further reports from MBAM since I ran Combofix. So, I guess that we [you] are really making progress. I ran Roguekiller again. The first time, it said that I needed an update, but it was not connecting right, and there was no way to stop Roguekiller from the Task Manager, so I did a reboot, and dragged and dropped it into the Recycle bin, and downloaded and ran a new copy. It still seemed to find at least one thing, from what I can tell. The log is below. You are the greatest. Steve

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Steve Kwartin [Admin rights]
Mode : Remove -- Date : 10/04/2012 01:02:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST1000DL002-9TT153 +++++
--- User ---
[MBR] 0da6599973a2edc24d3d0c3c92d75c99
[BSP] b828249d42599fbb248fb22eb05d2b61 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238409 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor OneTouch USB Device +++++
--- User ---
[MBR] 3f7ad32bf8ccb5754a79597e581aed30
[BSP] 8ac8edf5d743ff7e3de380919894c726 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 715402 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD40 0JB-00JJA0 USB Device +++++
--- User ---
[MBR] a0fd2e4a8dbb8d687c457c09027de702
[BSP] 8e5c4f4baa128e3e3558d521e5bb1ed1 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Well, I spoke too soon. After running rogue killer, and then rebooting for another reason, MBAM reported another outgoing attempt to: IP: 89.28.69.32 in the Republic of Moldova. I don't recall having any reason to be trying to contact anyone or anything in Moldova, although I hear that it is lovely there this time of year. So, they are apparently still at it. I will await your response. Steve

Broni,

I was doing a few searches, to see what might be trying to get out of my computer. I ran across a process that I then researched, and it seems that wdfmgr.exe may well have been the villain. I stopped the process for the time being, and since then have not had any alerts from MBAM about suspicious incoming or outgoing events. Do you want me to restart it, or leave it temporarily disabled while I run these two scans. Let me know, and thank you yet again. Steve

Broni, I had some issues after running ComboFix. I kept getting error messages that everything from notepad, to windows shut down had "encountered an error and needed to close." Eventually, I had to do a reboot, and ran it again. I had some of the same error messages, but at least it shut down normally and rebooted. Below are the TDSSKiller and ComboFix logs. The same wdfmgr.exe file is still there in running processes. Steve

TDSSKiller:

19:56:59.0453 2200 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:56:59.0468 2200 ============================================================
19:56:59.0468 2200 Current date / time: 2012/10/04 19:56:59.0468
19:56:59.0468 2200 SystemInfo:
19:56:59.0468 2200
19:56:59.0468 2200 OS Version: 5.1.2600 ServicePack: 3.0
19:56:59.0468 2200 Product type: Workstation
19:56:59.0468 2200 ComputerName: STEVE-QUAD
19:56:59.0468 2200 UserName: Steve Kwartin
19:56:59.0468 2200 Windows directory: C:\WINDOWS
19:56:59.0468 2200 System windows directory: C:\WINDOWS
19:56:59.0468 2200 Processor architecture: Intel x86
19:56:59.0468 2200 Number of processors: 4
19:56:59.0468 2200 Page size: 0x1000
19:56:59.0468 2200 Boot type: Normal boot
19:56:59.0468 2200 ============================================================
19:57:00.0031 2200 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:57:00.0046 2200 Drive \Device\Harddisk1\DR2 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:57:00.0062 2200 Drive \Device\Harddisk2\DR4 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:57:00.0062 2200 ============================================================
19:57:00.0062 2200 \Device\Harddisk0\DR0:
19:57:00.0078 2200 MBR partitions:
19:57:00.0078 2200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A
19:57:00.0078 2200 \Device\Harddisk1\DR2:
19:57:00.0078 2200 MBR partitions:
19:57:00.0078 2200 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x575452C2
19:57:00.0078 2200 \Device\Harddisk2\DR4:
19:57:00.0078 2200 MBR partitions:
19:57:00.0078 2200 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
19:57:00.0078 2200 ============================================================
19:57:00.0140 2200 C: <-> \Device\Harddisk0\DR0\Partition1
19:57:00.0234 2200 F: <-> \Device\Harddisk2\DR4\Partition1
19:57:00.0234 2200 H: <-> \Device\Harddisk1\DR2\Partition1
19:57:00.0234 2200 ============================================================
19:57:00.0234 2200 Initialize success
19:57:00.0234 2200 ============================================================
19:57:03.0000 3068 ============================================================
19:57:03.0000 3068 Scan started
19:57:03.0000 3068 Mode: Manual;
19:57:03.0000 3068 ============================================================
19:57:03.0609 3068 ================ Scan system memory ========================
19:57:03.0609 3068 System memory - ok
19:57:03.0609 3068 ================ Scan services =============================
19:57:03.0781 3068 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:57:03.0781 3068 !SASCORE - ok
19:57:03.0937 3068 A2DDA - ok
19:57:06.0296 3068 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
19:57:06.0296 3068 Aavmker4 - ok
19:57:06.0296 3068 Abiosdsk - ok
19:57:06.0312 3068 abp480n5 - ok
19:57:06.0359 3068 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:57:06.0359 3068 ACPI - ok
19:57:06.0406 3068 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:57:06.0406 3068 ACPIEC - ok
19:57:06.0468 3068 [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:57:06.0468 3068 AdobeFlashPlayerUpdateSvc - ok
19:57:06.0468 3068 adpu160m - ok
19:57:06.0515 3068 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:57:06.0515 3068 aec - ok
19:57:06.0546 3068 [ 355556D9E580915118CD7EF736653A89 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:57:06.0546 3068 AFD - ok
19:57:06.0562 3068 Aha154x - ok
19:57:06.0578 3068 aic78u2 - ok
19:57:06.0593 3068 aic78xx - ok
19:57:06.0625 3068 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:57:06.0640 3068 Alerter - ok
19:57:06.0656 3068 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:57:06.0671 3068 ALG - ok
19:57:06.0671 3068 AliIde - ok
19:57:06.0687 3068 amsint - ok
19:57:06.0734 3068 AOL TopSpeedMonitor - ok
19:57:06.0765 3068 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
19:57:06.0765 3068 AppMgmt - ok
19:57:06.0781 3068 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:57:06.0781 3068 Arp1394 - ok
19:57:06.0796 3068 asc - ok
19:57:06.0812 3068 asc3350p - ok
19:57:06.0828 3068 asc3550 - ok
19:57:07.0203 3068 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:57:07.0250 3068 aspnet_state - ok
19:57:07.0265 3068 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:57:07.0265 3068 aswFsBlk - ok
19:57:07.0281 3068 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
19:57:07.0281 3068 aswMon2 - ok
19:57:07.0296 3068 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
19:57:07.0296 3068 aswRdr - ok
19:57:07.0343 3068 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
19:57:07.0343 3068 aswSnx - ok
19:57:07.0359 3068 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
19:57:07.0359 3068 aswSP - ok
19:57:07.0390 3068 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
19:57:07.0390 3068 aswTdi - ok
19:57:07.0421 3068 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:57:07.0421 3068 AsyncMac - ok
19:57:07.0421 3068 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:57:07.0421 3068 atapi - ok
19:57:07.0437 3068 Atdisk - ok
19:57:07.0468 3068 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:57:07.0468 3068 Atmarpc - ok
19:57:07.0500 3068 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:57:07.0500 3068 AudioSrv - ok
19:57:07.0531 3068 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:57:07.0531 3068 audstub - ok
19:57:07.0671 3068 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
19:57:07.0671 3068 avast! Antivirus - ok
19:57:07.0718 3068 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:57:07.0718 3068 Beep - ok
19:57:07.0750 3068 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:57:07.0765 3068 BITS - ok
19:57:07.0796 3068 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
19:57:07.0796 3068 Browser - ok
19:57:07.0890 3068 catchme - ok
19:57:07.0921 3068 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:57:07.0921 3068 cbidf2k - ok
19:57:07.0921 3068 cd20xrnt - ok
19:57:07.0937 3068 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:57:07.0953 3068 Cdaudio - ok
19:57:07.0953 3068 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:57:07.0953 3068 Cdfs - ok
19:57:07.0968 3068 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:57:07.0968 3068 Cdrom - ok
19:57:08.0000 3068 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
19:57:08.0000 3068 cercsr6 - ok
19:57:08.0015 3068 Changer - ok
19:57:08.0031 3068 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:57:08.0031 3068 CiSvc - ok
19:57:08.0062 3068 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:57:08.0062 3068 ClipSrv - ok
19:57:08.0125 3068 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:57:08.0296 3068 clr_optimization_v2.0.50727_32 - ok
19:57:08.0343 3068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:57:08.0531 3068 clr_optimization_v4.0.30319_32 - ok
19:57:08.0531 3068 CmdIde - ok
19:57:08.0546 3068 COMSysApp - ok
19:57:08.0578 3068 Cpqarray - ok
19:57:08.0609 3068 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
19:57:08.0609 3068 cpudrv - ok
19:57:08.0640 3068 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:57:08.0656 3068 CryptSvc - ok
19:57:08.0656 3068 dac2w2k - ok
19:57:08.0671 3068 dac960nt - ok
19:57:08.0718 3068 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:57:08.0734 3068 DcomLaunch - ok
19:57:08.0781 3068 [ B34DAFA517F838B82A4256B08346917F ] DELTA C:\WINDOWS\system32\DRIVERS\delta.sys
19:57:08.0781 3068 DELTA - ok
19:57:08.0781 3068 DELTAII - ok
19:57:08.0828 3068 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:57:08.0828 3068 Dhcp - ok
19:57:08.0843 3068 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:57:08.0843 3068 Disk - ok
19:57:08.0859 3068 dmadmin - ok
19:57:08.0953 3068 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:57:08.0953 3068 dmboot - ok
19:57:08.0984 3068 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:57:08.0984 3068 dmio - ok
19:57:09.0031 3068 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:57:09.0031 3068 dmload - ok
19:57:09.0031 3068 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:57:09.0031 3068 dmserver - ok
19:57:09.0062 3068 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:57:09.0062 3068 DMusic - ok
19:57:09.0093 3068 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:57:09.0093 3068 Dnscache - ok
19:57:09.0125 3068 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:57:09.0125 3068 Dot3svc - ok
19:57:09.0125 3068 dpti2o - ok
19:57:09.0156 3068 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:57:09.0156 3068 drmkaud - ok
19:57:09.0203 3068 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
19:57:09.0203 3068 e1express - ok
19:57:09.0218 3068 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:57:09.0234 3068 EapHost - ok
19:57:09.0250 3068 ENTECH - ok
19:57:09.0296 3068 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
19:57:09.0296 3068 epmntdrv - ok
19:57:09.0296 3068 EraserUtilDrv11010 - ok
19:57:09.0343 3068 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:57:09.0343 3068 ERSvc - ok
19:57:09.0359 3068 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
19:57:09.0359 3068 EuGdiDrv - ok
19:57:09.0390 3068 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:57:09.0390 3068 Eventlog - ok
19:57:09.0421 3068 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:57:09.0421 3068 EventSystem - ok
19:57:09.0453 3068 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:57:09.0453 3068 Fastfat - ok
19:57:09.0484 3068 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:57:09.0484 3068 FastUserSwitchingCompatibility - ok
19:57:09.0500 3068 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:57:09.0500 3068 Fdc - ok
19:57:09.0531 3068 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:57:09.0531 3068 Fips - ok
19:57:09.0546 3068 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:57:09.0546 3068 Flpydisk - ok
19:57:09.0578 3068 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:57:09.0593 3068 FltMgr - ok
19:57:09.0656 3068 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:57:09.0656 3068 FontCache3.0.0.0 - ok
19:57:09.0671 3068 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:57:09.0671 3068 Fs_Rec - ok
19:57:09.0687 3068 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:57:09.0687 3068 Ftdisk - ok
19:57:09.0718 3068 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
19:57:09.0718 3068 giveio - ok
19:57:09.0750 3068 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:57:09.0750 3068 Gpc - ok
19:57:09.0812 3068 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:57:09.0812 3068 gupdate - ok
19:57:09.0828 3068 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:57:09.0828 3068 gupdatem - ok
19:57:09.0843 3068 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:57:09.0843 3068 HDAudBus - ok
19:57:09.0937 3068 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:57:09.0937 3068 helpsvc - ok
19:57:09.0953 3068 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:57:09.0953 3068 HidServ - ok
19:57:09.0984 3068 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:57:09.0984 3068 hidusb - ok
19:57:10.0000 3068 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:57:10.0015 3068 hkmsvc - ok
19:57:10.0031 3068 hpn - ok
19:57:10.0078 3068 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
19:57:10.0078 3068 HSFHWBS2 - ok
19:57:10.0140 3068 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:57:10.0140 3068 HSF_DP - ok
19:57:10.0187 3068 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:57:10.0187 3068 HTTP - ok
19:57:10.0203 3068 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:57:10.0218 3068 HTTPFilter - ok
19:57:10.0218 3068 i2omgmt - ok
19:57:10.0234 3068 i2omp - ok
19:57:10.0250 3068 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
19:57:10.0250 3068 i8042prt - ok
19:57:10.0312 3068 [ C5DB546F9028CD00E64335091860D8F3 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:57:10.0343 3068 ialm - ok
19:57:10.0359 3068 IDriverT - ok
19:57:10.0437 3068 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:57:10.0437 3068 idsvc - ok
19:57:10.0453 3068 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:57:10.0453 3068 Imapi - ok
19:57:10.0500 3068 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:57:10.0500 3068 ImapiService - ok
19:57:10.0515 3068 ini910u - ok
19:57:10.0625 3068 [ 17BBBABB21F86B650B2626045A9D016C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:57:10.0671 3068 IntcAzAudAddService - ok
19:57:10.0687 3068 IntelIde - ok
19:57:10.0718 3068 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:57:10.0718 3068 intelppm - ok
19:57:10.0718 3068 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:57:10.0718 3068 Ip6Fw - ok
19:57:10.0750 3068 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:57:10.0750 3068 IpFilterDriver - ok
19:57:10.0750 3068 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:57:10.0750 3068 IpInIp - ok
19:57:10.0796 3068 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:57:10.0796 3068 IpNat - ok
19:57:10.0796 3068 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:57:10.0796 3068 IPSec - ok
19:57:10.0812 3068 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:57:10.0812 3068 IRENUM - ok
19:57:10.0843 3068 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:57:10.0843 3068 isapnp - ok
19:57:10.0968 3068 [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:57:10.0968 3068 JavaQuickStarterService - ok
19:57:11.0000 3068 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:57:11.0000 3068 Kbdclass - ok
19:57:11.0015 3068 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:57:11.0015 3068 kbdhid - ok
19:57:11.0031 3068 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:57:11.0031 3068 kmixer - ok
19:57:11.0078 3068 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:57:11.0078 3068 KSecDD - ok
19:57:11.0093 3068 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:57:11.0093 3068 lanmanserver - ok
19:57:11.0156 3068 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:57:11.0156 3068 lanmanworkstation - ok
19:57:11.0156 3068 lbrtfdc - ok
19:57:11.0218 3068 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:57:11.0218 3068 LmHosts - ok
19:57:11.0328 3068 [ 1BDB34A492109198CAB0575F2743BE70 ] Maxtor Sync Service C:\Program Files\Maxtor\Sync\SyncServices.exe
19:57:11.0328 3068 Maxtor Sync Service - ok
19:57:11.0359 3068 [ 20856B8A44F41BB42F3F5F03C3BB2B00 ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
19:57:11.0359 3068 mbamchameleon - ok
19:57:11.0390 3068 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:57:11.0390 3068 MBAMProtector - ok
19:57:11.0437 3068 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:57:11.0437 3068 MBAMScheduler - ok
19:57:11.0484 3068 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:57:11.0484 3068 MBAMService - ok
19:57:11.0562 3068 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
19:57:11.0562 3068 McciCMService - ok
19:57:11.0609 3068 MDM - ok
19:57:11.0640 3068 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:57:11.0640 3068 mdmxsdk - ok
19:57:11.0671 3068 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:57:11.0671 3068 Messenger - ok
19:57:11.0687 3068 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:57:11.0687 3068 mnmdd - ok
19:57:11.0718 3068 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:57:11.0734 3068 mnmsrvc - ok
19:57:11.0750 3068 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:57:11.0765 3068 Modem - ok
19:57:11.0781 3068 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:57:11.0781 3068 MODEMCSA - ok
19:57:11.0796 3068 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:57:11.0796 3068 Mouclass - ok
19:57:11.0812 3068 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:57:11.0812 3068 mouhid - ok
19:57:11.0828 3068 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:57:11.0828 3068 MountMgr - ok
19:57:11.0875 3068 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:57:11.0875 3068 MozillaMaintenance - ok
19:57:11.0875 3068 mraid35x - ok
19:57:11.0921 3068 [ 80B2EC735495823AE5771A5F603E73BD ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:57:11.0921 3068 MREMP50 - ok
19:57:11.0937 3068 [ 37D7C22F7E26DA90E2D2D260E5D27846 ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:57:11.0937 3068 MRESP50 - ok
19:57:11.0953 3068 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:57:11.0953 3068 MRxDAV - ok
19:57:11.0984 3068 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:57:11.0984 3068 MRxSmb - ok
19:57:12.0000 3068 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:57:12.0000 3068 MSDTC - ok
19:57:12.0015 3068 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:57:12.0015 3068 Msfs - ok
19:57:12.0031 3068 MSIServer - ok
19:57:12.0078 3068 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:57:12.0078 3068 MSKSSRV - ok
19:57:12.0093 3068 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:57:12.0093 3068 MSPCLOCK - ok
19:57:12.0109 3068 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:57:12.0109 3068 MSPQM - ok
19:57:12.0125 3068 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:57:12.0125 3068 mssmbios - ok
19:57:12.0171 3068 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:57:12.0171 3068 Mup - ok
19:57:12.0187 3068 [ 216AC775320F64DE28CFEB7C179C4FF9 ] MXOPSWD C:\WINDOWS\system32\DRIVERS\mxopswd.sys
19:57:12.0187 3068 MXOPSWD - ok
19:57:12.0218 3068 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:57:12.0218 3068 napagent - ok
19:57:12.0234 3068 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:57:12.0234 3068 NDIS - ok
19:57:12.0265 3068 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:57:12.0265 3068 NdisTapi - ok
19:57:12.0281 3068 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:57:12.0281 3068 Ndisuio - ok
19:57:12.0296 3068 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:57:12.0296 3068 NdisWan - ok
19:57:12.0343 3068 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:57:12.0343 3068 NDProxy - ok
19:57:12.0343 3068 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:57:12.0343 3068 NetBIOS - ok
19:57:12.0359 3068 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:57:12.0375 3068 NetBT - ok
19:57:12.0390 3068 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:57:12.0390 3068 NetDDE - ok
19:57:12.0406 3068 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:57:12.0406 3068 NetDDEdsdm - ok
19:57:12.0437 3068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:57:12.0453 3068 Netlogon - ok
19:57:12.0468 3068 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:57:12.0468 3068 Netman - ok
19:57:12.0500 3068 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:57:12.0546 3068 NetTcpPortSharing - ok
19:57:12.0578 3068 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:57:12.0578 3068 NIC1394 - ok
19:57:12.0625 3068 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:57:12.0625 3068 Nla - ok
19:57:12.0687 3068 [ 25D6B2EB0A1FC4AB413AFE7EC4793EC1 ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
19:57:12.0703 3068 nosGetPlusHelper - ok
19:57:12.0703 3068 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:57:12.0703 3068 Npfs - ok
19:57:12.0734 3068 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:57:12.0750 3068 Ntfs - ok
19:57:12.0765 3068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:57:12.0765 3068 NtLmSsp - ok
19:57:12.0796 3068 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:57:12.0796 3068 NtmsSvc - ok
19:57:12.0828 3068 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
19:57:12.0828 3068 NuidFltr - ok
19:57:12.0843 3068 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:57:12.0843 3068 Null - ok
19:57:12.0890 3068 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:57:12.0890 3068 NwlnkFlt - ok
19:57:12.0906 3068 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:57:12.0906 3068 NwlnkFwd - ok
19:57:12.0921 3068 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:57:12.0921 3068 ohci1394 - ok
19:57:12.0953 3068 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:57:12.0968 3068 ose - ok
19:57:13.0000 3068 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:57:13.0000 3068 Parport - ok
19:57:13.0015 3068 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:57:13.0015 3068 PartMgr - ok
19:57:13.0031 3068 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:57:13.0031 3068 ParVdm - ok
19:57:13.0062 3068 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:57:13.0062 3068 PCI - ok
19:57:13.0078 3068 PCIDump - ok
19:57:13.0093 3068 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:57:13.0093 3068 PCIIde - ok
19:57:13.0109 3068 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:57:13.0109 3068 Pcmcia - ok
19:57:13.0125 3068 PDCOMP - ok
19:57:13.0140 3068 PDFRAME - ok
19:57:13.0156 3068 PDRELI - ok
19:57:13.0156 3068 PDRFRAME - ok
19:57:13.0171 3068 perc2 - ok
19:57:13.0187 3068 perc2hib - ok
19:57:13.0234 3068 PfModNT - ok
19:57:13.0250 3068 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:57:13.0250 3068 PlugPlay - ok
19:57:13.0265 3068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:57:13.0265 3068 PolicyAgent - ok
19:57:13.0296 3068 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:57:13.0296 3068 PptpMiniport - ok
19:57:13.0296 3068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:57:13.0296 3068 ProtectedStorage - ok
19:57:13.0312 3068 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:57:13.0312 3068 PSched - ok
19:57:13.0328 3068 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:57:13.0328 3068 Ptilink - ok
19:57:13.0343 3068 ql1080 - ok
19:57:13.0359 3068 Ql10wnt - ok
19:57:13.0375 3068 ql12160 - ok
19:57:13.0390 3068 ql1240 - ok
19:57:13.0406 3068 ql1280 - ok
19:57:13.0437 3068 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:57:13.0437 3068 RasAcd - ok
19:57:13.0468 3068 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:57:13.0468 3068 RasAuto - ok
19:57:13.0484 3068 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:57:13.0484 3068 Rasl2tp - ok
19:57:13.0515 3068 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:57:13.0515 3068 RasMan - ok
19:57:13.0531 3068 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:57:13.0531 3068 RasPppoe - ok
19:57:13.0531 3068 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:57:13.0531 3068 Raspti - ok
19:57:13.0562 3068 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:57:13.0562 3068 Rdbss - ok
19:57:13.0562 3068 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:57:13.0562 3068 RDPCDD - ok
19:57:13.0593 3068 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:57:13.0593 3068 rdpdr - ok
19:57:13.0625 3068 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:57:13.0625 3068 RDPWD - ok
19:57:13.0640 3068 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:57:13.0640 3068 RDSessMgr - ok
19:57:13.0671 3068 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:57:13.0671 3068 redbook - ok
19:57:13.0687 3068 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:57:13.0703 3068 RemoteAccess - ok
19:57:13.0734 3068 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
19:57:13.0734 3068 RemoteRegistry - ok
19:57:13.0750 3068 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:57:13.0750 3068 RpcLocator - ok
19:57:13.0781 3068 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:57:13.0781 3068 RpcSs - ok
19:57:13.0812 3068 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:57:13.0812 3068 RSVP - ok
19:57:13.0828 3068 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:57:13.0828 3068 SamSs - ok
19:57:13.0859 3068 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:57:13.0859 3068 SASDIFSV - ok
19:57:13.0921 3068 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:57:13.0921 3068 SASKUTIL - ok
19:57:13.0937 3068 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
19:57:13.0937 3068 sbp2port - ok
19:57:13.0953 3068 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:57:13.0953 3068 SCardSvr - ok
19:57:14.0015 3068 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:57:14.0031 3068 Schedule - ok
19:57:14.0078 3068 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:57:14.0078 3068 Secdrv - ok
19:57:14.0078 3068 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:57:14.0093 3068 seclogon - ok
19:57:14.0093 3068 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:57:14.0109 3068 SENS - ok
19:57:14.0140 3068 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:57:14.0140 3068 Serial - ok
19:57:14.0203 3068 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:57:14.0203 3068 Sfloppy - ok
19:57:14.0234 3068 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:57:14.0234 3068 SharedAccess - ok
19:57:14.0265 3068 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:57:14.0265 3068 ShellHWDetection - ok
19:57:14.0265 3068 Simbad - ok
19:57:14.0296 3068 Sparrow - ok
19:57:14.0343 3068 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
19:57:14.0343 3068 speedfan - ok
19:57:14.0375 3068 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:57:14.0375 3068 splitter - ok
19:57:14.0421 3068 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:57:14.0421 3068 Spooler - ok
19:57:14.0515 3068 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
19:57:14.0515 3068 sprtsvc_DellSupportCenter - ok
19:57:14.0546 3068 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:57:14.0546 3068 sr - ok
19:57:14.0546 3068 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:57:14.0562 3068 srservice - ok
19:57:14.0593 3068 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:57:14.0593 3068 Srv - ok
19:57:14.0625 3068 [ 48F44A1BE434830B7C90FB730745F65A ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
19:57:14.0625 3068 ssadbus - ok
19:57:14.0640 3068 [ 9630B486B62CC0ADB0A89152ED0218D7 ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
19:57:14.0640 3068 ssadmdfl - ok
19:57:14.0671 3068 [ 9AFAA23421622C392B55508FA9613949 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
19:57:14.0671 3068 ssadmdm - ok
19:57:14.0687 3068 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:57:14.0703 3068 SSDPSRV - ok
19:57:14.0718 3068 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:57:14.0718 3068 stisvc - ok
19:57:14.0718 3068 stllssvr - ok
19:57:14.0765 3068 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:57:14.0765 3068 swenum - ok
19:57:14.0781 3068 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:57:14.0781 3068 swmidi - ok
19:57:14.0796 3068 SwPrv - ok
19:57:14.0812 3068 symc810 - ok
19:57:14.0828 3068 symc8xx - ok
19:57:14.0843 3068 sym_hi - ok
19:57:14.0859 3068 sym_u3 - ok
19:57:14.0875 3068 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:57:14.0875 3068 sysaudio - ok
19:57:14.0890 3068 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:57:14.0890 3068 SysmonLog - ok
19:57:14.0921 3068 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:57:14.0921 3068 TapiSrv - ok
19:57:14.0968 3068 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:57:14.0968 3068 Tcpip - ok
19:57:15.0000 3068 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:57:15.0000 3068 TDPIPE - ok
19:57:15.0015 3068 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:57:15.0015 3068 TDTCP - ok
19:57:15.0125 3068 [ 01A402D34732CA3DA91786ADCC765069 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
19:57:15.0125 3068 TeamViewer6 - ok
19:57:15.0156 3068 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:57:15.0156 3068 TermDD - ok
19:57:15.0171 3068 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:57:15.0187 3068 TermService - ok
19:57:15.0187 3068 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:57:15.0203 3068 Themes - ok
19:57:15.0218 3068 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
19:57:15.0234 3068 TlntSvr - ok
19:57:15.0250 3068 TosIde - ok
19:57:15.0265 3068 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:57:15.0265 3068 TrkWks - ok
19:57:15.0281 3068 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:57:15.0281 3068 Udfs - ok
19:57:15.0296 3068 ultra - ok
19:57:15.0328 3068 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
19:57:15.0328 3068 UMWdf - ok
19:57:15.0343 3068 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:57:15.0343 3068 Update - ok
19:57:15.0375 3068 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:57:15.0375 3068 upnphost - ok
19:57:15.0390 3068 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:57:15.0390 3068 UPS - ok
19:57:15.0453 3068 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:57:15.0453 3068 usbccgp - ok
19:57:15.0484 3068 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:57:15.0484 3068 usbehci - ok
19:57:15.0500 3068 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:57:15.0500 3068 usbhub - ok
19:57:15.0531 3068 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:57:15.0531 3068 usbprint - ok
19:57:15.0562 3068 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:57:15.0562 3068 usbscan - ok
19:57:15.0578 3068 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:57:15.0578 3068 USBSTOR - ok
19:57:15.0593 3068 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:57:15.0593 3068 usbuhci - ok
19:57:15.0609 3068 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:57:15.0625 3068 VgaSave - ok
19:57:15.0625 3068 ViaIde - ok
19:57:15.0656 3068 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:57:15.0656 3068 VolSnap - ok
19:57:15.0750 3068 [ 8576A595D3C7DBB8768BEEF50381A141 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
19:57:15.0765 3068 Vsdatant - ok
19:57:15.0843 3068 vsmon - ok
19:57:15.0859 3068 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:57:15.0875 3068 VSS - ok
19:57:15.0890 3068 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:57:15.0906 3068 W32Time - ok
19:57:15.0921 3068 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:57:15.0921 3068 Wanarp - ok
19:57:15.0968 3068 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
19:57:15.0968 3068 wanatw - ok
19:57:16.0000 3068 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
19:57:16.0000 3068 WDC_SAM - ok
19:57:16.0031 3068 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:57:16.0031 3068 Wdf01000 - ok
19:57:16.0046 3068 WDICA - ok
19:57:16.0062 3068 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:57:16.0062 3068 wdmaud - ok
19:57:16.0078 3068 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:57:16.0093 3068 WebClient - ok
19:57:16.0125 3068 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:57:16.0125 3068 winachsf - ok
19:57:16.0281 3068 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:57:16.0281 3068 winmgmt - ok
19:57:16.0328 3068 [ 581176F60885AEF8F78C6E38DCC3CDF9 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
19:57:16.0328 3068 WMDM PMSP Service - ok
19:57:16.0375 3068 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:57:16.0375 3068 WmdmPmSN - ok
19:57:16.0406 3068 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
19:57:16.0421 3068 Wmi - ok
19:57:16.0437 3068 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:57:16.0437 3068 WmiApSrv - ok
19:57:16.0484 3068 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
19:57:16.0484 3068 WpdUsb - ok
19:57:16.0546 3068 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:57:16.0546 3068 WPFFontCache_v0400 - ok
19:57:16.0593 3068 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:57:16.0593 3068 WS2IFSL - ok
19:57:16.0625 3068 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:57:16.0640 3068 wscsvc - ok
19:57:16.0671 3068 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:57:16.0687 3068 wuauserv - ok
19:57:16.0718 3068 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:57:16.0734 3068 WudfPf - ok
19:57:16.0765 3068 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:57:16.0765 3068 WudfSvc - ok
19:57:16.0796 3068 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:57:16.0796 3068 WZCSVC - ok
19:57:16.0812 3068 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:57:16.0828 3068 xmlprov - ok
19:57:16.0843 3068 ================ Scan global ===============================
19:57:16.0859 3068 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:57:16.0890 3068 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
19:57:16.0890 3068 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
19:57:16.0921 3068 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:57:16.0921 3068 [Global] - ok
19:57:16.0921 3068 ================ Scan MBR ==================================
19:57:16.0937 3068 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:57:17.0343 3068 \Device\Harddisk0\DR0 - ok
19:57:17.0359 3068 [ A4A15D6782E6FE1DCE41A606CB3AFFE3 ] \Device\Harddisk1\DR2
19:57:17.0578 3068 \Device\Harddisk1\DR2 - ok
19:57:17.0593 3068 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR4
19:57:18.0031 3068 \Device\Harddisk2\DR4 - ok
19:57:18.0031 3068 ================ Scan VBR ==================================
19:57:18.0062 3068 [ 7287B6128035F6C254E1167D319B7DAB ] \Device\Harddisk0\DR0\Partition1
19:57:18.0062 3068 \Device\Harddisk0\DR0\Partition1 - ok
19:57:18.0062 3068 [ 929749AC877032ADA46FEA5E036CB138 ] \Device\Harddisk1\DR2\Partition1
19:57:18.0062 3068 \Device\Harddisk1\DR2\Partition1 - ok
19:57:18.0078 3068 [ 973CD1190B5C05C7FED9B553E71CD148 ] \Device\Harddisk2\DR4\Partition1
19:57:18.0093 3068 \Device\Harddisk2\DR4\Partition1 - ok
19:57:18.0093 3068 ============================================================
19:57:18.0093 3068 Scan finished
19:57:18.0093 3068 ============================================================
19:57:18.0125 3060 Detected object count: 0
19:57:18.0125 3060 Actual detected object count: 0

-------------------------------------------------------------------------------

Broni,

Too large for one post, so here is ComboFix:

ComboFix 12-10-03.03 - Steve Kwartin 10/04/2012 21:05:37.7.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2690 [GMT -4:00]
Running from: c:\documents and settings\Steve Kwartin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
H:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-03 22:22 . 2012-10-03 22:22 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-10-03 04:04 . 2012-10-03 04:04 -------- d-----w- C:\_OTL
2012-10-02 18:59 . 2012-10-02 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-10-01 22:03 . 2012-10-01 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles
2012-10-01 09:55 . 2012-10-01 21:22 -------- d-----w- c:\documents and settings\Administrator.STEVE-QUAD
2012-09-25 15:39 . 2012-09-27 17:13 -------- d-----w- c:\program files\Open Freely
2012-09-17 22:08 . 2012-09-18 17:14 -------- d-----w- c:\documents and settings\Steve Kwartin\Application Data\Sound Devices
2012-09-17 21:55 . 2012-09-17 21:55 -------- d-----w- c:\program files\Silabs
2012-09-17 21:55 . 2012-09-17 21:55 -------- d-----w- c:\windows\system32\Silabs
2012-09-17 21:55 . 2012-09-17 21:55 -------- d-----w- c:\program files\Sound Devices
2012-09-13 02:05 . 2012-09-13 02:05 -------- d-----w- c:\program files\ERUNT
2012-09-09 06:26 . 2012-09-09 06:26 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-08 03:36 . 2012-09-08 03:37 -------- d-----w- c:\windows\system32\NtmsData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 21:04 . 2011-12-25 08:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 09:13 . 2011-06-03 05:18 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-01-05 21:28 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-01-05 21:28 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-01-05 21:28 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-01-05 21:28 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2011-01-05 21:28 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2011-01-05 21:28 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2011-01-05 21:28 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2011-01-05 21:27 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-01-05 21:27 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-09 06:25 . 2011-11-08 05:01 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-23 98304]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Steve Kwartin^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\Steve Kwartin\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Steve Kwartin^Start Menu^Programs^Startup^Launch Utility Application.lnk]
backup=c:\windows\pss\Launch Utility Application.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2009-01-23 19:35 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeltTray]
2004-08-27 03:43 56320 ------w- c:\windows\system32\delttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-13 15:46 166912 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-13 15:46 134656 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Indexer]
2005-02-08 00:40 184320 ----a-w- c:\program files\Sharp\Sharpdesk\Indexer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexTray]
2005-02-08 00:38 106496 ----a-w- c:\program files\Sharp\Sharpdesk\IndexTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 15:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
2007-01-25 15:54 154112 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2008-07-21 21:54 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-01-13 15:46 135680 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-10-23 22:24 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SharpTray]
2005-02-08 00:47 32768 ----a-w- c:\program files\Sharp\Sharpdesk\SharpTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-05 00:59 4777856 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TypeRegChecker]
2005-02-08 00:40 57344 ----a-w- c:\program files\Sharp\Sharpdesk\TypeRegChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec AntiVirus"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=2 (0x2)
"SavRoam"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"AOL ACS"=2 (0x2)
"Symantec RemoteAssist"=2 (0x2)
"TeamViewer6"=2 (0x2)
"CiSvc"=2 (0x2)
"!SASCORE"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/3/2011 1:18 AM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/5/2011 5:28 PM 355632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/5/2011 5:28 PM 21256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/1/2012 12:44 PM 399432]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [11/22/2011 2:39 PM 2358656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/25/2011 4:39 AM 22856]
S1 A2DDA;A2 Direct Disk Access Support Driver;\??\c:\docume~1\ADMINI~1.ST~\LOCALS~1\temp\Rar$EX01.094\Run\a2ddax86.sys --> c:\docume~1\ADMINI~1.ST~\LOCALS~1\temp\Rar$EX01.094\Run\a2ddax86.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 12:54 AM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/25/2011 4:39 AM 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/28/2012 6:37 PM 253088]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys --> c:\windows\system32\DRIVERS\MAudioDelta.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/5/2012 3:28 AM 13192]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/5/2012 3:28 AM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 12:54 AM 136176]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [10/3/2012 6:22 PM 35144]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 10:59 PM 114144]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 6:00 AM 14336]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/4/2011 6:25 AM 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [8/4/2011 6:25 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [8/4/2011 6:25 AM 136680]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [7/27/2012 7:56 PM 11520]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 22:37]
.
2012-10-05 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-06 09:12]
.
2012-10-05 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-11-03 19:24]
.
2012-10-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-08-04 02:16]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 04:53]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 04:53]
.
2012-10-04 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 16:25]
.
2012-10-04 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]
.
2012-09-09 c:\windows\Tasks\Rescue Reminder for 2HAA48PR.job
- c:\program files\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 21:52]
.
2012-10-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\Steve Kwartin\Application Data\Mozilla\Firefox\Profiles\5l5wp0pq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - user.js: yahoo.homepage.dontask - true
.
Supplementary scan did not complete!
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-04 21:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-10-04 21:16:20
ComboFix-quarantined-files.txt 2012-10-05 01:16
ComboFix2.txt 2012-10-05 00:57
ComboFix3.txt 2012-10-04 03:33
.
Pre-Run: 67,921,510,400 bytes free
forPost-Run: Press ENTER to keep the same time.
.
- - End Of File - - 709399176FA9442168EDFC791B687761

So far, I have not seen MBAM report any incoming or outgoing attempts to communicate. From what I have read, it would probably be best if I removed wdfmgr.exe, unless you know of some reason to keep it. Let me know what else there is to do. You have been a life saver. Thank you again and again. Steve

Broni, I guess that I should stop saying anything. As soon as I posted the prior post, my computer attempted to reach Moldova again, and yet again as I type this. It has to be that wdfmgr.exe program, as when I disabled it previously, that seemed to be when communication ceased. I will wait for your response. Steve

I have tried to run OTL twice, by downloading each version. I put in the custom scan info, and select quick scan, and it begins to do its thing for a while, but both versions keep getting hung up on checking Firefox settings. They both just froze there for over 10-15 minutes with no further movement. Let me know what you want me to do next. Thank you. Steve

I have rebooted into OTLPE, and downloaded OTL, but I keep getting an error message that the application failed to start because framedyn.dll was not found. I tried the other OTL download and same problem. I even tried to install that.dll directly from microsoft, but that did not work either. Not sure what to do next. Steve

I have rebooted into OTLPE, and downloaded OTL, but I keep getting an error message that the application failed to start because framedyn.dll was not found. I tried the other OTL download and same problem. I even tried to install that.dll directly from microsoft, but that did not work either. Not sure what to do next. Steve

Broni,

I may have misunderstood the first instruction about OTL. I did reboot from the CD, and got the REATOGO-X-PE desktop, but there was "OTLPE" on there, and I thought that was different than plain "OTL," so I attempted to download OTL from the links that you provided previously. I have now run the second scan, with the limited custom commands from post #37, and the log is below. Just so that you also know, the only browser that opens from the REATOGO-X-PE desktop is IE, and when you try to get to the TechSpot forums, it blocks you. I am doing this by accessing Firefox through my personal Documents and Settings, as the Firefox on the REATOGO-X-PE desktop is labeled "portable," and only seems to open a DOS window. Let me know if you now want me to run the OTL scan with the prior custom scan from post #33. Thanks for your patience. Steve

OTL logfile created on: 10/5/2012 5:41:44 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 63.07 Gb Free Space | 27.09% Space Free | Partition Type: NTFS
Drive D: | 37.26 Gb Total Space | 5.46 Gb Free Space | 14.66% Space Free | Partition Type: NTFS
Drive E: | 698.64 Gb Total Space | 102.48 Gb Free Space | 14.67% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet005

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (stllssvr)
SRV - File not found [Auto] -- -- (MDM)
SRV - File not found [Disabled] -- -- (IDriverT)
SRV - File not found [Disabled] -- -- (AOL TopSpeedMonitor)
SRV - [2012/09/09 02:25:57 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/29 16:17:06 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/04/28 18:37:11 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/11/03 14:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Disabled] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/02/02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/07/21 17:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Auto] -- -- (PfModNT)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EraserUtilDrv11010)
DRV - File not found [Kernel | On_Demand] -- -- (ENTECH)
DRV - File not found [Kernel | On_Demand] -- -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (A2DDA)
DRV - [2012/10/03 18:22:10 | 000,035,144 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/29 15:45:24 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/01/12 21:15:08 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/12 21:15:08 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/01/12 21:15:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/05/02 16:21:22 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/25 12:12:22 | 000,302,336 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\delta.sys -- (DELTA) Service for Delta Driver (WDM)
DRV - [2007/01/19 13:53:43 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/01/19 13:53:42 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Disabled] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.STEVE-QUAD_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Steve_Kwartin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\Steve_Kwartin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/09/05 18:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 02:26:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/08 01:01:32 | 000,000,000 | ---D | M]

[2012/10/01 07:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator.STEVE-QUAD\Application Data\Mozilla\Extensions
[2012/06/11 11:32:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2012/09/09 02:25:59 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/27 11:35:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/14 17:49:30 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/09/09 02:25:53 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/09 02:25:53 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/04 21:13:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator.STEVE-QUAD_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Steve_Kwartin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 09:33:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/03/13 14:32:42 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/10/04 21:19:56 | 000,000,055 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/11/24 15:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Kwartin\Desktop\Virus
[2012/10/05 12:38:30 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Kwartin\Desktop\OTL.exe
[2012/10/05 12:33:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/04 21:20:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2012/10/04 19:56:49 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steve Kwartin\Desktop\TDSSKiller.exe
[2012/10/04 19:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Kwartin\Desktop\Alamo
[2012/10/03 23:24:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/10/03 23:22:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/10/03 23:22:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/10/03 23:22:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/10/03 23:22:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/10/03 23:15:11 | 004,761,955 | R--- | C] (Swearware) -- C:\Documents and Settings\Steve Kwartin\Desktop\ComboFix.exe
[2012/10/03 23:05:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve Kwartin\Recent
[2012/10/03 09:41:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2012/10/03 03:59:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Steve Kwartin\Desktop\aswMBR.exe
[2012/10/03 03:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Kwartin\My Documents\ForceField Shared Files
[2012/10/03 03:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Kwartin\Desktop\RK_Quarantine
[2012/10/03 00:04:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/02 17:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\My Documents\Jose
[2012/10/02 14:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/10/01 23:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\My Documents\Run
[2012/10/01 23:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Application Data\EurekaLog
[2012/10/01 23:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Application Data\WinRAR
[2012/10/01 21:20:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\My Documents\My Videos
[2012/10/01 21:20:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\My Documents\My Pictures
[2012/10/01 21:20:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\My Documents\My Music
[2012/10/01 21:20:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Administrative Tools
[2012/10/01 20:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Kwartin\My Documents\virus
[2012/10/01 18:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZA_PreservedFiles
[2012/10/01 15:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\My Documents\Downloads
[2012/10/01 07:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Application Data\Macromedia
[2012/10/01 07:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Local Settings\Application Data\Mozilla
[2012/10/01 07:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Application Data\Mozilla
[2012/10/01 06:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Application Data\Malwarebytes
[2012/10/01 06:05:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Application Data\Adobe
[2012/10/01 05:55:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Application Data\Microsoft
[2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Startup
[2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Start Menu
[2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\SendTo
[2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Application Data
[2012/10/01 05:55:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Accessories
[2012/10/01 05:55:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Cookies
[2012/10/01 05:55:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Local Settings
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Templates
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Recent
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\PrintHood
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\NetHood
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\My Documents
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Local Settings\Application Data\Microsoft
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Favorites
[2012/10/01 05:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Desktop
[2012/09/25 11:39:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Open Freely
[2012/09/25 11:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\Open Freely
[2012/09/20 17:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/09/17 18:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve Kwartin\Application Data\Sound Devices
[2012/09/17 17:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Silabs
[2012/09/17 17:55:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Silabs
[2012/09/17 17:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sound Devices
[2012/09/17 17:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sound Devices
[2012/09/12 22:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/09/12 22:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/09/07 23:36:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

========== Files - Modified Within 30 Days ==========

[2012/11/24 13:39:57 | 000,199,046 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Desktop\Thank you for your Order2!.pdf
[2012/11/24 13:37:41 | 000,166,662 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Desktop\Shopping cart3.pdf
[2012/11/24 13:35:26 | 000,198,523 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Desktop\Thank you for your Order!.pdf
[2012/11/24 13:30:28 | 000,167,294 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Desktop\Shopping cart2.pdf
[2012/10/05 15:37:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/05 14:58:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/05 14:57:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/05 13:47:00 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\FreeFileViewerUpdateChecker.job
[2012/10/05 12:38:28 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Kwartin\Desktop\OTL.exe
[2012/10/05 06:33:00 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/04 21:20:42 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/10/04 21:20:41 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2012/10/04 21:20:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/04 21:20:12 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/04 21:13:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/04 18:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012/10/04 12:56:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\cd
[2012/10/04 01:20:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2012/10/04 01:00:39 | 001,422,336 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Desktop\RogueKiller.exe
[2012/10/04 00:52:05 | 000,521,038 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/04 00:52:05 | 000,095,478 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/03 23:24:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/10/03 23:15:11 | 004,761,955 | R--- | M] (Swearware) -- C:\Documents and Settings\Steve Kwartin\Desktop\ComboFix.exe
[2012/10/03 18:22:10 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/10/03 09:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2012/10/03 09:01:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Desktop\MBR.dat
[2012/10/03 04:00:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Steve Kwartin\Desktop\aswMBR.exe
[2012/10/03 03:46:12 | 000,415,877 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/10/03 03:45:37 | 000,000,256 | ---- | M] () -- C:\Boot.bak
[2012/10/03 03:29:49 | 002,193,278 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Desktop\tdsskiller.zip
[2012/10/02 00:52:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/01 23:36:15 | 000,811,138 | ---- | M] () -- C:\Documents and Settings\Administrator.STEVE-QUAD\My Documents\152 Order Adopting Report and Recommendations re Attorneys Fees.pdf
[2012/10/01 20:17:23 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Steve Kwartin\ntuser.pol
[2012/10/01 17:22:32 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\Administrator.STEVE-QUAD\ntuser.pol
[2012/10/01 12:44:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/30 14:48:32 | 000,081,792 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Desktop\Scanned Image 122740000.jpg
[2012/09/29 19:42:48 | 000,000,063 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Application Data\bteasy.ini
[2012/09/29 18:56:32 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/09/28 12:16:15 | 000,187,238 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\My Documents\Ticketmaster Confirmation.pdf
[2012/09/26 23:29:52 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2012/09/26 23:01:31 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/09/26 22:49:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/26 22:28:21 | 000,001,337 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/25 11:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Open Freely
[2012/09/24 12:20:44 | 000,181,703 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Desktop\Confirm Order.pdf
[2012/09/22 01:24:04 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Application Data\Microsoft\Internet Explorer\Quick Launch\foobar2000.lnk
[2012/09/21 19:03:38 | 000,068,565 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Desktop\The Who - Posters.pdf
[2012/09/20 17:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer
[2012/09/19 20:57:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steve Kwartin\Desktop\TDSSKiller.exe
[2012/09/17 17:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sound Devices
[2012/09/15 18:40:31 | 000,102,300 | ---- | M] () -- C:\Documents and Settings\Steve Kwartin\Desktop\axel-rosales-most-piercings-on-face_dsc5560.jpg
[2012/09/12 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/09/09 02:37:37 | 000,000,548 | ---- | M] () -- C:\WINDOWS\tasks\Rescue Reminder for 2HAA48PR.job
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/05 18:33:46 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2012/11/24 13:39:56 | 000,199,046 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Desktop\Thank you for your Order2!.pdf
[2012/11/24 13:37:40 | 000,166,662 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Desktop\Shopping cart3.pdf
[2012/11/24 13:35:25 | 000,198,523 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Desktop\Thank you for your Order!.pdf
[2012/11/24 13:30:27 | 000,167,294 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Desktop\Shopping cart2.pdf
[2012/10/04 12:56:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\cd
[2012/10/04 01:00:45 | 001,422,336 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Desktop\RogueKiller.exe
[2012/10/03 23:22:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/03 23:22:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/03 23:22:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/03 23:22:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/03 23:22:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/03 18:22:10 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/10/03 09:01:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Desktop\MBR.dat
[2012/10/03 03:42:29 | 000,415,877 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/10/03 03:29:45 | 002,193,278 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Desktop\tdsskiller.zip
[2012/10/01 23:36:15 | 000,811,138 | ---- | C] () -- C:\Documents and Settings\Administrator.STEVE-QUAD\My Documents\152 Order Adopting Report and Recommendations re Attorneys Fees.pdf
[2012/10/01 12:44:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/01 06:44:31 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Administrator.STEVE-QUAD\ntuser.pol
[2012/10/01 05:55:55 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Remote Assistance.lnk
[2012/10/01 05:55:55 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.STEVE-QUAD\Start Menu\Programs\Windows Media Player.lnk
[2012/09/30 14:46:08 | 000,081,792 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Desktop\Scanned Image 122740000.jpg
[2012/09/28 12:16:13 | 000,187,238 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\My Documents\Ticketmaster Confirmation.pdf
[2012/09/26 23:29:52 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2012/09/24 12:20:42 | 000,181,703 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Desktop\Confirm Order.pdf
[2012/09/22 01:24:04 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Application Data\Microsoft\Internet Explorer\Quick Launch\foobar2000.lnk
[2012/09/21 19:03:37 | 000,068,565 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Desktop\The Who - Posters.pdf
[2012/09/15 18:46:42 | 000,102,300 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Desktop\axel-rosales-most-piercings-on-face_dsc5560.jpg
[2012/09/12 22:02:33 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\Steve Kwartin\ntuser.pol
[2012/08/05 14:25:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bench32.INI
[2012/08/05 03:28:39 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2012/08/05 03:28:37 | 002,468,520 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2012/08/05 03:28:37 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2012/08/05 03:28:37 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2012/08/05 03:28:37 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2012/08/02 19:27:20 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/07/13 19:18:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/13 17:50:51 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/20 18:54:29 | 000,156,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/01/06 18:10:20 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\default.pls
[2012/01/06 16:30:50 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\WS_ContextMenu.dll
[2011/10/26 17:10:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/09/11 15:31:07 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\.recently-used.xbel
[2011/01/08 16:19:10 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/01/05 17:35:49 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/01/05 13:49:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/12/13 02:18:45 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/12 01:00:18 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/02/12 12:26:33 | 000,492,118 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Application Data\fontlst2.opf
[2009/02/03 15:15:15 | 000,000,543 | ---- | C] () -- C:\WINDOWS\OPHC.ini
[2008/12/07 22:53:20 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/20 23:46:29 | 135,124,796 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Dg24.wav
[2008/11/20 23:46:21 | 130,717,148 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Dg23.wav
[2008/11/19 15:38:52 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/11/03 23:15:06 | 000,131,584 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2008/11/03 21:54:53 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/11/02 23:39:59 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\Steve Kwartin\Application Data\bteasy.ini
[2008/11/02 21:25:18 | 000,561,086 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\fontlst2.opf
[2008/10/23 18:26:12 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2008/10/23 18:17:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/23 18:09:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\SPZLPO__.DLL
[2008/08/09 18:04:56 | 000,000,203 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/09 17:34:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/07/21 19:30:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/07/21 19:29:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/07/21 13:37:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/21 09:35:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/21 09:31:08 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/21 05:25:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/21 05:24:32 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/06 20:00:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\WINREGP.DLL
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,521,038 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,095,478 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/02/06 13:05:22 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\TERNT.DLL
[2004/02/06 13:00:04 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\TER9X.DLL
[2003/12/14 02:03:42 | 001,107,472 | ---- | C] () -- C:\WINDOWS\System32\OWL52.DLL
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2012/10/02 00:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.STEVE-QUAD\Application Data\EurekaLog
[2008/11/02 21:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Sharpdesk
[2011/05/16 12:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\.oit
[2012/07/27 15:51:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\0FF73A05
[2012/09/30 17:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\Audacity
[2012/08/04 18:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\Auslogics
[2012/10/03 03:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\CheckPoint
[2011/01/20 17:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\DriverCure
[2012/09/22 15:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\foobar2000
[2011/11/04 13:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\FreeFileViewer
[2011/07/26 01:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\GARMIN
[2012/08/04 16:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\GlarySoft
[2010/09/01 16:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\gtk-2.0
[2011/07/12 02:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\IVONA ControlCenter
[2011/05/22 17:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\OfficeRecovery
[2010/05/25 17:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\PandoraRecovery
[2011/01/20 17:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\ParetoLogic
[2008/08/03 14:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\Publish Providers
[2008/12/05 16:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\Sharpdesk
[2010/07/27 19:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\Sony
[2010/07/26 23:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\Sony Setup
[2012/09/18 13:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\Sound Devices
[2011/07/23 01:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\SoundSpectrum
[2012/06/11 17:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\Southwest Airlines
[2011/07/23 01:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\SystemRequirementsLab
[2012/08/16 06:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\TeamViewer
[2011/01/05 01:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\Tific
[2012/08/04 16:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\Uniblue
[2012/10/05 15:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kwartin\Application Data\uTorrent
[2011/01/05 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/08/02 20:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2011/05/22 15:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2012/10/02 14:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/04/23 15:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/07/26 01:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2012/01/06 16:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/01/08 16:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/01/01 14:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/01/05 17:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/06/29 16:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/05/22 15:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/01/06 01:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2011/08/04 06:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/01/05 01:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/10/23 18:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sharpdesk
[2010/07/27 18:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/01/08 15:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/01/06 18:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2012/10/01 18:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZA_PreservedFiles
[2012/10/05 06:33:00 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/10/05 13:47:00 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
[2012/10/04 21:20:42 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/10/04 18:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2012/10/04 01:20:00 | 000,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2012/09/09 02:37:37 | 000,000,548 | ---- | M] () -- C:\WINDOWS\Tasks\Rescue Reminder for 2HAA48PR.job
[2012/10/04 21:20:41 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: WDFMGR.EXE >
[2004/08/11 01:45:04 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=C81B8635DEE0D3EF5F64B3DD643023A5 -- C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
[2004/08/11 01:45:04 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=C81B8635DEE0D3EF5F64B3DD643023A5 -- C:\WINDOWS\system32\wdfmgr.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\Desktop\Widespread_Panic_2008-10-28_Fillmore_Miami_Beach_FL_TLM-170_FOB.flac16:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steve Kwartin\Desktop\Buckethead_2008-10-26_Culture_Room_Ft._Lauderdale_FL_TLM-170:Roxio EMC Stream
< End of report >