Wireless driver MIA on laptop, MWB cant be run!

Inactive
By javier
Aug 9, 2012
  1. So heres the story...last night I clicked on a hyperlink and I got what I know is a fake "you have a virus, click here to disinfect" screen soon after along with a totally different website name than what showed on the bottom of the screen when I scrolled over it. I used my task mngr via the processes to shut down IE as this has saved me several times before from malicious content. This morning I went to start up the ol' laptop and noticed the blue light was now orange. I tried to run MWB but said it was corrupt and could not run. I tried to save MWB on a jump drive and and laod it that way, and still the same. I tried the chamleon method and nothing. I also tried uninstalling the LAN drives to see if that would re-install the wireless drivers after a re-boot and nothing. So now I am here for help. I have installed AVAST, ran that, and still nothing. Here are my logs:

    --MWB: can not get it to run/load

    --GMER:GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-09 18:18:19
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\0000007f rev.
    Running: jse2c4y8.exe; Driver: C:\DOCUME~1\JAVIER~1.YOU\LOCALS~1\Temp\kgpdapod.sys

    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEB2BC162]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEB2BBFCD]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEB33C744]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
    ---- EOF - GMER 1.0.15 ----

    --dds:.
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Run by javier at 18:20:30 on 2012-08-09
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
    uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
    uInternet Settings,ProxyOverride = cdn;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
    TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [V0350Mon.exe] c:\windows\V0350Mon.exe
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    Trusted Zone: aol.com\free
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    TCP: Interfaces\{A09AB788-0DE2-4A0B-8F2F-EE2A59A8E5AA} : DhcpNameServer = 10.48.146.16 10.48.146.81
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\javier.your-0cdc4f5844\application data\mozilla\firefox\profiles\vrsikzfu.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 50370
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\documents and settings\javier.your-0cdc4f5844\application data\move networks\plugins\npqmp071502000008.dll
    FF - plugin: c:\documents and settings\javier.your-0cdc4f5844\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2012-08-09 18:35:28 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-08-09 18:34:33 41224 ----a-w- c:\windows\avastSS.scr
    2012-08-09 18:34:02 -------- d-----w- c:\program files\AVAST Software
    2012-08-09 18:34:02 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2012-08-09 18:02:14 35144 ----a-w- c:\windows\system32\drivers\48230029.sys
    2012-08-09 17:53:32 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2012-08-09 17:22:59 -------- d-----w- c:\program files\Broadcom
    2012-08-09 16:50:59 -------- d-----w- c:\program files\Microsoft Money 2006
    2012-08-09 16:39:44 -------- d-----w- c:\windows\LastGood(2)
    .
    ==================== Find3M ====================
    .
    2012-08-09 18:28:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
    2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
    2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
    c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
    1 ntkrnlpa!IofCallDriver[0x804EF16A] -> \Device\Harddisk0\DR0[0x8564B030]
    3 CLASSPNP[0xF74E805B] -> ntkrnlpa!IofCallDriver[0x804EF16A] -> \Device\00000080[0x855F1A98]
    5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF16A] -> \Device\0000007f[0x856123E0]
    kernel: MBR read successfully
    _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
    user != kernel MBR !!!
    .
    ============= FINISH: 18:21:29.21 ===============
    and for the "attach log"

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    5 Card Slingo from Hewlett-Packard Laptops (remove only)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.1
    Adobe Shockwave Player 11.5
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Ask Toolbar
    avast! Free Antivirus
    AviSynth 2.5
    Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
    Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
    Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
    Blasterball 2 from Hewlett-Packard Laptops (remove only)
    Boggle Supreme from Hewlett-Packard Laptops (remove only)
    Bonjour
    Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
    Bounce Symphony from Hewlett-Packard Laptops (remove only)
    Broadcom 802.11 Wireless LAN Adapter
    BufferChm
    CCleaner
    Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
    Conexant HD Audio
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    Creative Live! Cam Center
    Creative Live! Cam Doodling
    Creative Live! Cam FX Creator
    Creative Live! Cam Manager
    Creative Live! Cam User's Guide
    Creative Live! Cam Video Chat or Video IM Driver (1.02.01.00)
    Creative System Information
    Creative WebCam Center
    Creative WebCam Vista Plus Driver (1.02.02.0414)
    Crystal Maze from Hewlett-Packard Laptops (remove only)
    CueTour
    Customer Experience Enhancement
    Destinations
    DeviceManagementQFolder
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    Final Drive Nitro from Hewlett-Packard Laptops (remove only)
    Flip Words from Hewlett-Packard Laptops (remove only)
    FLVPlayer4Free Free FLV Player 2.9.0.0
    FullDPAppQFolder
    GemMaster Mystic
    Get Yahoo! Messenger
    Glary Registry Repair 3.3.0.852
    Glary Utilities 2.23.0.923
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB888795)
    Hotfix for Windows XP (KB891593)
    Hotfix for Windows XP (KB895961)
    Hotfix for Windows XP (KB896256)
    Hotfix for Windows XP (KB899337)
    Hotfix for Windows XP (KB899510)
    Hotfix for Windows XP (KB902841)
    Hotfix for Windows XP (KB909095)
    Hotfix for Windows XP (KB910728)
    Hotfix for Windows XP (KB912436)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB932716-v2)
    HP Deskjet 3840
    HP Game Console and games
    HP Help and Support
    HP Imaging Device Functions 6.0
    HP Photosmart Premier Software 6.0
    HP Quick Launch Buttons 6.10 A2
    HP QuickPlay 2.3
    HP Update
    HP User Guides 0031
    HP Wireless Assistant 2.00 G2
    HpSdpAppCoreApp
    Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
    InstantShareDevices
    Java(TM) 6 Update 17
    Jewel Quest from Hewlett-Packard Laptops (remove only)
    Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
    Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
    LightScribe 1.4.97.1
    Macromedia Flash Player 8
    Macromedia Shockwave Player
    Mah Jong Quest from Hewlett-Packard Laptops (remove only)
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 1.0 Hotfix (KB930494)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft .NET Framework 3.5
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Money 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.7
    Microsoft Visual C++ 2005 Redistributable
    Microsoft WinUsb 1.0
    Microsoft Works
    MobileMe Control Panel
    Move Media Player
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 6.0 Parser (KB933579)
    muvee autoProducer 5.0
    muveeNow 2.0 - Creative
    NVIDIA Drivers
    Oasis from Hewlett-Packard Laptops (remove only)
    Office 2003 Trial Assistant
    Olympus Digital Wave Player
    OptionalContentQFolder
    Otto
    overland
    PhotoGallery
    Polar Bowler from Hewlett-Packard Laptops (remove only)
    Polar Golfer from Hewlett-Packard Laptops (remove only)
    Puzzle Express from Hewlett-Packard Laptops (remove only)
    Quicken 2006
    QuickTime
    RandMap
    Realtek High Definition Audio Driver
    SCRABBLE from Hewlett-Packard Laptops (remove only)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Segoe UI
    SightSpeed (remove only)
    Silvestri Comp Review PN 4e
    SkinsHP1
    Slingo Deluxe from Hewlett-Packard Laptops (remove only)
    Slyder from Hewlett-Packard Laptops (remove only)
    Snowboard SuperJam
    Soft Data Fax Modem with SmartCP
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    Sonic_PrimoSDK
    SonicAC3Encoder
    SonicMPEGEncoder
    Spelling Dictionaries Support For Adobe Reader 9
    SUPER © Version 2010.bld.38 (May 2, 2010)
    Super Granny from Hewlett-Packard Laptops (remove only)
    Synaptics Pointing Device Driver
    System Requirements Lab
    TourSetup
    Tradewinds from Hewlett-Packard Laptops (remove only)
    Unload
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911164)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.18
    Veoh Video Compass
    Veoh Web Player
    Videora iPod Converter 4.08
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Vongo
    vShare Plugin
    WebFldrs XP
    WildTangent Web Driver
    Windows Genuine Advantage Validation Tool
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885855
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888239
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890546
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891220
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892559
    Windows XP Media Center Edition 2005 KB912067
    Windows XP Media Center Edition 2005 KB915381
    WinRAR archiver
    Wireless Home Network Setup
    XML Paper Specification Shared Components Pack 1.0
    Zuma Deluxe from Hewlett-Packard Laptops (remove only)
    Zune
    Zune Language Pack (ES)
    Zune Language Pack (FR)
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. javier

    javier Newcomer, in training Topic Starter Posts: 25

    First off, thank you very much for your time. I understand that no one is given more than 24 hours in a day, and you are willing to spend some of yours on my problem, so for that, I am grateful....now on to the business!

    TDS:
    21:25:46.0718 3832 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    21:25:46.0765 3832 ============================================================
    21:25:46.0765 3832 Current date / time: 2012/08/09 21:25:46.0765
    21:25:46.0765 3832 SystemInfo:
    21:25:46.0765 3832
    21:25:46.0765 3832 OS Version: 5.1.2600 ServicePack: 2.0
    21:25:46.0765 3832 Product type: Workstation
    21:25:46.0765 3832 ComputerName: YOUR-0CDC4F5844
    21:25:46.0765 3832 UserName: javier
    21:25:46.0765 3832 Windows directory: C:\WINDOWS
    21:25:46.0765 3832 System windows directory: C:\WINDOWS
    21:25:46.0765 3832 Processor architecture: Intel x86
    21:25:46.0765 3832 Number of processors: 1
    21:25:46.0765 3832 Page size: 0x1000
    21:25:46.0765 3832 Boot type: Normal boot
    21:25:46.0765 3832 ============================================================
    21:25:47.0875 3832 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    21:25:47.0875 3832 Drive \Device\Harddisk1\DR4 - Size: 0x7A0D1A00 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    21:25:47.0875 3832 ============================================================
    21:25:47.0875 3832 \Device\Harddisk0\DR0:
    21:25:47.0875 3832 MBR partitions:
    21:25:47.0875 3832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7BEE01A
    21:25:47.0875 3832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x7BF1F1A, BlocksNum 0x171A8E4
    21:25:47.0875 3832 \Device\Harddisk1\DR4:
    21:25:47.0875 3832 MBR partitions:
    21:25:47.0875 3832 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x3CF74B
    21:25:47.0875 3832 ============================================================
    21:25:48.0078 3832 C: <-> \Device\Harddisk0\DR0\Partition0
    21:25:48.0093 3832 D: <-> \Device\Harddisk0\DR0\Partition1
    21:25:48.0093 3832 ============================================================
    21:25:48.0093 3832 Initialize success
    21:25:48.0093 3832 ============================================================
    21:25:50.0796 3856 ============================================================
    21:25:50.0796 3856 Scan started
    21:25:50.0796 3856 Mode: Manual;
    21:25:50.0796 3856 ============================================================
    21:25:51.0046 3856 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
    21:25:51.0046 3856 5U870CAP_VID_1262&PID_25FD - ok
    21:25:51.0078 3856 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
    21:25:51.0078 3856 Aavmker4 - ok
    21:25:51.0093 3856 Abiosdsk - ok
    21:25:51.0125 3856 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    21:25:51.0140 3856 abp480n5 - ok
    21:25:51.0171 3856 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    21:25:51.0171 3856 ACPI - ok
    21:25:51.0187 3856 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    21:25:51.0187 3856 ACPIEC - ok
    21:25:51.0359 3856 AddFiltr (746742588c07db53731143229e2ee450) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    21:25:51.0359 3856 AddFiltr - ok
    21:25:51.0468 3856 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    21:25:51.0484 3856 AdobeFlashPlayerUpdateSvc - ok
    21:25:51.0531 3856 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    21:25:51.0531 3856 adpu160m - ok
    21:25:51.0593 3856 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    21:25:51.0593 3856 aec - ok
    21:25:51.0640 3856 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
    21:25:51.0640 3856 AFD - ok
    21:25:51.0718 3856 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
    21:25:51.0718 3856 agp440 - ok
    21:25:51.0781 3856 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    21:25:51.0781 3856 agpCPQ - ok
    21:25:51.0796 3856 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    21:25:51.0796 3856 Aha154x - ok
    21:25:51.0812 3856 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    21:25:51.0812 3856 aic78u2 - ok
    21:25:51.0843 3856 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    21:25:51.0859 3856 aic78xx - ok
    21:25:51.0906 3856 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
    21:25:51.0906 3856 Alerter - ok
    21:25:51.0953 3856 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
    21:25:51.0953 3856 ALG - ok
    21:25:51.0968 3856 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    21:25:51.0968 3856 AliIde - ok
    21:25:52.0000 3856 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    21:25:52.0000 3856 alim1541 - ok
    21:25:52.0046 3856 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    21:25:52.0046 3856 amdagp - ok
    21:25:52.0078 3856 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    21:25:52.0078 3856 AmdK8 - ok
    21:25:52.0109 3856 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    21:25:52.0109 3856 amsint - ok
    21:25:52.0156 3856 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
    21:25:52.0156 3856 AppMgmt - ok
    21:25:52.0187 3856 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    21:25:52.0187 3856 Arp1394 - ok
    21:25:52.0234 3856 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    21:25:52.0250 3856 asc - ok
    21:25:52.0281 3856 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    21:25:52.0281 3856 asc3350p - ok
    21:25:52.0312 3856 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    21:25:52.0312 3856 asc3550 - ok
    21:25:52.0453 3856 aspnet_state (4eabf511b1af176a971c3271e48fa3a8) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    21:25:52.0500 3856 aspnet_state - ok
    21:25:52.0562 3856 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    21:25:52.0562 3856 aswFsBlk - ok
    21:25:52.0593 3856 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
    21:25:52.0593 3856 aswMon2 - ok
    21:25:52.0640 3856 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
    21:25:52.0640 3856 AswRdr - ok
    21:25:52.0718 3856 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
    21:25:52.0734 3856 aswSnx - ok
    21:25:52.0781 3856 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
    21:25:52.0781 3856 aswSP - ok
    21:25:52.0812 3856 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
    21:25:52.0812 3856 aswTdi - ok
    21:25:52.0859 3856 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    21:25:52.0859 3856 AsyncMac - ok
    21:25:52.0906 3856 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
    21:25:52.0906 3856 atapi - ok
    21:25:52.0921 3856 Atdisk - ok
    21:25:52.0953 3856 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    21:25:52.0968 3856 Atmarpc - ok
    21:25:53.0000 3856 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
    21:25:53.0000 3856 AudioSrv - ok
    21:25:53.0015 3856 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    21:25:53.0031 3856 audstub - ok
    21:25:53.0156 3856 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    21:25:53.0171 3856 avast! Antivirus - ok
    21:25:53.0281 3856 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    21:25:53.0343 3856 BCM43XX - ok
    21:25:53.0484 3856 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    21:25:53.0484 3856 Beep - ok
    21:25:53.0546 3856 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
    21:25:53.0718 3856 BITS - ok
    21:25:53.0812 3856 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
    21:25:53.0828 3856 Bonjour Service - ok
    21:25:53.0875 3856 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
    21:25:53.0875 3856 Browser - ok
    21:25:53.0906 3856 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
    21:25:53.0906 3856 BTWUSB - ok
    21:25:53.0968 3856 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    21:25:53.0968 3856 cbidf - ok
    21:25:53.0984 3856 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    21:25:53.0984 3856 cbidf2k - ok
    21:25:54.0046 3856 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    21:25:54.0046 3856 CCDECODE - ok
    21:25:54.0062 3856 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    21:25:54.0062 3856 cd20xrnt - ok
    21:25:54.0093 3856 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    21:25:54.0093 3856 Cdaudio - ok
    21:25:54.0109 3856 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    21:25:54.0109 3856 Cdfs - ok
    21:25:54.0187 3856 Cdrom (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    21:25:54.0187 3856 Cdrom - ok
    21:25:54.0187 3856 Changer - ok
    21:25:54.0234 3856 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
    21:25:54.0234 3856 CiSvc - ok
    21:25:54.0265 3856 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
    21:25:54.0265 3856 ClipSrv - ok
    21:25:54.0390 3856 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:25:54.0484 3856 clr_optimization_v2.0.50727_32 - ok
    21:25:54.0515 3856 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    21:25:54.0531 3856 CmBatt - ok
    21:25:54.0562 3856 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    21:25:54.0562 3856 CmdIde - ok
    21:25:54.0593 3856 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    21:25:54.0593 3856 Compbatt - ok
    21:25:54.0609 3856 COMSysApp - ok
    21:25:54.0640 3856 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    21:25:54.0640 3856 Cpqarray - ok
    21:25:54.0687 3856 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
    21:25:54.0687 3856 CryptSvc - ok
    21:25:54.0734 3856 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    21:25:54.0750 3856 dac2w2k - ok
    21:25:54.0765 3856 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    21:25:54.0765 3856 dac960nt - ok
    21:25:54.0828 3856 DcomLaunch (ce94a2bd25e3e9f4d46a7373ff455c6d) C:\WINDOWS\system32\rpcss.dll
    21:25:54.0859 3856 DcomLaunch - ok
    21:25:54.0906 3856 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
    21:25:54.0906 3856 Dhcp - ok
    21:25:54.0921 3856 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    21:25:54.0937 3856 Disk - ok
    21:25:54.0937 3856 dmadmin - ok
    21:25:55.0000 3856 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    21:25:55.0046 3856 dmboot - ok
    21:25:55.0046 3856 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    21:25:55.0062 3856 dmio - ok
    21:25:55.0062 3856 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    21:25:55.0062 3856 dmload - ok
    21:25:55.0109 3856 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
    21:25:55.0125 3856 dmserver - ok
    21:25:55.0140 3856 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    21:25:55.0140 3856 DMusic - ok
    21:25:55.0187 3856 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
    21:25:55.0187 3856 Dnscache - ok
    21:25:55.0218 3856 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    21:25:55.0218 3856 dpti2o - ok
    21:25:55.0250 3856 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    21:25:55.0250 3856 drmkaud - ok
    21:25:55.0281 3856 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
    21:25:55.0296 3856 eabfiltr - ok
    21:25:55.0328 3856 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
    21:25:55.0328 3856 eabusb - ok
    21:25:55.0421 3856 ehRecvr (d039a0c347632622934906bd59a4e1ea) C:\WINDOWS\eHome\ehRecvr.exe
    21:25:55.0421 3856 ehRecvr - ok
    21:25:55.0453 3856 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
    21:25:55.0453 3856 ehSched - ok
    21:25:55.0515 3856 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
    21:25:55.0515 3856 ERSvc - ok
    21:25:55.0546 3856 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
    21:25:55.0562 3856 Eventlog - ok
    21:25:55.0609 3856 EventSystem (34bbd9acc1538818f2c878898c64e793) C:\WINDOWS\system32\es.dll
    21:25:55.0609 3856 EventSystem - ok
    21:25:55.0656 3856 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    21:25:55.0671 3856 Fastfat - ok
    21:25:55.0703 3856 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
    21:25:55.0718 3856 FastUserSwitchingCompatibility - ok
    21:25:55.0734 3856 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
    21:25:55.0734 3856 Fdc - ok
    21:25:55.0750 3856 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    21:25:55.0750 3856 Fips - ok
    21:25:55.0781 3856 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
    21:25:55.0796 3856 Flpydisk - ok
    21:25:55.0828 3856 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    21:25:55.0828 3856 FltMgr - ok
    21:25:55.0953 3856 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    21:25:55.0953 3856 FontCache3.0.0.0 - ok
    21:25:55.0984 3856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    21:25:55.0984 3856 Fs_Rec - ok
    21:25:56.0000 3856 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    21:25:56.0000 3856 Ftdisk - ok
    21:25:56.0062 3856 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    21:25:56.0062 3856 GEARAspiWDM - ok
    21:25:56.0078 3856 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    21:25:56.0093 3856 Gpc - ok
    21:25:56.0109 3856 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
    21:25:56.0109 3856 HBtnKey - ok
    21:25:56.0171 3856 HdAudAddService (4905d28aa09f63e6a2f4e93ed6dd7d19) C:\WINDOWS\system32\drivers\CHDAud.sys
    21:25:56.0187 3856 HdAudAddService - ok
    21:25:56.0218 3856 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    21:25:56.0218 3856 HDAudBus - ok
    21:25:56.0390 3856 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    21:25:56.0390 3856 helpsvc - ok
    21:25:56.0390 3856 HidServ - ok
    21:25:56.0437 3856 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    21:25:56.0437 3856 HidUsb - ok
    21:25:56.0484 3856 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    21:25:56.0484 3856 hpn - ok
    21:25:56.0625 3856 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    21:25:56.0625 3856 hpqwmiex - ok
    21:25:56.0656 3856 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    21:25:56.0656 3856 HSFHWAZL - ok
    21:25:56.0718 3856 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    21:25:56.0765 3856 HSF_DPV - ok
    21:25:56.0828 3856 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
    21:25:56.0843 3856 HTTP - ok
    21:25:56.0875 3856 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
    21:25:56.0875 3856 HTTPFilter - ok
    21:25:56.0906 3856 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
    21:25:56.0906 3856 i2omgmt - ok
    21:25:56.0953 3856 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    21:25:56.0968 3856 i2omp - ok
    21:25:57.0000 3856 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    21:25:57.0000 3856 i8042prt - ok
    21:25:57.0062 3856 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    21:25:57.0125 3856 iaStor - ok
    21:25:57.0265 3856 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    21:25:57.0265 3856 IDriverT - ok
    21:25:57.0406 3856 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    21:25:57.0468 3856 idsvc - ok
    21:25:57.0578 3856 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    21:25:57.0578 3856 Imapi - ok
    21:25:57.0625 3856 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
    21:25:57.0625 3856 ImapiService - ok
    21:25:57.0656 3856 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    21:25:57.0656 3856 ini910u - ok
    21:25:57.0703 3856 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
    21:25:57.0703 3856 IntelIde - ok
    21:25:57.0734 3856 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    21:25:57.0734 3856 Ip6Fw - ok
    21:25:57.0750 3856 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    21:25:57.0750 3856 IpFilterDriver - ok
    21:25:57.0781 3856 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    21:25:57.0781 3856 IpInIp - ok
    21:25:57.0828 3856 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    21:25:57.0828 3856 IpNat - ok
    21:25:57.0843 3856 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    21:25:57.0843 3856 IPSec - ok
    21:25:57.0875 3856 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    21:25:57.0875 3856 IRENUM - ok
    21:25:57.0890 3856 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    21:25:57.0890 3856 isapnp - ok
    21:25:58.0093 3856 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
    21:25:58.0093 3856 JavaQuickStarterService - ok
    21:25:58.0125 3856 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    21:25:58.0125 3856 Kbdclass - ok
    21:25:58.0140 3856 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    21:25:58.0140 3856 kbdhid - ok
    21:25:58.0187 3856 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    21:25:58.0187 3856 kmixer - ok
    21:25:58.0203 3856 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
    21:25:58.0203 3856 KSecDD - ok
    21:25:58.0250 3856 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
    21:25:58.0250 3856 lanmanserver - ok
    21:25:58.0296 3856 lanmanworkstation (3cd291a2c4909088b3d1e98ded73d4b2) C:\WINDOWS\System32\wkssvc.dll
    21:25:58.0312 3856 lanmanworkstation - ok
    21:25:58.0328 3856 Lbd - ok
    21:25:58.0328 3856 lbrtfdc - ok
    21:25:58.0484 3856 LightScribeService (86e8bcaa91fc2acfacd99cf2bf9f1f47) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    21:25:58.0484 3856 LightScribeService - ok
    21:25:58.0515 3856 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
    21:25:58.0515 3856 LmHosts - ok
    21:25:58.0578 3856 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys
    21:25:58.0578 3856 mbamchameleon - ok
    21:25:58.0609 3856 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    21:25:58.0609 3856 MBAMSwissArmy - ok
    21:25:58.0718 3856 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
    21:25:58.0718 3856 McrdSvc - ok
    21:25:58.0859 3856 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    21:25:58.0859 3856 MDM - ok
    21:25:58.0906 3856 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    21:25:58.0906 3856 mdmxsdk - ok
    21:25:58.0937 3856 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
    21:25:58.0953 3856 Messenger - ok
    21:25:59.0000 3856 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
    21:25:59.0000 3856 MHN - ok
    21:25:59.0031 3856 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    21:25:59.0031 3856 MHNDRV - ok
    21:25:59.0109 3856 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    21:25:59.0125 3856 Microsoft Office Groove Audit Service - ok
    21:25:59.0140 3856 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    21:25:59.0140 3856 mnmdd - ok
    21:25:59.0171 3856 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
    21:25:59.0187 3856 mnmsrvc - ok
    21:25:59.0218 3856 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    21:25:59.0218 3856 Modem - ok
    21:25:59.0234 3856 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    21:25:59.0234 3856 Mouclass - ok
    21:25:59.0265 3856 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    21:25:59.0265 3856 MountMgr - ok
    21:25:59.0328 3856 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    21:25:59.0328 3856 MozillaMaintenance - ok
    21:25:59.0406 3856 MQAC (157a32ddc6a019a4e31b19d604d2f127) C:\WINDOWS\system32\drivers\mqac.sys
    21:25:59.0406 3856 MQAC - ok
    21:25:59.0437 3856 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    21:25:59.0437 3856 mraid35x - ok
    21:25:59.0484 3856 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    21:25:59.0484 3856 MRxDAV - ok
    21:25:59.0531 3856 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    21:25:59.0546 3856 MRxSmb - ok
    21:25:59.0609 3856 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
    21:25:59.0625 3856 MSDTC - ok
    21:25:59.0671 3856 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    21:25:59.0671 3856 Msfs - ok
    21:25:59.0687 3856 MSIServer - ok
    21:25:59.0734 3856 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    21:25:59.0734 3856 MSKSSRV - ok
    21:25:59.0750 3856 MSMQ (72ef444e51025f389c6c232a28b7d736) C:\WINDOWS\system32\mqsvc.exe
    21:25:59.0765 3856 MSMQ - ok
    21:25:59.0781 3856 MSMQTriggers (96c102d0b66d7a6aa3ef9b07df7ee025) C:\WINDOWS\system32\mqtgsvc.exe
    21:25:59.0796 3856 MSMQTriggers - ok
    21:25:59.0812 3856 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    21:25:59.0812 3856 MSPCLOCK - ok
    21:25:59.0828 3856 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    21:25:59.0828 3856 MSPQM - ok
    21:25:59.0859 3856 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    21:25:59.0859 3856 mssmbios - ok
    21:25:59.0890 3856 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    21:25:59.0890 3856 MSTEE - ok
    21:25:59.0921 3856 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    21:25:59.0921 3856 Mup - ok
    21:25:59.0953 3856 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    21:25:59.0953 3856 NABTSFEC - ok
    21:26:00.0000 3856 NDIS (aa898f84d2b59129fb92e143a2c73434) C:\WINDOWS\system32\drivers\NDIS.sys
    21:26:00.0000 3856 NDIS - ok
    21:26:00.0031 3856 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    21:26:00.0031 3856 NdisIP - ok
    21:26:00.0078 3856 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    21:26:00.0078 3856 NdisTapi - ok
    21:26:00.0125 3856 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    21:26:00.0125 3856 Ndisuio - ok
    21:26:00.0156 3856 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    21:26:00.0156 3856 NdisWan - ok
    21:26:00.0171 3856 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    21:26:00.0171 3856 NDProxy - ok
    21:26:00.0187 3856 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    21:26:00.0187 3856 NetBIOS - ok
    21:26:00.0218 3856 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    21:26:00.0218 3856 NetBT - ok
    21:26:00.0281 3856 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
    21:26:00.0281 3856 NetDDE - ok
    21:26:00.0296 3856 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
    21:26:00.0296 3856 NetDDEdsdm - ok
    21:26:00.0343 3856 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    21:26:00.0359 3856 Netlogon - ok
    21:26:00.0390 3856 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
    21:26:00.0406 3856 Netman - ok
    21:26:00.0531 3856 NetTcpPortSharing (f9102685f97f9ba85f4a70afcf722cfe) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:26:00.0546 3856 NetTcpPortSharing - ok
    21:26:00.0593 3856 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    21:26:00.0593 3856 NIC1394 - ok
    21:26:00.0671 3856 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
    21:26:00.0687 3856 Nla - ok
    21:26:00.0703 3856 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    21:26:00.0703 3856 Npfs - ok
    21:26:00.0765 3856 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    21:26:00.0796 3856 Ntfs - ok
    21:26:00.0796 3856 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    21:26:00.0812 3856 NtLmSsp - ok
    21:26:00.0875 3856 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
    21:26:00.0890 3856 NtmsSvc - ok
    21:26:00.0921 3856 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    21:26:00.0937 3856 Null - ok
    21:26:01.0109 3856 nv (c493bec0b489551bfe60de6c76e6f4ec) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    21:26:01.0312 3856 nv - ok
    21:26:01.0453 3856 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
    21:26:01.0453 3856 nvata - ok
    21:26:01.0484 3856 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    21:26:01.0484 3856 NVENETFD - ok
    21:26:01.0500 3856 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    21:26:01.0500 3856 nvnetbus - ok
    21:26:01.0515 3856 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
    21:26:01.0531 3856 nvsmu - ok
    21:26:01.0562 3856 NVSvc (6aa11854fc03d5a6e8388a13fa2eaafd) C:\WINDOWS\system32\nvsvc32.exe
    21:26:01.0578 3856 NVSvc - ok
    21:26:01.0609 3856 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    21:26:01.0609 3856 NwlnkFlt - ok
    21:26:01.0640 3856 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    21:26:01.0640 3856 NwlnkFwd - ok
    21:26:01.0812 3856 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    21:26:01.0828 3856 odserv - ok
    21:26:01.0875 3856 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    21:26:01.0875 3856 ohci1394 - ok
    21:26:01.0953 3856 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:26:01.0953 3856 ose - ok
    21:26:02.0187 3856 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
    21:26:02.0218 3856 Parport - ok
    21:26:02.0234 3856 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    21:26:02.0234 3856 PartMgr - ok
    21:26:02.0281 3856 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    21:26:02.0328 3856 ParVdm - ok
    21:26:02.0328 3856 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    21:26:02.0343 3856 PCI - ok
    21:26:02.0343 3856 PCIDump - ok
    21:26:02.0359 3856 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    21:26:02.0359 3856 PCIIde - ok
    21:26:02.0562 3856 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    21:26:02.0562 3856 Pcmcia - ok
    21:26:02.0562 3856 PDCOMP - ok
    21:26:02.0578 3856 PDFRAME - ok
    21:26:02.0593 3856 PDRELI - ok
    21:26:02.0609 3856 PDRFRAME - ok
    21:26:02.0640 3856 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    21:26:02.0656 3856 perc2 - ok
    21:26:02.0671 3856 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    21:26:02.0671 3856 perc2hib - ok
    21:26:02.0750 3856 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
    21:26:02.0750 3856 PlugPlay - ok
    21:26:02.0796 3856 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    21:26:02.0796 3856 PolicyAgent - ok
    21:26:02.0828 3856 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    21:26:02.0828 3856 PptpMiniport - ok
    21:26:02.0843 3856 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    21:26:02.0843 3856 ProtectedStorage - ok
    21:26:02.0875 3856 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    21:26:02.0875 3856 PSched - ok
    21:26:02.0906 3856 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    21:26:02.0906 3856 Ptilink - ok
    21:26:02.0921 3856 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    21:26:02.0937 3856 PxHelp20 - ok
    21:26:02.0968 3856 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    21:26:02.0968 3856 ql1080 - ok
    21:26:03.0031 3856 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    21:26:03.0031 3856 Ql10wnt - ok
    21:26:03.0046 3856 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    21:26:03.0046 3856 ql12160 - ok
    21:26:03.0078 3856 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    21:26:03.0078 3856 ql1240 - ok
    21:26:03.0125 3856 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    21:26:03.0125 3856 ql1280 - ok
    21:26:03.0171 3856 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    21:26:03.0171 3856 RasAcd - ok
    21:26:03.0218 3856 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
    21:26:03.0234 3856 RasAuto - ok
    21:26:03.0281 3856 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    21:26:03.0281 3856 Rasl2tp - ok
    21:26:03.0328 3856 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
    21:26:03.0343 3856 RasMan - ok
    21:26:03.0343 3856 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    21:26:03.0343 3856 RasPppoe - ok
    21:26:03.0375 3856 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    21:26:03.0390 3856 Raspti - ok
    21:26:03.0421 3856 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    21:26:03.0421 3856 Rdbss - ok
    21:26:03.0437 3856 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    21:26:03.0437 3856 RDPCDD - ok
    21:26:03.0484 3856 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    21:26:03.0500 3856 rdpdr - ok
    21:26:03.0546 3856 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    21:26:03.0546 3856 RDPWD - ok
    21:26:03.0609 3856 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
    21:26:03.0625 3856 RDSessMgr - ok
    21:26:03.0656 3856 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    21:26:03.0671 3856 redbook - ok
    21:26:03.0703 3856 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
    21:26:03.0718 3856 RemoteAccess - ok
    21:26:03.0781 3856 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
    21:26:03.0781 3856 RemoteRegistry - ok
    21:26:03.0812 3856 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
    21:26:03.0812 3856 rimmptsk - ok
    21:26:03.0843 3856 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
    21:26:03.0843 3856 rimsptsk - ok
    21:26:03.0875 3856 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
    21:26:03.0875 3856 rismxdp - ok
    21:26:03.0937 3856 RMCAST (9d54c7c15847b933e03d6e7c9307bae5) C:\WINDOWS\system32\drivers\RMCast.sys
    21:26:03.0953 3856 RMCAST - ok
    21:26:03.0984 3856 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
    21:26:04.0000 3856 RpcLocator - ok
    21:26:04.0046 3856 RpcSs (ce94a2bd25e3e9f4d46a7373ff455c6d) C:\WINDOWS\system32\rpcss.dll
    21:26:04.0062 3856 RpcSs - ok
    21:26:04.0125 3856 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    21:26:04.0140 3856 RSVP - ok
    21:26:04.0156 3856 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    21:26:04.0156 3856 rtl8139 - ok
    21:26:04.0187 3856 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
    21:26:04.0187 3856 SamSs - ok
    21:26:04.0234 3856 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
    21:26:04.0234 3856 SCardSvr - ok
    21:26:04.0265 3856 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
    21:26:04.0281 3856 Schedule - ok
    21:26:04.0328 3856 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    21:26:04.0328 3856 sdbus - ok
    21:26:04.0359 3856 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    21:26:04.0359 3856 Secdrv - ok
    21:26:04.0390 3856 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
    21:26:04.0390 3856 seclogon - ok
    21:26:04.0421 3856 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
    21:26:04.0437 3856 SENS - ok
    21:26:04.0468 3856 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
    21:26:04.0468 3856 Serial - ok
    21:26:04.0515 3856 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    21:26:04.0515 3856 Sfloppy - ok
    21:26:04.0578 3856 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
    21:26:04.0578 3856 SharedAccess - ok
    21:26:04.0625 3856 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
    21:26:04.0625 3856 ShellHWDetection - ok
    21:26:04.0640 3856 Simbad - ok
    21:26:04.0671 3856 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    21:26:04.0671 3856 sisagp - ok
    21:26:04.0718 3856 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    21:26:04.0718 3856 SLIP - ok
    21:26:04.0781 3856 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    21:26:04.0781 3856 Sparrow - ok
    21:26:04.0828 3856 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    21:26:04.0828 3856 splitter - ok
    21:26:04.0859 3856 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
    21:26:04.0875 3856 Spooler - ok
    21:26:04.0890 3856 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    21:26:04.0890 3856 sr - ok
    21:26:04.0921 3856 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
    21:26:04.0937 3856 srservice - ok
    21:26:04.0984 3856 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
    21:26:05.0015 3856 Srv - ok
    21:26:05.0031 3856 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
    21:26:05.0031 3856 SSDPSRV - ok
    21:26:05.0078 3856 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
    21:26:05.0093 3856 stisvc - ok
    21:26:05.0125 3856 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    21:26:05.0125 3856 streamip - ok
    21:26:05.0156 3856 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    21:26:05.0156 3856 swenum - ok
    21:26:05.0171 3856 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    21:26:05.0171 3856 swmidi - ok
    21:26:05.0187 3856 SwPrv - ok
    21:26:05.0218 3856 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    21:26:05.0218 3856 symc810 - ok
    21:26:05.0234 3856 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    21:26:05.0250 3856 symc8xx - ok
    21:26:05.0265 3856 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    21:26:05.0265 3856 sym_hi - ok
    21:26:05.0281 3856 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    21:26:05.0296 3856 sym_u3 - ok
    21:26:05.0328 3856 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    21:26:05.0343 3856 SynTP - ok
    21:26:05.0359 3856 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    21:26:05.0359 3856 sysaudio - ok
    21:26:05.0406 3856 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
    21:26:05.0406 3856 SysmonLog - ok
    21:26:05.0468 3856 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
    21:26:05.0484 3856 TapiSrv - ok
    21:26:05.0531 3856 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    21:26:05.0531 3856 Tcpip - ok
    21:26:05.0578 3856 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    21:26:05.0578 3856 TDPIPE - ok
    21:26:05.0593 3856 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    21:26:05.0593 3856 TDTCP - ok
    21:26:05.0656 3856 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    21:26:05.0656 3856 TermDD - ok
    21:26:05.0718 3856 TermService (c29a5286e64d97385178452d5f307b98) C:\WINDOWS\System32\termsrv.dll
    21:26:05.0718 3856 TermService - ok
    21:26:05.0765 3856 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
    21:26:05.0781 3856 Themes - ok
    21:26:05.0812 3856 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
    21:26:05.0812 3856 TlntSvr - ok
    21:26:05.0843 3856 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    21:26:05.0843 3856 TosIde - ok
    21:26:05.0890 3856 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
    21:26:05.0906 3856 TrkWks - ok
    21:26:05.0937 3856 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    21:26:05.0937 3856 Udfs - ok
    21:26:05.0953 3856 UIUSys - ok
    21:26:06.0000 3856 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    21:26:06.0000 3856 ultra - ok
    21:26:06.0046 3856 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
    21:26:06.0046 3856 Update - ok
    21:26:06.0093 3856 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
    21:26:06.0109 3856 upnphost - ok
    21:26:06.0171 3856 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
    21:26:06.0171 3856 UPS - ok
    21:26:06.0187 3856 USBAAPL - ok
    21:26:06.0234 3856 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
    21:26:06.0234 3856 usbaudio - ok
    21:26:06.0281 3856 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    21:26:06.0281 3856 usbccgp - ok
    21:26:06.0328 3856 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    21:26:06.0328 3856 usbehci - ok
    21:26:06.0343 3856 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    21:26:06.0359 3856 usbhub - ok
    21:26:06.0375 3856 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    21:26:06.0375 3856 usbohci - ok
    21:26:06.0421 3856 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    21:26:06.0421 3856 usbprint - ok
    21:26:06.0453 3856 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    21:26:06.0453 3856 usbscan - ok
    21:26:06.0500 3856 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    21:26:06.0500 3856 USBSTOR - ok
    21:26:06.0531 3856 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    21:26:06.0531 3856 usbuhci - ok
    21:26:06.0562 3856 V0090VID (58567a3e213209fc5d787d1f42941a06) C:\WINDOWS\system32\DRIVERS\V0090Vid.sys
    21:26:06.0562 3856 V0090VID - ok
    21:26:06.0640 3856 VF0350Afx (e8532ccc886588219bceb3ea6f9f5339) C:\WINDOWS\system32\Drivers\V0350Afx.sys
    21:26:06.0640 3856 VF0350Afx - ok
    21:26:06.0687 3856 VF0350Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\V0350VFx.sys
    21:26:06.0687 3856 VF0350Vfx - ok
    21:26:06.0703 3856 VF0350Vid (0bfd58f9ad1e953f475526e12b81a85a) C:\WINDOWS\system32\DRIVERS\V0350Vid.sys
    21:26:06.0718 3856 VF0350Vid - ok
    21:26:06.0750 3856 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    21:26:06.0765 3856 VgaSave - ok
    21:26:06.0796 3856 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    21:26:06.0812 3856 viaagp - ok
    21:26:06.0843 3856 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
    21:26:06.0843 3856 ViaIde - ok
    21:26:06.0843 3856 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    21:26:06.0859 3856 VolSnap - ok
    21:26:06.0906 3856 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
    21:26:06.0921 3856 VSS - ok
    21:26:06.0953 3856 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
    21:26:06.0968 3856 W32Time - ok
    21:26:07.0000 3856 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    21:26:07.0000 3856 Wanarp - ok
    21:26:07.0046 3856 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    21:26:07.0093 3856 Wdf01000 - ok
    21:26:07.0093 3856 WDICA - ok
    21:26:07.0140 3856 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    21:26:07.0140 3856 wdmaud - ok
    21:26:07.0171 3856 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
    21:26:07.0171 3856 WebClient - ok
    21:26:07.0234 3856 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    21:26:07.0281 3856 winachsf - ok
    21:26:07.0328 3856 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
    21:26:07.0343 3856 winmgmt - ok
    21:26:07.0390 3856 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    21:26:07.0390 3856 WinUSB - ok
    21:26:07.0546 3856 WMConnectCDS (cd99c9feae87c1963273f6b150251e33) C:\Program Files\Windows Media Connect 2\wmccds.exe
    21:26:07.0562 3856 WMConnectCDS - ok
    21:26:07.0625 3856 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    21:26:07.0640 3856 WmdmPmSN - ok
    21:26:07.0718 3856 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
    21:26:07.0734 3856 Wmi - ok
    21:26:07.0796 3856 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    21:26:07.0796 3856 WmiAcpi - ok
    21:26:07.0890 3856 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    21:26:07.0890 3856 WmiApSrv - ok
    21:26:07.0937 3856 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
    21:26:07.0953 3856 wscsvc - ok
    21:26:08.0015 3856 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    21:26:08.0015 3856 WSTCODEC - ok
    21:26:08.0046 3856 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
    21:26:08.0062 3856 wuauserv - ok
    21:26:08.0109 3856 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    21:26:08.0125 3856 WudfPf - ok
    21:26:08.0156 3856 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    21:26:08.0156 3856 WudfRd - ok
    21:26:08.0203 3856 WudfSvc (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
    21:26:08.0203 3856 WudfSvc - ok
    21:26:08.0250 3856 WZCSVC (247520eded53a08ae89ea4fae04f54d8) C:\WINDOWS\System32\wzcsvc.dll
    21:26:08.0265 3856 WZCSVC - ok
    21:26:08.0296 3856 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
    21:26:08.0312 3856 xmlprov - ok
    21:26:08.0359 3856 zumbus (85281f709ea678382f370ee1052bbbac) C:\WINDOWS\system32\DRIVERS\zumbus.sys
    21:26:08.0359 3856 zumbus - ok
    21:26:08.0406 3856 ZuneBusEnum (e1f765822a6923efc3758e58eb305726) C:\WINDOWS\system32\ZuneBusEnum.exe
    21:26:08.0421 3856 ZuneBusEnum - ok
    21:26:08.0703 3856 ZuneNetworkSvc (bd624c6e873bb0d5bb315d558bfce222) C:\Program Files\Zune\ZuneNss.exe
    21:26:08.0937 3856 ZuneNetworkSvc - ok
    21:26:09.0062 3856 ZuneWlanCfgSvc (aef3d950f6a8a85a0342e48908cf5b3d) C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
    21:26:09.0078 3856 ZuneWlanCfgSvc - ok
    21:26:09.0093 3856 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
    21:26:09.0156 3856 \Device\Harddisk0\DR0 - ok
    21:26:09.0156 3856 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4
    21:26:09.0171 3856 \Device\Harddisk1\DR4 - ok
    21:26:09.0171 3856 Boot (0x1200) (0b3e1da10c65ba4aaef46089e6530558) \Device\Harddisk0\DR0\Partition0
    21:26:09.0171 3856 \Device\Harddisk0\DR0\Partition0 - ok
    21:26:09.0187 3856 Boot (0x1200) (c56775fad289769c19d15b2cd80fd9cb) \Device\Harddisk0\DR0\Partition1
    21:26:09.0187 3856 \Device\Harddisk0\DR0\Partition1 - ok
    21:26:09.0187 3856 Boot (0x1200) (032a31eb4976bed7feec8d1785ecc0cf) \Device\Harddisk1\DR4\Partition0
    21:26:09.0203 3856 \Device\Harddisk1\DR4\Partition0 - ok
    21:26:09.0203 3856 ============================================================
    21:26:09.0203 3856 Scan finished
    21:26:09.0203 3856 ============================================================
    21:26:09.0218 3848 Detected object count: 0
    21:26:09.0218 3848 Actual detected object count: 0
  4. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

    There are 2 different versions. If one of them won't run then download and try to run the other one.

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    ========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  5. javier

    javier Newcomer, in training Topic Starter Posts: 25

    before I do this, should I re-start Avast? I currently have it "paused/turned off"
  6. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Yes you can.
  7. javier

    javier Newcomer, in training Topic Starter Posts: 25

    RKill:Rkill 2.1.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 08/10/2012 01:05:14 PM in x86 mode.
    Windows Version: Windows XP
    Checking for Windows services to stop.
    * No malware services found to stop.
    Checking for processes to terminate.
    * No malware processes found to kill.
    Checking Registry for malware related settings.
    * No issues found in the Registry.
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks.
    * No issues found.
    Searching for Missing Digital Signatures:
    * No issues found.
    Restarting Explorer.exe in order to apply changes.
    Program finished at: 08/10/2012 01:05:42 PM
    Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)
  8. javier

    javier Newcomer, in training Topic Starter Posts: 25

    MBR:
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-10 13:21:00
    -----------------------------
    13:21:00.937 OS Version: Windows 5.1.2600 Service Pack 2
    13:21:00.937 Number of processors: 1 586 0x4C02
    13:21:00.937 ComputerName: YOUR-0CDC4F5844 UserName: javier
    13:21:01.781 Initialize success
    13:21:02.750 AVAST engine defs: 12070300
    13:21:23.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007f
    13:21:23.703 Disk 0 Vendor: Size: 0MB BusType: 0
    13:21:23.734 Disk 0 MBR read successfully
    13:21:23.734 Disk 0 MBR scan
    13:21:23.734 Disk 0 unknown MBR code
    13:21:23.750 Disk 0 MBR hidden
    13:21:23.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 63452 MB offset 63
    13:21:23.781 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 11829 MB offset 129965850
    13:21:23.796 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 154191870
    13:21:23.828 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:21:34.218 Service scanning
    13:21:53.578 Modules scanning
    13:21:59.828 Disk 0 trace - called modules:
    13:22:00.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
    13:22:00.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8564b030]
    13:22:00.203 3 CLASSPNP.SYS[f74e805b] -> nt!IofCallDriver -> \Device\00000080[0x855f1a98]
    13:22:00.218 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\0000007f[0x856123e0]
    13:22:00.437 AVAST engine scan C:\WINDOWS
    13:22:07.078 AVAST engine scan C:\WINDOWS\system32
    13:24:58.125 AVAST engine scan C:\WINDOWS\system32\drivers
    13:25:13.296 AVAST engine scan C:\Documents and Settings\javier.YOUR-0CDC4F5844
    13:48:04.953 AVAST engine scan C:\Documents and Settings\All Users
    13:50:31.984 Scan finished successfully
    13:56:52.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\MBR.dat"
    13:56:52.359 The log file has been saved successfully to "C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\aswMBR.txt"
  9. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  10. javier

    javier Newcomer, in training Topic Starter Posts: 25

    Got this message : This machine does not have the Microsoft Windows recovery console installed. Alternately, an existing installation of the recovery console may be present but requires updating.
    Without it, ComboFix shall not attempt the fixing of some serious infections. Click yes to download/intsall (does require internet connection)

    But since I do not have an internet connection, I clicked no
  11. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Good :)
    Go on...
     
  12. javier

    javier Newcomer, in training Topic Starter Posts: 25

    just came home not to long ago...and ComboFX was still "scanning." I dont think that is typical since it had been running since my last post. I will re-run it tomorrow..should I DL another one and run that in safe mode?? If so, should I delete the first one (if yes, what method do you recomend on removing it?) Once again, thank you!
  13. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Yes and yes.
    Simply delete Combofix file.
  14. javier

    javier Newcomer, in training Topic Starter Posts: 25

    ok so tried running combofix all day yesterday, and still the same while in safe mode. Avtually made my computer shut off! I tried to change the time out time for the screen from 10 min to 999 and it would never take, after a couple of attempts, it sounded like the lap top was "working hard" then just shut off. I tried to restart it in safe mood, and while starting/checking things over it shut off again. Then I let it rest for 30 minutes, came back n stated up in regular mode and ran combofix and it ran, but for 4 hours and nothing. The clock was current so like I had read somewhere on here, it was working. Now what? Ohh yesi did do what you said...resaved as "jav_cha" ran immediately after RKill. RKill looked "normal" with nothing found, hence no log.
  15. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  16. javier

    javier Newcomer, in training Topic Starter Posts: 25

    RogueKiller:
    RogueKiller V7.6.6 [08/10/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
    Started in : Normal mode
    User: javier [Admin rights]
    Mode: Scan -- Date: 08/14/2012 19:20:38
    ¤¤¤ Bad processes: 1 ¤¤¤
    [SUSP PATH] V0350Mon.exe -- C:\WINDOWS\V0350Mon.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries: 5 ¤¤¤
    [SUSP PATH] HKLM\[...]\Run : V0350Mon.exe (C:\WINDOWS\V0350Mon.exe) -> FOUND
    [] HKLM\[...]\Windows : () -> ACCESS DENIED
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (actsvr.comcastonline.com:8100) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [] HKLM\[...]\Windows : () -> ACCESS DENIED
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver: [LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] f5a0c24a2a9de8d671c8d819eb59fd18
    [BSP] 3ca06dfd8ecf47907b7dafdc5a0494d5 : Toshiba tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 63452 Mo
    1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 129965850 | Size: 11829 Mo
    2 - [XXXXXX] UNKNOWN (0xd7) [VISIBLE] Offset (sectors): 154191870 | Size: 1027 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive1: +++++
    --- User ---
    [MBR] 98cd70d1f52828b5710868d7298bc84b
    [BSP] 788470fe12ec57aabe933cfdd9c84885 : Standard MBR Code
    Partition table:
    0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 245 | Size: 1950 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  17. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Looks good.

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. javier

    javier Newcomer, in training Topic Starter Posts: 25

    After the RogieKiller, was I supposed to click anything else after the scan? (such as delete??) Cuz I did =X
  19. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Nothing in my instructions about deleting anything.
  20. javier

    javier Newcomer, in training Topic Starter Posts: 25

    --OTL:
    OTL logfile created on: 8/14/2012 9:21:09 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    478.54 Mb Total Physical Memory | 137.20 Mb Available Physical Memory | 28.67% Memory free
    1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.26% Paging File free
    Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 61.96 Gb Total Space | 19.47 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
    Drive D: | 11.53 Gb Total Space | 1.21 Gb Free Space | 10.48% Space Free | Partition Type: FAT32
    Drive F: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 1.90 Gb Total Space | 1.38 Gb Free Space | 72.31% Space Free | Partition Type: FAT

    Computer Name: YOUR-0CDC4F5844 | User Name: javier | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/14 21:19:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\OTL.exe
    PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/03 00:22:15 | 001,780,224 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12070300\algo.dll
    MOD - [2007/10/29 15:35:13 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2006/07/11 21:55:04 | 000,172,032 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll
    MOD - [2006/04/18 19:15:22 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2006/03/15 21:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2006/03/15 21:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2005/08/05 22:01:54 | 000,282,112 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/05/06 13:49:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/05/04 08:49:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2006/06/12 13:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
    SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/08/09 11:28:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2012/08/09 10:53:32 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV - [2012/07/03 09:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/07/03 09:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/07/03 09:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/07/03 09:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/07/03 09:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/07/03 09:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/07/03 09:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2008/10/23 02:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2007/07/06 03:05:47 | 000,072,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
    DRV - [2007/06/10 10:01:02 | 000,142,656 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0350Afx.sys -- (VF0350Afx)
    DRV - [2007/05/10 10:02:00 | 000,170,368 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0350Vid.sys -- (VF0350Vid)
    DRV - [2007/03/05 03:45:04 | 000,007,424 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0350Vfx.sys -- (VF0350Vfx)
    DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
    DRV - [2006/07/26 23:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
    DRV - [2006/07/13 01:48:58 | 000,202,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
    DRV - [2006/06/19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2006/06/06 13:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
    DRV - [2006/05/12 13:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/04/19 03:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/04/19 03:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/04/19 03:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2006/03/05 16:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2006/03/02 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2006/03/02 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2006/01/26 17:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
    DRV - [2005/11/15 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/10/31 19:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/10/31 18:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/09/19 14:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
    DRV - [2005/09/19 14:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2005/09/19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2005/04/13 18:00:00 | 000,138,112 | R--- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0090Vid.sys -- (V0090VID)
    DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {753C17D9-B5E2-4511-BF6B-42D00B05C590}
    IE - HKCU\..\SearchScopes\{753C17D9-B5E2-4511-BF6B-42D00B05C590}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn;*.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.8.1
    FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
    FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
    FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    FF - prefs.js..network.proxy.type: 4


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
    FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
    FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/09 11:34:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/04 08:49:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/29 00:14:27 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/08/09 23:31:07 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Move Networks [2009/10/16 13:47:28 | 000,000,000 | ---D | M]

    [2011/10/12 22:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Extensions
    [2011/10/12 22:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Extensions\home2@tomtom.com
    [2012/08/08 09:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions
    [2009/04/17 17:53:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
    [2009/04/19 16:06:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
    [2010/02/26 23:11:55 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    [2009/04/17 17:53:04 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)
    [2009/04/19 16:06:57 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(3)
    [2012/04/29 09:30:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2009/04/17 17:53:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
    [2009/04/19 16:06:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(3)
    [2010/11/10 23:35:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
    [2010/05/27 10:44:04 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\illimitux@illimitux.net
    [2010/02/26 23:11:52 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\noia2_option@kk.noia
    [2012/08/09 09:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\vshareus@toolbar
    [2012/05/04 08:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/08/08 09:01:43 | 000,526,190 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\JAVIER.YOUR-0CDC4F5844\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VRSIKZFU.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    [2012/08/08 00:05:03 | 000,741,958 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\JAVIER.YOUR-0CDC4F5844\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VRSIKZFU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/05/04 08:49:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
    [2012/05/04 08:49:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/05/04 08:49:39 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2006/03/15 21:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
    O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
    O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A09AB788-0DE2-4A0B-8F2F-EE2A59A8E5AA}: DhcpNameServer = 10.48.146.16 10.48.146.81
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2006/01/03 19:07:54 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
    O32 - AutoRun File - [2007/02/12 12:53:42 | 000,000,277 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\Shell - "" = AutoRun
    O33 - MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
    O33 - MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\Shell - "" = AutoRun
    O33 - MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
    O33 - MountPoints2\{4189aa2d-f54c-11e0-a269-0014a5db0976}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
    O33 - MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\Shell - "" = AutoRun
    O33 - MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/14 21:20:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\OTL.exe
    [2012/08/14 19:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\RK_Quarantine
    [2012/08/12 21:10:55 | 000,000,000 | --SD | C] -- C:\Jav_Cha25989J
    [2012/08/12 18:53:13 | 000,000,000 | --SD | C] -- C:\Jav_Cha
    [2012/08/11 18:40:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/08/11 18:40:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/08/11 18:40:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/08/11 18:40:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/08/11 18:40:08 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/11 18:39:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/08/10 13:20:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\aswMBR.exe
    [2012/08/09 21:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\tdsskiller
    [2012/08/09 18:20:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\dds.com
    [2012/08/09 11:35:33 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2012/08/09 11:35:33 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2012/08/09 11:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2012/08/09 11:35:30 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2012/08/09 11:35:30 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2012/08/09 11:35:28 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2012/08/09 11:35:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2012/08/09 11:35:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2012/08/09 11:35:26 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2012/08/09 11:34:33 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2012/08/09 11:34:32 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2012/08/09 11:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/08/09 11:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/08/09 10:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
    [2012/08/09 09:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2006
    [2012/08/09 09:39:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [15 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\javier.YOUR-0CDC4F5844\My Documents\*.tmp files -> C:\Documents and Settings\javier.YOUR-0CDC4F5844\My Documents\*.tmp -> ]
    [1 C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\*.tmp files -> C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/14 21:19:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\OTL.exe
    [2012/08/14 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2012/08/14 19:50:58 | 000,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
    [2012/08/14 19:17:43 | 000,001,691 | ---- | M] () -- C:\hpqp.ini
    [2012/08/14 19:17:33 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
    [2012/08/14 19:17:31 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012/08/14 19:17:00 | 001,558,528 | ---- | M] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\RogueKiller.exe
    [2012/08/14 19:16:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/08/14 19:16:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/08/14 19:16:48 | 501,854,208 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/12 21:10:47 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/08/10 13:56:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\MBR.dat
    [2012/08/10 13:20:04 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\aswMBR.exe
    [2012/08/09 11:35:33 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2012/08/09 11:35:27 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/08/09 11:30:58 | 089,340,632 | ---- | M] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\avast_free_antivirus_setup.exe
    [2012/08/09 11:29:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\dds.com
    [2012/08/09 11:28:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2012/08/09 11:27:52 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\jse2c4y8.exe
    [2012/08/09 11:02:39 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\48230029.sys
    [2012/08/09 10:53:32 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [15 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\javier.YOUR-0CDC4F5844\My Documents\*.tmp files -> C:\Documents and Settings\javier.YOUR-0CDC4F5844\My Documents\*.tmp -> ]
    [1 C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\*.tmp files -> C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/14 19:19:21 | 001,558,528 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\RogueKiller.exe
    [2012/08/12 21:08:31 | 501,854,208 | -HS- | C] () -- C:\hiberfil.sys
    [2012/08/11 18:40:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/08/11 18:40:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/08/11 18:40:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/08/11 18:40:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/08/11 18:40:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/08/10 13:56:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\MBR.dat
    [2012/08/09 18:12:09 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\jse2c4y8.exe
    [2012/08/09 11:35:33 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2012/08/09 11:35:29 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2012/08/09 11:33:16 | 089,340,632 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\avast_free_antivirus_setup.exe
    [2012/08/09 11:02:14 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\48230029.sys
    [2012/08/09 10:53:32 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2009/09/18 23:25:26 | 000,220,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009/06/11 16:54:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Local Settings\Application Data\housecall.guid.cache
    [2008/07/27 22:39:23 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\wklnhst.dat
    [2008/06/06 17:34:40 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/06/03 22:42:44 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Local Settings\Application Data\fusioncache.dat

    ========== LOP Check ==========

    [2012/08/09 11:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2009/04/17 12:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
    [2008/06/06 17:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2010/06/24 17:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NBC Direct
    [2009/04/17 12:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2010/10/02 11:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
    [2008/06/03 00:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2007/09/15 11:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/10/12 22:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
    [2008/05/11 18:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/10/05 21:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/10/08 15:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/07/13 23:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2010/11/10 23:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
    [2008/06/04 00:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\AVGTOOLBAR
    [2010/10/02 11:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\avidemux
    [2011/02/06 22:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\cacaoweb
    [2009/04/17 12:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\DriverCure
    [2008/06/30 23:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\FLVPlayer4Free
    [2009/12/25 22:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\GlarySoft
    [2010/06/24 17:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\IDM
    [2009/04/05 10:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Leadertech
    [2009/04/19 16:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\LimeWire
    [2008/06/06 17:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\muvee Technologies
    [2010/06/24 17:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\NBC Direct
    [2009/07/14 00:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Red Kawa
    [2008/07/27 22:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Template
    [2011/10/12 22:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\TomTom
    [2009/09/26 08:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Trillian
    [2010/11/13 19:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\vShare
    [2012/04/29 09:20:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2012/08/12 21:10:47 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
    [2012/04/29 09:20:52 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
    [2012/08/14 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2008/06/02 23:18:36 | 000,000,000 | ---D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
    [2008/06/02 23:18:36 | 000,000,000 | ---D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
    [2008/05/23 19:54:11 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
    [2008/05/23 19:54:11 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
    [2008/05/11 11:25:54 | 000,000,000 | ---D | M](C:\Program Files\??pPatch\??pPatch) -- C:\Program Files\ΑрpPatch\ΑрpPatch
    [2008/05/11 10:42:09 | 000,000,000 | ---D | M](C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
    [2008/05/11 10:42:09 | 000,000,000 | ---D | M](C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
    [2007/08/22 00:23:10 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
    [2007/08/22 00:23:10 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
    [2007/08/21 02:57:58 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem32\??stem32) -- C:\Program Files\Common Files\ѕуstem32\ѕуstem32
    (C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
    (C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
    (C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
    (C:\Program Files\??curity) -- C:\Program Files\ѕеcurity

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    < End of report >
  21. javier

    javier Newcomer, in training Topic Starter Posts: 25

    --EXT:
    OTL Extras logfile created on: 8/14/2012 9:21:09 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    478.54 Mb Total Physical Memory | 137.20 Mb Available Physical Memory | 28.67% Memory free
    1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.26% Paging File free
    Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 61.96 Gb Total Space | 19.47 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
    Drive D: | 11.53 Gb Total Space | 1.21 Gb Free Space | 10.48% Space Free | Partition Type: FAT32
    Drive F: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 1.90 Gb Total Space | 1.38 Gb Free Space | 72.31% Space Free | Partition Type: FAT

    Computer Name: YOUR-0CDC4F5844 | User Name: javier | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
    "C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
    "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
    "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager
    "C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi
    "C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:pinnacle VideoSpin
    "C:\Program Files\cacaoweb\cacaoweb.exe" = C:\Program Files\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
    "{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
    "{13BCF6CB-2F54-4962-9B11-32F07048ACF3}" = HP User Guides 0031
    "{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
    "{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
    "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
    "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
    "{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
    "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
    "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
    "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
    "{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
    "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
    "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
    "{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
    "{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
    "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
    "{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
    "{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
    "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
    "{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
    "{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
    "{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
    "{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{471159EB-BECC-453C-B6F2-FE4FAB29B3F3}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
    "{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B0F64C44-DC77-497D-9A27-C0F5BAB12493}" = muveeNow 2.0 - Creative
    "{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840
    "{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
    "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
    "{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
    "{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
    "{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
    "0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
    "103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
    "382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
    "384E0BF4-1E1F-45A6-B60E-42144A3F15CD" = Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
    "4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
    "5658FB14-16A4-4DAE-946B-1457BE31572E" = Boggle Supreme from Hewlett-Packard Laptops (remove only)
    "5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
    "5DE4D54F-AA79-43A4-9C8A-C173E7E2B025" = 5 Card Slingo from Hewlett-Packard Laptops (remove only)
    "6E377D95-DF37-4E67-B64B-68C314600BCB" = Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
    "7948472C-423F-4134-B68F-48D660A05D71" = Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
    "7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)
    "7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
    "7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)
    "9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "avast" = avast! Free Antivirus
    "AviSynth" = AviSynth 2.5
    "B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)
    "B0769D17-E72A-4E87-A83F-1F7A3F080008" = Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)
    "CCleaner" = CCleaner
    "CNXT_HDAUDIO" = Conexant HD Audio
    "CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
    "Creative Live! Cam Center" = Creative Live! Cam Center
    "Creative Live! Cam Doodling" = Creative Live! Cam Doodling
    "Creative Live! Cam FX Creator" = Creative Live! Cam FX Creator
    "Creative Live! Cam Manager" = Creative Live! Cam Manager
    "Creative Live! Cam User's Guide" = Creative Live! Cam User's Guide
    "Creative VF0090" = Creative WebCam Vista Plus Driver (1.02.02.0414)
    "Creative VF0350" = Creative Live! Cam Video Chat or Video IM Driver (1.02.01.00)
    "Creative WebCam Center" = Creative WebCam Center
    "D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
    "E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
    "E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)
    "EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)
    "FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 2.9.0.0
    "Get Yahoo! Messenger" = Get Yahoo! Messenger
    "Glary Registry Repair_is1" = Glary Registry Repair 3.3.0.852
    "Glary Utilities_is1" = Glary Utilities 2.23.0.923
    "HP Game Console" = HP Game Console and games
    "HP Imaging Device Functions" = HP Imaging Device Functions 6.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
    "Money2006b" = Microsoft Money 2006
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "SightSpeed" = SightSpeed (remove only)
    "Silvestri_2009" = Silvestri Comp Review PN 4e
    "Silvestri_PN_4e_2009" = Silvestri Comp Review PN 4e
    "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "SysInfo" = Creative System Information
    "SystemRequirementsLab" = System Requirements Lab
    "Veetle TV" = Veetle TV 0.9.18
    "Veoh Video Compass" = Veoh Video Compass
    "Veoh Web Player Beta" = Veoh Web Player
    "Videora iPod Converter" = Videora iPod Converter 4.08
    "vShare" = vShare Plugin
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "WGA" = Windows Genuine Advantage Validation Tool
    "WIC" = Windows Imaging Component
    "WildTangent CDA" = WildTangent Web Driver
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "winusb0100" = Microsoft WinUsb 1.0
    "WMCSetup" = Windows Media Connect
    "WMFDist11" = Windows Media Format 11 runtime
    "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/11/2012 9:34:46 PM | Computer Name = YOUR-0CDC4F5844 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 8/12/2012 9:46:12 PM | Computer Name = YOUR-0CDC4F5844 | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 8/12/2012 9:46:12 PM | Computer Name = YOUR-0CDC4F5844 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 8/12/2012 9:51:20 PM | Computer Name = YOUR-0CDC4F5844 | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 8/12/2012 9:51:37 PM | Computer Name = YOUR-0CDC4F5844 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 8/13/2012 12:09:32 AM | Computer Name = YOUR-0CDC4F5844 | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 8/13/2012 12:09:33 AM | Computer Name = YOUR-0CDC4F5844 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 8/14/2012 10:17:42 PM | Computer Name = YOUR-0CDC4F5844 | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 8/14/2012 10:17:44 PM | Computer Name = YOUR-0CDC4F5844 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 8/14/2012 10:49:36 PM | Computer Name = YOUR-0CDC4F5844 | Source = Application Error | ID = 1000
    Description = Faulting application sete.tmp, version 9.1.0.429, faulting module
    sete.tmp, version 9.1.0.429, fault address 0x0000814b.

    [ OSession Events ]
    Error - 5/21/2010 3:52:46 PM | Computer Name = YOUR-0CDC4F5844 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 493
    seconds with 180 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 4/30/2012 3:41:40 PM | Computer Name = YOUR-0CDC4F5844 | Source = nv | ID = 262187
    Description = The system sleep operation failed

    Error - 5/5/2012 4:23:31 PM | Computer Name = YOUR-0CDC4F5844 | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC0000001'
    while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
    the volume.

    Error - 7/6/2012 4:35:23 AM | Computer Name = YOUR-0CDC4F5844 | Source = W32Time | ID = 39452706
    Description = The time service has detected that the system time needs to be changed
    by +239447 seconds. The time service will not change the system time by more than
    +54000 seconds. Verify that your time and time zone are correct, and that the time
    source time.nist.gov (ntp.m|0x1|192.168.1.6:123->132.163.4.103:123) is working
    properly.

    Error - 7/8/2012 4:38:07 AM | Computer Name = YOUR-0CDC4F5844 | Source = W32Time | ID = 39452706
    Description = The time service has detected that the system time needs to be changed
    by +66648 seconds. The time service will not change the system time by more than
    +54000 seconds. Verify that your time and time zone are correct, and that the time
    source time.nist.gov (ntp.m|0x1|192.168.1.6:123->132.163.4.103:123) is working
    properly.

    Error - 8/7/2012 1:44:32 AM | Computer Name = YOUR-0CDC4F5844 | Source = Cdrom | ID = 262155
    Description = The driver detected a controller error on \Device\CdRom0.

    Error - 8/12/2012 9:51:15 PM | Computer Name = YOUR-0CDC4F5844 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 8/12/2012 9:51:18 PM | Computer Name = YOUR-0CDC4F5844 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 8/12/2012 9:51:30 PM | Computer Name = YOUR-0CDC4F5844 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 8/12/2012 9:52:53 PM | Computer Name = YOUR-0CDC4F5844 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 8/12/2012 9:53:12 PM | Computer Name = YOUR-0CDC4F5844 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


    < End of report >
  22. javier

    javier Newcomer, in training Topic Starter Posts: 25

    Ohh no! It appeared as if on RogueKiller, that was the next step! So I clicked the "delete" button.
  23. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn;*.local
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
      O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
      O33 - MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\Shell - "" = AutoRun
      O33 - MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
      O33 - MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\Shell - "" = AutoRun
      O33 - MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
      O33 - MountPoints2\{4189aa2d-f54c-11e0-a269-0014a5db0976}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
      O33 - MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\Shell - "" = AutoRun
      O33 - MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
      O33 - MountPoints2\F\Shell - "" = AutoRun
      O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
      [2008/05/11 18:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2012/08/14 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
      @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  24. javier

    javier Newcomer, in training Topic Starter Posts: 25

    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\free\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2311882d-6432-11de-a010-001636b7ae7c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2311882d-6432-11de-a010-001636b7ae7c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2311882d-6432-11de-a010-001636b7ae7c}\ not found.
    File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\ not found.
    File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4189aa2d-f54c-11e0-a269-0014a5db0976}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4189aa2d-f54c-11e0-a269-0014a5db0976}\ not found.
    File F:\InstallTomTomHOME.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\ not found.
    File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
    Folder C:\Documents and Settings\All Users\Application Data\Viewpoint\ not found.
    File C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job not found.
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    User: j
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: j.YOUR-0CDC4F5844
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jav's version
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Javier

    User: javier chavez
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: javier.YOUR-0CDC4F5844
    ->Temp folder emptied: 1087 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: j
    ->Java cache emptied: 0 bytes

    User: j.YOUR-0CDC4F5844
    ->Java cache emptied: 0 bytes

    User: jav's version
    ->Java cache emptied: 0 bytes

    User: Javier

    User: javier chavez
    ->Java cache emptied: 0 bytes

    User: javier.YOUR-0CDC4F5844
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: j
    ->Flash cache emptied: 0 bytes

    User: j.YOUR-0CDC4F5844
    ->Flash cache emptied: 0 bytes

    User: jav's version
    ->Flash cache emptied: 0 bytes

    User: Javier

    User: javier chavez
    ->Flash cache emptied: 0 bytes

    User: javier.YOUR-0CDC4F5844
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 08152012_125452
    Files\Folders moved on Reboot...
    File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    [2007/02/12 18:33:37 | 001,110,016 | R--- | M] () F:\LaunchU3.exe : MD5=AF3543ED6F0ACC75C1C12B094518B289
    Registry entries deleted on Reboot...
  25. javier

    javier Newcomer, in training Topic Starter Posts: 25

    SECCHECK:
    Results of screen317's Security Check version 0.99.43
    Windows XP Service Pack 2 x86
    Out of date service pack!!
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.61.0.1400
    CCleaner
    Java(TM) 6 Update 17
    Java version out of Date!
    Adobe Flash Player 11.2.202.235
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 12.0 Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 1%
    ````````````````````End of Log``````````````````````


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.