Inactive Wireless driver MIA on laptop, MWB cant be run!

J

javier

Posts: 24   +0
So heres the story...last night I clicked on a hyperlink and I got what I know is a fake "you have a virus, click here to disinfect" screen soon after along with a totally different website name than what showed on the bottom of the screen when I scrolled over it. I used my task mngr via the processes to shut down IE as this has saved me several times before from malicious content. This morning I went to start up the ol' laptop and noticed the blue light was now orange. I tried to run MWB but said it was corrupt and could not run. I tried to save MWB on a jump drive and and laod it that way, and still the same. I tried the chamleon method and nothing. I also tried uninstalling the LAN drives to see if that would re-install the wireless drivers after a re-boot and nothing. So now I am here for help. I have installed AVAST, ran that, and still nothing. Here are my logs:

--MWB: can not get it to run/load

--GMER:GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-09 18:18:19
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\0000007f rev.
Running: jse2c4y8.exe; Driver: C:\DOCUME~1\JAVIER~1.YOU\LOCALS~1\Temp\kgpdapod.sys

---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEB2BC162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEB2BBFCD]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEB33C744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
---- EOF - GMER 1.0.15 ----

--dds:.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by javier at 18:20:30 on 2012-08-09
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [V0350Mon.exe] c:\windows\V0350Mon.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: Interfaces\{A09AB788-0DE2-4A0B-8F2F-EE2A59A8E5AA} : DhcpNameServer = 10.48.146.16 10.48.146.81
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~4\office12\GR99D3~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\javier.your-0cdc4f5844\application data\mozilla\firefox\profiles\vrsikzfu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\javier.your-0cdc4f5844\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\documents and settings\javier.your-0cdc4f5844\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-08-09 18:35:28 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-09 18:34:33 41224 ----a-w- c:\windows\avastSS.scr
2012-08-09 18:34:02 -------- d-----w- c:\program files\AVAST Software
2012-08-09 18:34:02 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-08-09 18:02:14 35144 ----a-w- c:\windows\system32\drivers\48230029.sys
2012-08-09 17:53:32 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-09 17:22:59 -------- d-----w- c:\program files\Broadcom
2012-08-09 16:50:59 -------- d-----w- c:\program files\Microsoft Money 2006
2012-08-09 16:39:44 -------- d-----w- c:\windows\LastGood(2)
.
==================== Find3M ====================
.
2012-08-09 18:28:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
c:\windows\system32\drivers\nvata.sys NVIDIA Corporation NVIDIA nForce(TM) IDE Driver
1 ntkrnlpa!IofCallDriver[0x804EF16A] -> \Device\Harddisk0\DR0[0x8564B030]
3 CLASSPNP[0xF74E805B] -> ntkrnlpa!IofCallDriver[0x804EF16A] -> \Device\00000080[0x855F1A98]
5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EF16A] -> \Device\0000007f[0x856123E0]
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x7a; }
user != kernel MBR !!!
.
============= FINISH: 18:21:29.21 ===============
and for the "attach log"

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
5 Card Slingo from Hewlett-Packard Laptops (remove only)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced Video FX Engine
Ask Toolbar
avast! Free Antivirus
AviSynth 2.5
Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
Blasterball 2 from Hewlett-Packard Laptops (remove only)
Boggle Supreme from Hewlett-Packard Laptops (remove only)
Bonjour
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
Bounce Symphony from Hewlett-Packard Laptops (remove only)
Broadcom 802.11 Wireless LAN Adapter
BufferChm
CCleaner
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Creative Live! Cam Center
Creative Live! Cam Doodling
Creative Live! Cam FX Creator
Creative Live! Cam Manager
Creative Live! Cam User's Guide
Creative Live! Cam Video Chat or Video IM Driver (1.02.01.00)
Creative System Information
Creative WebCam Center
Creative WebCam Vista Plus Driver (1.02.02.0414)
Crystal Maze from Hewlett-Packard Laptops (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Final Drive Nitro from Hewlett-Packard Laptops (remove only)
Flip Words from Hewlett-Packard Laptops (remove only)
FLVPlayer4Free Free FLV Player 2.9.0.0
FullDPAppQFolder
GemMaster Mystic
Get Yahoo! Messenger
Glary Registry Repair 3.3.0.852
Glary Utilities 2.23.0.923
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB932716-v2)
HP Deskjet 3840
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Update
HP User Guides 0031
HP Wireless Assistant 2.00 G2
HpSdpAppCoreApp
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
InstantShareDevices
Java(TM) 6 Update 17
Jewel Quest from Hewlett-Packard Laptops (remove only)
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
LightScribe 1.4.97.1
Macromedia Flash Player 8
Macromedia Shockwave Player
Mah Jong Quest from Hewlett-Packard Laptops (remove only)
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Microsoft Works
MobileMe Control Panel
Move Media Player
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
muvee autoProducer 5.0
muveeNow 2.0 - Creative
NVIDIA Drivers
Oasis from Hewlett-Packard Laptops (remove only)
Office 2003 Trial Assistant
Olympus Digital Wave Player
OptionalContentQFolder
Otto
overland
PhotoGallery
Polar Bowler from Hewlett-Packard Laptops (remove only)
Polar Golfer from Hewlett-Packard Laptops (remove only)
Puzzle Express from Hewlett-Packard Laptops (remove only)
Quicken 2006
QuickTime
RandMap
Realtek High Definition Audio Driver
SCRABBLE from Hewlett-Packard Laptops (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Segoe UI
SightSpeed (remove only)
Silvestri Comp Review PN 4e
SkinsHP1
Slingo Deluxe from Hewlett-Packard Laptops (remove only)
Slyder from Hewlett-Packard Laptops (remove only)
Snowboard SuperJam
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
SonicAC3Encoder
SonicMPEGEncoder
Spelling Dictionaries Support For Adobe Reader 9
SUPER © Version 2010.bld.38 (May 2, 2010)
Super Granny from Hewlett-Packard Laptops (remove only)
Synaptics Pointing Device Driver
System Requirements Lab
TourSetup
Tradewinds from Hewlett-Packard Laptops (remove only)
Unload
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
Veoh Video Compass
Veoh Web Player
Videora iPod Converter 4.08
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vongo
vShare Plugin
WebFldrs XP
WildTangent Web Driver
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format 11 runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
WinRAR archiver
Wireless Home Network Setup
XML Paper Specification Shared Components Pack 1.0
Zuma Deluxe from Hewlett-Packard Laptops (remove only)
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
First off, thank you very much for your time. I understand that no one is given more than 24 hours in a day, and you are willing to spend some of yours on my problem, so for that, I am grateful....now on to the business!

TDS:
21:25:46.0718 3832 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:25:46.0765 3832 ============================================================
21:25:46.0765 3832 Current date / time: 2012/08/09 21:25:46.0765
21:25:46.0765 3832 SystemInfo:
21:25:46.0765 3832
21:25:46.0765 3832 OS Version: 5.1.2600 ServicePack: 2.0
21:25:46.0765 3832 Product type: Workstation
21:25:46.0765 3832 ComputerName: YOUR-0CDC4F5844
21:25:46.0765 3832 UserName: javier
21:25:46.0765 3832 Windows directory: C:\WINDOWS
21:25:46.0765 3832 System windows directory: C:\WINDOWS
21:25:46.0765 3832 Processor architecture: Intel x86
21:25:46.0765 3832 Number of processors: 1
21:25:46.0765 3832 Page size: 0x1000
21:25:46.0765 3832 Boot type: Normal boot
21:25:46.0765 3832 ============================================================
21:25:47.0875 3832 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:25:47.0875 3832 Drive \Device\Harddisk1\DR4 - Size: 0x7A0D1A00 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:25:47.0875 3832 ============================================================
21:25:47.0875 3832 \Device\Harddisk0\DR0:
21:25:47.0875 3832 MBR partitions:
21:25:47.0875 3832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7BEE01A
21:25:47.0875 3832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x7BF1F1A, BlocksNum 0x171A8E4
21:25:47.0875 3832 \Device\Harddisk1\DR4:
21:25:47.0875 3832 MBR partitions:
21:25:47.0875 3832 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x3CF74B
21:25:47.0875 3832 ============================================================
21:25:48.0078 3832 C: <-> \Device\Harddisk0\DR0\Partition0
21:25:48.0093 3832 D: <-> \Device\Harddisk0\DR0\Partition1
21:25:48.0093 3832 ============================================================
21:25:48.0093 3832 Initialize success
21:25:48.0093 3832 ============================================================
21:25:50.0796 3856 ============================================================
21:25:50.0796 3856 Scan started
21:25:50.0796 3856 Mode: Manual;
21:25:50.0796 3856 ============================================================
21:25:51.0046 3856 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
21:25:51.0046 3856 5U870CAP_VID_1262&PID_25FD - ok
21:25:51.0078 3856 Aavmker4 (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
21:25:51.0078 3856 Aavmker4 - ok
21:25:51.0093 3856 Abiosdsk - ok
21:25:51.0125 3856 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:25:51.0140 3856 abp480n5 - ok
21:25:51.0171 3856 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:25:51.0171 3856 ACPI - ok
21:25:51.0187 3856 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:25:51.0187 3856 ACPIEC - ok
21:25:51.0359 3856 AddFiltr (746742588c07db53731143229e2ee450) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
21:25:51.0359 3856 AddFiltr - ok
21:25:51.0468 3856 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:25:51.0484 3856 AdobeFlashPlayerUpdateSvc - ok
21:25:51.0531 3856 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:25:51.0531 3856 adpu160m - ok
21:25:51.0593 3856 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
21:25:51.0593 3856 aec - ok
21:25:51.0640 3856 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
21:25:51.0640 3856 AFD - ok
21:25:51.0718 3856 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:25:51.0718 3856 agp440 - ok
21:25:51.0781 3856 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:25:51.0781 3856 agpCPQ - ok
21:25:51.0796 3856 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:25:51.0796 3856 Aha154x - ok
21:25:51.0812 3856 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:25:51.0812 3856 aic78u2 - ok
21:25:51.0843 3856 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:25:51.0859 3856 aic78xx - ok
21:25:51.0906 3856 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
21:25:51.0906 3856 Alerter - ok
21:25:51.0953 3856 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
21:25:51.0953 3856 ALG - ok
21:25:51.0968 3856 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:25:51.0968 3856 AliIde - ok
21:25:52.0000 3856 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:25:52.0000 3856 alim1541 - ok
21:25:52.0046 3856 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:25:52.0046 3856 amdagp - ok
21:25:52.0078 3856 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:25:52.0078 3856 AmdK8 - ok
21:25:52.0109 3856 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:25:52.0109 3856 amsint - ok
21:25:52.0156 3856 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
21:25:52.0156 3856 AppMgmt - ok
21:25:52.0187 3856 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:25:52.0187 3856 Arp1394 - ok
21:25:52.0234 3856 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:25:52.0250 3856 asc - ok
21:25:52.0281 3856 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:25:52.0281 3856 asc3350p - ok
21:25:52.0312 3856 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:25:52.0312 3856 asc3550 - ok
21:25:52.0453 3856 aspnet_state (4eabf511b1af176a971c3271e48fa3a8) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:25:52.0500 3856 aspnet_state - ok
21:25:52.0562 3856 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:25:52.0562 3856 aswFsBlk - ok
21:25:52.0593 3856 aswMon2 (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
21:25:52.0593 3856 aswMon2 - ok
21:25:52.0640 3856 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\AswRdr.sys
21:25:52.0640 3856 AswRdr - ok
21:25:52.0718 3856 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
21:25:52.0734 3856 aswSnx - ok
21:25:52.0781 3856 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
21:25:52.0781 3856 aswSP - ok
21:25:52.0812 3856 aswTdi (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
21:25:52.0812 3856 aswTdi - ok
21:25:52.0859 3856 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:25:52.0859 3856 AsyncMac - ok
21:25:52.0906 3856 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:25:52.0906 3856 atapi - ok
21:25:52.0921 3856 Atdisk - ok
21:25:52.0953 3856 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:25:52.0968 3856 Atmarpc - ok
21:25:53.0000 3856 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
21:25:53.0000 3856 AudioSrv - ok
21:25:53.0015 3856 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:25:53.0031 3856 audstub - ok
21:25:53.0156 3856 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:25:53.0171 3856 avast! Antivirus - ok
21:25:53.0281 3856 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:25:53.0343 3856 BCM43XX - ok
21:25:53.0484 3856 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:25:53.0484 3856 Beep - ok
21:25:53.0546 3856 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
21:25:53.0718 3856 BITS - ok
21:25:53.0812 3856 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
21:25:53.0828 3856 Bonjour Service - ok
21:25:53.0875 3856 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
21:25:53.0875 3856 Browser - ok
21:25:53.0906 3856 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
21:25:53.0906 3856 BTWUSB - ok
21:25:53.0968 3856 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:25:53.0968 3856 cbidf - ok
21:25:53.0984 3856 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:25:53.0984 3856 cbidf2k - ok
21:25:54.0046 3856 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:25:54.0046 3856 CCDECODE - ok
21:25:54.0062 3856 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:25:54.0062 3856 cd20xrnt - ok
21:25:54.0093 3856 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:25:54.0093 3856 Cdaudio - ok
21:25:54.0109 3856 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
21:25:54.0109 3856 Cdfs - ok
21:25:54.0187 3856 Cdrom (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:25:54.0187 3856 Cdrom - ok
21:25:54.0187 3856 Changer - ok
21:25:54.0234 3856 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
21:25:54.0234 3856 CiSvc - ok
21:25:54.0265 3856 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
21:25:54.0265 3856 ClipSrv - ok
21:25:54.0390 3856 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:54.0484 3856 clr_optimization_v2.0.50727_32 - ok
21:25:54.0515 3856 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:25:54.0531 3856 CmBatt - ok
21:25:54.0562 3856 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:25:54.0562 3856 CmdIde - ok
21:25:54.0593 3856 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:25:54.0593 3856 Compbatt - ok
21:25:54.0609 3856 COMSysApp - ok
21:25:54.0640 3856 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:25:54.0640 3856 Cpqarray - ok
21:25:54.0687 3856 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
21:25:54.0687 3856 CryptSvc - ok
21:25:54.0734 3856 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:25:54.0750 3856 dac2w2k - ok
21:25:54.0765 3856 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:25:54.0765 3856 dac960nt - ok
21:25:54.0828 3856 DcomLaunch (ce94a2bd25e3e9f4d46a7373ff455c6d) C:\WINDOWS\system32\rpcss.dll
21:25:54.0859 3856 DcomLaunch - ok
21:25:54.0906 3856 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
21:25:54.0906 3856 Dhcp - ok
21:25:54.0921 3856 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
21:25:54.0937 3856 Disk - ok
21:25:54.0937 3856 dmadmin - ok
21:25:55.0000 3856 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
21:25:55.0046 3856 dmboot - ok
21:25:55.0046 3856 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
21:25:55.0062 3856 dmio - ok
21:25:55.0062 3856 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:25:55.0062 3856 dmload - ok
21:25:55.0109 3856 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
21:25:55.0125 3856 dmserver - ok
21:25:55.0140 3856 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
21:25:55.0140 3856 DMusic - ok
21:25:55.0187 3856 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
21:25:55.0187 3856 Dnscache - ok
21:25:55.0218 3856 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:25:55.0218 3856 dpti2o - ok
21:25:55.0250 3856 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
21:25:55.0250 3856 drmkaud - ok
21:25:55.0281 3856 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
21:25:55.0296 3856 eabfiltr - ok
21:25:55.0328 3856 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
21:25:55.0328 3856 eabusb - ok
21:25:55.0421 3856 ehRecvr (d039a0c347632622934906bd59a4e1ea) C:\WINDOWS\eHome\ehRecvr.exe
21:25:55.0421 3856 ehRecvr - ok
21:25:55.0453 3856 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
21:25:55.0453 3856 ehSched - ok
21:25:55.0515 3856 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
21:25:55.0515 3856 ERSvc - ok
21:25:55.0546 3856 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
21:25:55.0562 3856 Eventlog - ok
21:25:55.0609 3856 EventSystem (34bbd9acc1538818f2c878898c64e793) C:\WINDOWS\system32\es.dll
21:25:55.0609 3856 EventSystem - ok
21:25:55.0656 3856 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
21:25:55.0671 3856 Fastfat - ok
21:25:55.0703 3856 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
21:25:55.0718 3856 FastUserSwitchingCompatibility - ok
21:25:55.0734 3856 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
21:25:55.0734 3856 Fdc - ok
21:25:55.0750 3856 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
21:25:55.0750 3856 Fips - ok
21:25:55.0781 3856 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:25:55.0796 3856 Flpydisk - ok
21:25:55.0828 3856 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:25:55.0828 3856 FltMgr - ok
21:25:55.0953 3856 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:25:55.0953 3856 FontCache3.0.0.0 - ok
21:25:55.0984 3856 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:25:55.0984 3856 Fs_Rec - ok
21:25:56.0000 3856 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:25:56.0000 3856 Ftdisk - ok
21:25:56.0062 3856 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:25:56.0062 3856 GEARAspiWDM - ok
21:25:56.0078 3856 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:25:56.0093 3856 Gpc - ok
21:25:56.0109 3856 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
21:25:56.0109 3856 HBtnKey - ok
21:25:56.0171 3856 HdAudAddService (4905d28aa09f63e6a2f4e93ed6dd7d19) C:\WINDOWS\system32\drivers\CHDAud.sys
21:25:56.0187 3856 HdAudAddService - ok
21:25:56.0218 3856 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:25:56.0218 3856 HDAudBus - ok
21:25:56.0390 3856 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:25:56.0390 3856 helpsvc - ok
21:25:56.0390 3856 HidServ - ok
21:25:56.0437 3856 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:25:56.0437 3856 HidUsb - ok
21:25:56.0484 3856 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:25:56.0484 3856 hpn - ok
21:25:56.0625 3856 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:25:56.0625 3856 hpqwmiex - ok
21:25:56.0656 3856 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:25:56.0656 3856 HSFHWAZL - ok
21:25:56.0718 3856 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:25:56.0765 3856 HSF_DPV - ok
21:25:56.0828 3856 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
21:25:56.0843 3856 HTTP - ok
21:25:56.0875 3856 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
21:25:56.0875 3856 HTTPFilter - ok
21:25:56.0906 3856 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:25:56.0906 3856 i2omgmt - ok
21:25:56.0953 3856 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:25:56.0968 3856 i2omp - ok
21:25:57.0000 3856 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:25:57.0000 3856 i8042prt - ok
21:25:57.0062 3856 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:25:57.0125 3856 iaStor - ok
21:25:57.0265 3856 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:25:57.0265 3856 IDriverT - ok
21:25:57.0406 3856 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:25:57.0468 3856 idsvc - ok
21:25:57.0578 3856 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:25:57.0578 3856 Imapi - ok
21:25:57.0625 3856 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
21:25:57.0625 3856 ImapiService - ok
21:25:57.0656 3856 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:25:57.0656 3856 ini910u - ok
21:25:57.0703 3856 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:25:57.0703 3856 IntelIde - ok
21:25:57.0734 3856 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:25:57.0734 3856 Ip6Fw - ok
21:25:57.0750 3856 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:25:57.0750 3856 IpFilterDriver - ok
21:25:57.0781 3856 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:25:57.0781 3856 IpInIp - ok
21:25:57.0828 3856 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:25:57.0828 3856 IpNat - ok
21:25:57.0843 3856 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:25:57.0843 3856 IPSec - ok
21:25:57.0875 3856 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:25:57.0875 3856 IRENUM - ok
21:25:57.0890 3856 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:25:57.0890 3856 isapnp - ok
21:25:58.0093 3856 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
21:25:58.0093 3856 JavaQuickStarterService - ok
21:25:58.0125 3856 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:25:58.0125 3856 Kbdclass - ok
21:25:58.0140 3856 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:25:58.0140 3856 kbdhid - ok
21:25:58.0187 3856 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
21:25:58.0187 3856 kmixer - ok
21:25:58.0203 3856 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
21:25:58.0203 3856 KSecDD - ok
21:25:58.0250 3856 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
21:25:58.0250 3856 lanmanserver - ok
21:25:58.0296 3856 lanmanworkstation (3cd291a2c4909088b3d1e98ded73d4b2) C:\WINDOWS\System32\wkssvc.dll
21:25:58.0312 3856 lanmanworkstation - ok
21:25:58.0328 3856 Lbd - ok
21:25:58.0328 3856 lbrtfdc - ok
21:25:58.0484 3856 LightScribeService (86e8bcaa91fc2acfacd99cf2bf9f1f47) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:25:58.0484 3856 LightScribeService - ok
21:25:58.0515 3856 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
21:25:58.0515 3856 LmHosts - ok
21:25:58.0578 3856 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys
21:25:58.0578 3856 mbamchameleon - ok
21:25:58.0609 3856 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
21:25:58.0609 3856 MBAMSwissArmy - ok
21:25:58.0718 3856 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
21:25:58.0718 3856 McrdSvc - ok
21:25:58.0859 3856 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:25:58.0859 3856 MDM - ok
21:25:58.0906 3856 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:25:58.0906 3856 mdmxsdk - ok
21:25:58.0937 3856 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
21:25:58.0953 3856 Messenger - ok
21:25:59.0000 3856 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
21:25:59.0000 3856 MHN - ok
21:25:59.0031 3856 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
21:25:59.0031 3856 MHNDRV - ok
21:25:59.0109 3856 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:25:59.0125 3856 Microsoft Office Groove Audit Service - ok
21:25:59.0140 3856 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:25:59.0140 3856 mnmdd - ok
21:25:59.0171 3856 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
21:25:59.0187 3856 mnmsrvc - ok
21:25:59.0218 3856 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
21:25:59.0218 3856 Modem - ok
21:25:59.0234 3856 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:25:59.0234 3856 Mouclass - ok
21:25:59.0265 3856 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
21:25:59.0265 3856 MountMgr - ok
21:25:59.0328 3856 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:25:59.0328 3856 MozillaMaintenance - ok
21:25:59.0406 3856 MQAC (157a32ddc6a019a4e31b19d604d2f127) C:\WINDOWS\system32\drivers\mqac.sys
21:25:59.0406 3856 MQAC - ok
21:25:59.0437 3856 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:25:59.0437 3856 mraid35x - ok
21:25:59.0484 3856 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:25:59.0484 3856 MRxDAV - ok
21:25:59.0531 3856 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:25:59.0546 3856 MRxSmb - ok
21:25:59.0609 3856 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
21:25:59.0625 3856 MSDTC - ok
21:25:59.0671 3856 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
21:25:59.0671 3856 Msfs - ok
21:25:59.0687 3856 MSIServer - ok
21:25:59.0734 3856 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:25:59.0734 3856 MSKSSRV - ok
21:25:59.0750 3856 MSMQ (72ef444e51025f389c6c232a28b7d736) C:\WINDOWS\system32\mqsvc.exe
21:25:59.0765 3856 MSMQ - ok
21:25:59.0781 3856 MSMQTriggers (96c102d0b66d7a6aa3ef9b07df7ee025) C:\WINDOWS\system32\mqtgsvc.exe
21:25:59.0796 3856 MSMQTriggers - ok
21:25:59.0812 3856 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:25:59.0812 3856 MSPCLOCK - ok
21:25:59.0828 3856 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
21:25:59.0828 3856 MSPQM - ok
21:25:59.0859 3856 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:25:59.0859 3856 mssmbios - ok
21:25:59.0890 3856 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
21:25:59.0890 3856 MSTEE - ok
21:25:59.0921 3856 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
21:25:59.0921 3856 Mup - ok
21:25:59.0953 3856 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:25:59.0953 3856 NABTSFEC - ok
21:26:00.0000 3856 NDIS (aa898f84d2b59129fb92e143a2c73434) C:\WINDOWS\system32\drivers\NDIS.sys
21:26:00.0000 3856 NDIS - ok
21:26:00.0031 3856 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:26:00.0031 3856 NdisIP - ok
21:26:00.0078 3856 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:26:00.0078 3856 NdisTapi - ok
21:26:00.0125 3856 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:26:00.0125 3856 Ndisuio - ok
21:26:00.0156 3856 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:26:00.0156 3856 NdisWan - ok
21:26:00.0171 3856 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
21:26:00.0171 3856 NDProxy - ok
21:26:00.0187 3856 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:26:00.0187 3856 NetBIOS - ok
21:26:00.0218 3856 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:26:00.0218 3856 NetBT - ok
21:26:00.0281 3856 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
21:26:00.0281 3856 NetDDE - ok
21:26:00.0296 3856 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
21:26:00.0296 3856 NetDDEdsdm - ok
21:26:00.0343 3856 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
21:26:00.0359 3856 Netlogon - ok
21:26:00.0390 3856 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
21:26:00.0406 3856 Netman - ok
21:26:00.0531 3856 NetTcpPortSharing (f9102685f97f9ba85f4a70afcf722cfe) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:26:00.0546 3856 NetTcpPortSharing - ok
21:26:00.0593 3856 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:26:00.0593 3856 NIC1394 - ok
21:26:00.0671 3856 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS\System32\mswsock.dll
21:26:00.0687 3856 Nla - ok
21:26:00.0703 3856 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
21:26:00.0703 3856 Npfs - ok
21:26:00.0765 3856 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
21:26:00.0796 3856 Ntfs - ok
21:26:00.0796 3856 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
21:26:00.0812 3856 NtLmSsp - ok
21:26:00.0875 3856 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
21:26:00.0890 3856 NtmsSvc - ok
21:26:00.0921 3856 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:26:00.0937 3856 Null - ok
21:26:01.0109 3856 nv (c493bec0b489551bfe60de6c76e6f4ec) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:26:01.0312 3856 nv - ok
21:26:01.0453 3856 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
21:26:01.0453 3856 nvata - ok
21:26:01.0484 3856 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
21:26:01.0484 3856 NVENETFD - ok
21:26:01.0500 3856 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
21:26:01.0500 3856 nvnetbus - ok
21:26:01.0515 3856 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
21:26:01.0531 3856 nvsmu - ok
21:26:01.0562 3856 NVSvc (6aa11854fc03d5a6e8388a13fa2eaafd) C:\WINDOWS\system32\nvsvc32.exe
21:26:01.0578 3856 NVSvc - ok
21:26:01.0609 3856 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:26:01.0609 3856 NwlnkFlt - ok
21:26:01.0640 3856 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:26:01.0640 3856 NwlnkFwd - ok
21:26:01.0812 3856 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:26:01.0828 3856 odserv - ok
21:26:01.0875 3856 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:26:01.0875 3856 ohci1394 - ok
21:26:01.0953 3856 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:26:01.0953 3856 ose - ok
21:26:02.0187 3856 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
21:26:02.0218 3856 Parport - ok
21:26:02.0234 3856 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
21:26:02.0234 3856 PartMgr - ok
21:26:02.0281 3856 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:26:02.0328 3856 ParVdm - ok
21:26:02.0328 3856 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
21:26:02.0343 3856 PCI - ok
21:26:02.0343 3856 PCIDump - ok
21:26:02.0359 3856 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:26:02.0359 3856 PCIIde - ok
21:26:02.0562 3856 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:26:02.0562 3856 Pcmcia - ok
21:26:02.0562 3856 PDCOMP - ok
21:26:02.0578 3856 PDFRAME - ok
21:26:02.0593 3856 PDRELI - ok
21:26:02.0609 3856 PDRFRAME - ok
21:26:02.0640 3856 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:26:02.0656 3856 perc2 - ok
21:26:02.0671 3856 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:26:02.0671 3856 perc2hib - ok
21:26:02.0750 3856 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS\system32\services.exe
21:26:02.0750 3856 PlugPlay - ok
21:26:02.0796 3856 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
21:26:02.0796 3856 PolicyAgent - ok
21:26:02.0828 3856 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:26:02.0828 3856 PptpMiniport - ok
21:26:02.0843 3856 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
21:26:02.0843 3856 ProtectedStorage - ok
21:26:02.0875 3856 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
21:26:02.0875 3856 PSched - ok
21:26:02.0906 3856 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:26:02.0906 3856 Ptilink - ok
21:26:02.0921 3856 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:26:02.0937 3856 PxHelp20 - ok
21:26:02.0968 3856 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:26:02.0968 3856 ql1080 - ok
21:26:03.0031 3856 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:26:03.0031 3856 Ql10wnt - ok
21:26:03.0046 3856 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:26:03.0046 3856 ql12160 - ok
21:26:03.0078 3856 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:26:03.0078 3856 ql1240 - ok
21:26:03.0125 3856 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:26:03.0125 3856 ql1280 - ok
21:26:03.0171 3856 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:26:03.0171 3856 RasAcd - ok
21:26:03.0218 3856 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
21:26:03.0234 3856 RasAuto - ok
21:26:03.0281 3856 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:26:03.0281 3856 Rasl2tp - ok
21:26:03.0328 3856 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
21:26:03.0343 3856 RasMan - ok
21:26:03.0343 3856 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:26:03.0343 3856 RasPppoe - ok
21:26:03.0375 3856 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:26:03.0390 3856 Raspti - ok
21:26:03.0421 3856 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:26:03.0421 3856 Rdbss - ok
21:26:03.0437 3856 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:26:03.0437 3856 RDPCDD - ok
21:26:03.0484 3856 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:26:03.0500 3856 rdpdr - ok
21:26:03.0546 3856 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
21:26:03.0546 3856 RDPWD - ok
21:26:03.0609 3856 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
21:26:03.0625 3856 RDSessMgr - ok
21:26:03.0656 3856 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:26:03.0671 3856 redbook - ok
21:26:03.0703 3856 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
21:26:03.0718 3856 RemoteAccess - ok
21:26:03.0781 3856 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
21:26:03.0781 3856 RemoteRegistry - ok
21:26:03.0812 3856 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
21:26:03.0812 3856 rimmptsk - ok
21:26:03.0843 3856 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
21:26:03.0843 3856 rimsptsk - ok
21:26:03.0875 3856 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
21:26:03.0875 3856 rismxdp - ok
21:26:03.0937 3856 RMCAST (9d54c7c15847b933e03d6e7c9307bae5) C:\WINDOWS\system32\drivers\RMCast.sys
21:26:03.0953 3856 RMCAST - ok
21:26:03.0984 3856 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
21:26:04.0000 3856 RpcLocator - ok
21:26:04.0046 3856 RpcSs (ce94a2bd25e3e9f4d46a7373ff455c6d) C:\WINDOWS\system32\rpcss.dll
21:26:04.0062 3856 RpcSs - ok
21:26:04.0125 3856 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:26:04.0140 3856 RSVP - ok
21:26:04.0156 3856 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:26:04.0156 3856 rtl8139 - ok
21:26:04.0187 3856 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
21:26:04.0187 3856 SamSs - ok
21:26:04.0234 3856 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
21:26:04.0234 3856 SCardSvr - ok
21:26:04.0265 3856 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
21:26:04.0281 3856 Schedule - ok
21:26:04.0328 3856 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:26:04.0328 3856 sdbus - ok
21:26:04.0359 3856 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:26:04.0359 3856 Secdrv - ok
21:26:04.0390 3856 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
21:26:04.0390 3856 seclogon - ok
21:26:04.0421 3856 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
21:26:04.0437 3856 SENS - ok
21:26:04.0468 3856 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
21:26:04.0468 3856 Serial - ok
21:26:04.0515 3856 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:26:04.0515 3856 Sfloppy - ok
21:26:04.0578 3856 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
21:26:04.0578 3856 SharedAccess - ok
21:26:04.0625 3856 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
21:26:04.0625 3856 ShellHWDetection - ok
21:26:04.0640 3856 Simbad - ok
21:26:04.0671 3856 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:26:04.0671 3856 sisagp - ok
21:26:04.0718 3856 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:26:04.0718 3856 SLIP - ok
21:26:04.0781 3856 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:26:04.0781 3856 Sparrow - ok
21:26:04.0828 3856 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
21:26:04.0828 3856 splitter - ok
21:26:04.0859 3856 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
21:26:04.0875 3856 Spooler - ok
21:26:04.0890 3856 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
21:26:04.0890 3856 sr - ok
21:26:04.0921 3856 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
21:26:04.0937 3856 srservice - ok
21:26:04.0984 3856 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
21:26:05.0015 3856 Srv - ok
21:26:05.0031 3856 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
21:26:05.0031 3856 SSDPSRV - ok
21:26:05.0078 3856 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
21:26:05.0093 3856 stisvc - ok
21:26:05.0125 3856 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:26:05.0125 3856 streamip - ok
21:26:05.0156 3856 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:26:05.0156 3856 swenum - ok
21:26:05.0171 3856 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
21:26:05.0171 3856 swmidi - ok
21:26:05.0187 3856 SwPrv - ok
21:26:05.0218 3856 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:26:05.0218 3856 symc810 - ok
21:26:05.0234 3856 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:26:05.0250 3856 symc8xx - ok
21:26:05.0265 3856 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:26:05.0265 3856 sym_hi - ok
21:26:05.0281 3856 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:26:05.0296 3856 sym_u3 - ok
21:26:05.0328 3856 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:26:05.0343 3856 SynTP - ok
21:26:05.0359 3856 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
21:26:05.0359 3856 sysaudio - ok
21:26:05.0406 3856 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
21:26:05.0406 3856 SysmonLog - ok
21:26:05.0468 3856 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
21:26:05.0484 3856 TapiSrv - ok
21:26:05.0531 3856 Tcpip (90caff4b094573449a0872a0f919b178) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:26:05.0531 3856 Tcpip - ok
21:26:05.0578 3856 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:26:05.0578 3856 TDPIPE - ok
21:26:05.0593 3856 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
21:26:05.0593 3856 TDTCP - ok
21:26:05.0656 3856 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:26:05.0656 3856 TermDD - ok
21:26:05.0718 3856 TermService (c29a5286e64d97385178452d5f307b98) C:\WINDOWS\System32\termsrv.dll
21:26:05.0718 3856 TermService - ok
21:26:05.0765 3856 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
21:26:05.0781 3856 Themes - ok
21:26:05.0812 3856 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
21:26:05.0812 3856 TlntSvr - ok
21:26:05.0843 3856 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:26:05.0843 3856 TosIde - ok
21:26:05.0890 3856 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
21:26:05.0906 3856 TrkWks - ok
21:26:05.0937 3856 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
21:26:05.0937 3856 Udfs - ok
21:26:05.0953 3856 UIUSys - ok
21:26:06.0000 3856 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:26:06.0000 3856 ultra - ok
21:26:06.0046 3856 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
21:26:06.0046 3856 Update - ok
21:26:06.0093 3856 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
21:26:06.0109 3856 upnphost - ok
21:26:06.0171 3856 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
21:26:06.0171 3856 UPS - ok
21:26:06.0187 3856 USBAAPL - ok
21:26:06.0234 3856 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
21:26:06.0234 3856 usbaudio - ok
21:26:06.0281 3856 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:26:06.0281 3856 usbccgp - ok
21:26:06.0328 3856 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:26:06.0328 3856 usbehci - ok
21:26:06.0343 3856 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:26:06.0359 3856 usbhub - ok
21:26:06.0375 3856 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:26:06.0375 3856 usbohci - ok
21:26:06.0421 3856 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:26:06.0421 3856 usbprint - ok
21:26:06.0453 3856 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:26:06.0453 3856 usbscan - ok
21:26:06.0500 3856 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:26:06.0500 3856 USBSTOR - ok
21:26:06.0531 3856 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:26:06.0531 3856 usbuhci - ok
21:26:06.0562 3856 V0090VID (58567a3e213209fc5d787d1f42941a06) C:\WINDOWS\system32\DRIVERS\V0090Vid.sys
21:26:06.0562 3856 V0090VID - ok
21:26:06.0640 3856 VF0350Afx (e8532ccc886588219bceb3ea6f9f5339) C:\WINDOWS\system32\Drivers\V0350Afx.sys
21:26:06.0640 3856 VF0350Afx - ok
21:26:06.0687 3856 VF0350Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\V0350VFx.sys
21:26:06.0687 3856 VF0350Vfx - ok
21:26:06.0703 3856 VF0350Vid (0bfd58f9ad1e953f475526e12b81a85a) C:\WINDOWS\system32\DRIVERS\V0350Vid.sys
21:26:06.0718 3856 VF0350Vid - ok
21:26:06.0750 3856 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
21:26:06.0765 3856 VgaSave - ok
21:26:06.0796 3856 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:26:06.0812 3856 viaagp - ok
21:26:06.0843 3856 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:26:06.0843 3856 ViaIde - ok
21:26:06.0843 3856 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
21:26:06.0859 3856 VolSnap - ok
21:26:06.0906 3856 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
21:26:06.0921 3856 VSS - ok
21:26:06.0953 3856 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
21:26:06.0968 3856 W32Time - ok
21:26:07.0000 3856 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:26:07.0000 3856 Wanarp - ok
21:26:07.0046 3856 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:26:07.0093 3856 Wdf01000 - ok
21:26:07.0093 3856 WDICA - ok
21:26:07.0140 3856 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
21:26:07.0140 3856 wdmaud - ok
21:26:07.0171 3856 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
21:26:07.0171 3856 WebClient - ok
21:26:07.0234 3856 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:26:07.0281 3856 winachsf - ok
21:26:07.0328 3856 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:26:07.0343 3856 winmgmt - ok
21:26:07.0390 3856 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:26:07.0390 3856 WinUSB - ok
21:26:07.0546 3856 WMConnectCDS (cd99c9feae87c1963273f6b150251e33) C:\Program Files\Windows Media Connect 2\wmccds.exe
21:26:07.0562 3856 WMConnectCDS - ok
21:26:07.0625 3856 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:26:07.0640 3856 WmdmPmSN - ok
21:26:07.0718 3856 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS\System32\advapi32.dll
21:26:07.0734 3856 Wmi - ok
21:26:07.0796 3856 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:26:07.0796 3856 WmiAcpi - ok
21:26:07.0890 3856 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:26:07.0890 3856 WmiApSrv - ok
21:26:07.0937 3856 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
21:26:07.0953 3856 wscsvc - ok
21:26:08.0015 3856 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:26:08.0015 3856 WSTCODEC - ok
21:26:08.0046 3856 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
21:26:08.0062 3856 wuauserv - ok
21:26:08.0109 3856 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:26:08.0125 3856 WudfPf - ok
21:26:08.0156 3856 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:26:08.0156 3856 WudfRd - ok
21:26:08.0203 3856 WudfSvc (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
21:26:08.0203 3856 WudfSvc - ok
21:26:08.0250 3856 WZCSVC (247520eded53a08ae89ea4fae04f54d8) C:\WINDOWS\System32\wzcsvc.dll
21:26:08.0265 3856 WZCSVC - ok
21:26:08.0296 3856 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
21:26:08.0312 3856 xmlprov - ok
21:26:08.0359 3856 zumbus (85281f709ea678382f370ee1052bbbac) C:\WINDOWS\system32\DRIVERS\zumbus.sys
21:26:08.0359 3856 zumbus - ok
21:26:08.0406 3856 ZuneBusEnum (e1f765822a6923efc3758e58eb305726) C:\WINDOWS\system32\ZuneBusEnum.exe
21:26:08.0421 3856 ZuneBusEnum - ok
21:26:08.0703 3856 ZuneNetworkSvc (bd624c6e873bb0d5bb315d558bfce222) C:\Program Files\Zune\ZuneNss.exe
21:26:08.0937 3856 ZuneNetworkSvc - ok
21:26:09.0062 3856 ZuneWlanCfgSvc (aef3d950f6a8a85a0342e48908cf5b3d) C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
21:26:09.0078 3856 ZuneWlanCfgSvc - ok
21:26:09.0093 3856 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
21:26:09.0156 3856 \Device\Harddisk0\DR0 - ok
21:26:09.0156 3856 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4
21:26:09.0171 3856 \Device\Harddisk1\DR4 - ok
21:26:09.0171 3856 Boot (0x1200) (0b3e1da10c65ba4aaef46089e6530558) \Device\Harddisk0\DR0\Partition0
21:26:09.0171 3856 \Device\Harddisk0\DR0\Partition0 - ok
21:26:09.0187 3856 Boot (0x1200) (c56775fad289769c19d15b2cd80fd9cb) \Device\Harddisk0\DR0\Partition1
21:26:09.0187 3856 \Device\Harddisk0\DR0\Partition1 - ok
21:26:09.0187 3856 Boot (0x1200) (032a31eb4976bed7feec8d1785ecc0cf) \Device\Harddisk1\DR4\Partition0
21:26:09.0203 3856 \Device\Harddisk1\DR4\Partition0 - ok
21:26:09.0203 3856 ============================================================
21:26:09.0203 3856 Scan finished
21:26:09.0203 3856 ============================================================
21:26:09.0218 3848 Detected object count: 0
21:26:09.0218 3848 Actual detected object count: 0
 
Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

There are 2 different versions. If one of them won't run then download and try to run the other one.

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

========================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RKill:Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 08/10/2012 01:05:14 PM in x86 mode.
Windows Version: Windows XP
Checking for Windows services to stop.
* No malware services found to stop.
Checking for processes to terminate.
* No malware processes found to kill.
Checking Registry for malware related settings.
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks.
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Restarting Explorer.exe in order to apply changes.
Program finished at: 08/10/2012 01:05:42 PM
Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)
 
MBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-10 13:21:00
-----------------------------
13:21:00.937 OS Version: Windows 5.1.2600 Service Pack 2
13:21:00.937 Number of processors: 1 586 0x4C02
13:21:00.937 ComputerName: YOUR-0CDC4F5844 UserName: javier
13:21:01.781 Initialize success
13:21:02.750 AVAST engine defs: 12070300
13:21:23.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007f
13:21:23.703 Disk 0 Vendor: Size: 0MB BusType: 0
13:21:23.734 Disk 0 MBR read successfully
13:21:23.734 Disk 0 MBR scan
13:21:23.734 Disk 0 unknown MBR code
13:21:23.750 Disk 0 MBR hidden
13:21:23.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 63452 MB offset 63
13:21:23.781 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 11829 MB offset 129965850
13:21:23.796 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 154191870
13:21:23.828 Disk 0 scanning C:\WINDOWS\system32\drivers
13:21:34.218 Service scanning
13:21:53.578 Modules scanning
13:21:59.828 Disk 0 trace - called modules:
13:22:00.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
13:22:00.203 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8564b030]
13:22:00.203 3 CLASSPNP.SYS[f74e805b] -> nt!IofCallDriver -> \Device\00000080[0x855f1a98]
13:22:00.218 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\0000007f[0x856123e0]
13:22:00.437 AVAST engine scan C:\WINDOWS
13:22:07.078 AVAST engine scan C:\WINDOWS\system32
13:24:58.125 AVAST engine scan C:\WINDOWS\system32\drivers
13:25:13.296 AVAST engine scan C:\Documents and Settings\javier.YOUR-0CDC4F5844
13:48:04.953 AVAST engine scan C:\Documents and Settings\All Users
13:50:31.984 Scan finished successfully
13:56:52.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\MBR.dat"
13:56:52.359 The log file has been saved successfully to "C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\aswMBR.txt"
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Got this message : This machine does not have the Microsoft Windows recovery console installed. Alternately, an existing installation of the recovery console may be present but requires updating.
Without it, ComboFix shall not attempt the fixing of some serious infections. Click yes to download/intsall (does require internet connection)

But since I do not have an internet connection, I clicked no
 
just came home not to long ago...and ComboFX was still "scanning." I dont think that is typical since it had been running since my last post. I will re-run it tomorrow..should I DL another one and run that in safe mode?? If so, should I delete the first one (if yes, what method do you recomend on removing it?) Once again, thank you!
 
should I DL another one and run that in safe mode?? If so, should I delete the first one (if yes, what method do you recomend on removing it?)
Click to expand...
Yes and yes.
Simply delete Combofix file.
 
ok so tried running combofix all day yesterday, and still the same while in safe mode. Avtually made my computer shut off! I tried to change the time out time for the screen from 10 min to 999 and it would never take, after a couple of attempts, it sounded like the lap top was "working hard" then just shut off. I tried to restart it in safe mood, and while starting/checking things over it shut off again. Then I let it rest for 30 minutes, came back n stated up in regular mode and ran combofix and it ran, but for 4 hours and nothing. The clock was current so like I had read somewhere on here, it was working. Now what? Ohh yesi did do what you said...resaved as "jav_cha" ran immediately after RKill. RKill looked "normal" with nothing found, hence no log.
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
 
RogueKiller:
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: javier [Admin rights]
Mode: Scan -- Date: 08/14/2012 19:20:38
¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] V0350Mon.exe -- C:\WINDOWS\V0350Mon.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : V0350Mon.exe (C:\WINDOWS\V0350Mon.exe) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (actsvr.comcastonline.com:8100) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] f5a0c24a2a9de8d671c8d819eb59fd18
[BSP] 3ca06dfd8ecf47907b7dafdc5a0494d5 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 63452 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 129965850 | Size: 11829 Mo
2 - [XXXXXX] UNKNOWN (0xd7) [VISIBLE] Offset (sectors): 154191870 | Size: 1027 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 98cd70d1f52828b5710868d7298bc84b
[BSP] 788470fe12ec57aabe933cfdd9c84885 : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 245 | Size: 1950 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
 
Looks good.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
After the RogieKiller, was I supposed to click anything else after the scan? (such as delete??) Cuz I did =X
 
--OTL:
OTL logfile created on: 8/14/2012 9:21:09 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.54 Mb Total Physical Memory | 137.20 Mb Available Physical Memory | 28.67% Memory free
1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.26% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.96 Gb Total Space | 19.47 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.21 Gb Free Space | 10.48% Space Free | Partition Type: FAT32
Drive F: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.90 Gb Total Space | 1.38 Gb Free Space | 72.31% Space Free | Partition Type: FAT

Computer Name: YOUR-0CDC4F5844 | User Name: javier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 21:19:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\OTL.exe
PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/03 00:22:15 | 001,780,224 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12070300\algo.dll
MOD - [2007/10/29 15:35:13 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2006/07/11 21:55:04 | 000,172,032 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll
MOD - [2006/04/18 19:15:22 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/03/15 21:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/03/15 21:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/08/05 22:01:54 | 000,282,112 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/05/06 13:49:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/04 08:49:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2006/06/12 13:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/09 11:28:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/08/09 10:53:32 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/07/03 09:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 09:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 09:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 09:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 09:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 09:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 09:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/10/23 02:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/07/06 03:05:47 | 000,072,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/06/10 10:01:02 | 000,142,656 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0350Afx.sys -- (VF0350Afx)
DRV - [2007/05/10 10:02:00 | 000,170,368 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0350Vid.sys -- (VF0350Vid)
DRV - [2007/03/05 03:45:04 | 000,007,424 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0350Vfx.sys -- (VF0350Vfx)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/07/26 23:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/07/13 01:48:58 | 000,202,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2006/06/19 05:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/06 13:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/05/12 13:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/19 03:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/19 03:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/19 03:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/05 16:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/02 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/02 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/26 17:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005/11/15 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/10/31 19:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/31 18:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/19 14:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 14:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/04/13 18:00:00 | 000,138,112 | R--- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0090Vid.sys -- (V0090VID)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {753C17D9-B5E2-4511-BF6B-42D00B05C590}
IE - HKCU\..\SearchScopes\{753C17D9-B5E2-4511-BF6B-42D00B05C590}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.8.1
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/09 11:34:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/04 08:49:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/29 00:14:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@veoh.com: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/08/09 23:31:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Move Networks [2009/10/16 13:47:28 | 000,000,000 | ---D | M]

[2011/10/12 22:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Extensions
[2011/10/12 22:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/08/08 09:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions
[2009/04/17 17:53:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2009/04/19 16:06:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2010/02/26 23:11:55 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/04/17 17:53:04 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)
[2009/04/19 16:06:57 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(3)
[2012/04/29 09:30:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/17 17:53:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2009/04/19 16:06:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(3)
[2010/11/10 23:35:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/05/27 10:44:04 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\illimitux@illimitux.net
[2010/02/26 23:11:52 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\noia2_option@kk.noia
[2012/08/09 09:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Mozilla\Firefox\Profiles\vrsikzfu.default\extensions\vshareus@toolbar
[2012/05/04 08:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/08 09:01:43 | 000,526,190 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\JAVIER.YOUR-0CDC4F5844\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VRSIKZFU.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/08/08 00:05:03 | 000,741,958 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\JAVIER.YOUR-0CDC4F5844\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VRSIKZFU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/04 08:49:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/05/04 08:49:39 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/04 08:49:39 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/03/15 21:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A09AB788-0DE2-4A0B-8F2F-EE2A59A8E5AA}: DhcpNameServer = 10.48.146.16 10.48.146.81
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/01/03 19:07:54 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2007/02/12 12:53:42 | 000,000,277 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\Shell - "" = AutoRun
O33 - MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
O33 - MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\Shell - "" = AutoRun
O33 - MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
O33 - MountPoints2\{4189aa2d-f54c-11e0-a269-0014a5db0976}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\Shell - "" = AutoRun
O33 - MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 21:20:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\OTL.exe
[2012/08/14 19:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\RK_Quarantine
[2012/08/12 21:10:55 | 000,000,000 | --SD | C] -- C:\Jav_Cha25989J
[2012/08/12 18:53:13 | 000,000,000 | --SD | C] -- C:\Jav_Cha
[2012/08/11 18:40:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/11 18:40:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/11 18:40:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/11 18:40:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/11 18:40:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/11 18:39:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/10 13:20:41 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\aswMBR.exe
[2012/08/09 21:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\tdsskiller
[2012/08/09 18:20:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\dds.com
[2012/08/09 11:35:33 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/09 11:35:33 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/09 11:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/08/09 11:35:30 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/09 11:35:30 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/09 11:35:28 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/09 11:35:27 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/09 11:35:27 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/09 11:35:26 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/09 11:34:33 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/09 11:34:32 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/08/09 11:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/09 11:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/09 10:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/08/09 09:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2006
[2012/08/09 09:39:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\javier.YOUR-0CDC4F5844\My Documents\*.tmp files -> C:\Documents and Settings\javier.YOUR-0CDC4F5844\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\*.tmp files -> C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 21:19:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\OTL.exe
[2012/08/14 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/08/14 19:50:58 | 000,000,031 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2012/08/14 19:17:43 | 000,001,691 | ---- | M] () -- C:\hpqp.ini
[2012/08/14 19:17:33 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2012/08/14 19:17:31 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/08/14 19:17:00 | 001,558,528 | ---- | M] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\RogueKiller.exe
[2012/08/14 19:16:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/14 19:16:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/14 19:16:48 | 501,854,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 21:10:47 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/10 13:56:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\MBR.dat
[2012/08/10 13:20:04 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\aswMBR.exe
[2012/08/09 11:35:33 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/08/09 11:35:27 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/09 11:30:58 | 089,340,632 | ---- | M] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\avast_free_antivirus_setup.exe
[2012/08/09 11:29:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\dds.com
[2012/08/09 11:28:52 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/08/09 11:27:52 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\jse2c4y8.exe
[2012/08/09 11:02:39 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\48230029.sys
[2012/08/09 10:53:32 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[15 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\javier.YOUR-0CDC4F5844\My Documents\*.tmp files -> C:\Documents and Settings\javier.YOUR-0CDC4F5844\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\*.tmp files -> C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 19:19:21 | 001,558,528 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\RogueKiller.exe
[2012/08/12 21:08:31 | 501,854,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/11 18:40:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/11 18:40:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/11 18:40:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/11 18:40:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/11 18:40:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/10 13:56:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\MBR.dat
[2012/08/09 18:12:09 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\jse2c4y8.exe
[2012/08/09 11:35:33 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/08/09 11:35:29 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/09 11:33:16 | 089,340,632 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop\avast_free_antivirus_setup.exe
[2012/08/09 11:02:14 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\48230029.sys
[2012/08/09 10:53:32 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2009/09/18 23:25:26 | 000,220,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/06/11 16:54:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Local Settings\Application Data\housecall.guid.cache
[2008/07/27 22:39:23 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\wklnhst.dat
[2008/06/06 17:34:40 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/03 22:42:44 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2012/08/09 11:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/04/17 12:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2008/06/06 17:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/06/24 17:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NBC Direct
[2009/04/17 12:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/10/02 11:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/06/03 00:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/09/15 11:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/12 22:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/05/11 18:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/10/05 21:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/08 15:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/13 23:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/10 23:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2008/06/04 00:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\AVGTOOLBAR
[2010/10/02 11:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\avidemux
[2011/02/06 22:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\cacaoweb
[2009/04/17 12:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\DriverCure
[2008/06/30 23:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\FLVPlayer4Free
[2009/12/25 22:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\GlarySoft
[2010/06/24 17:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\IDM
[2009/04/05 10:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Leadertech
[2009/04/19 16:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\LimeWire
[2008/06/06 17:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\muvee Technologies
[2010/06/24 17:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\NBC Direct
[2009/07/14 00:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Red Kawa
[2008/07/27 22:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Template
[2011/10/12 22:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\TomTom
[2009/09/26 08:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\Trillian
[2010/11/13 19:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\javier.YOUR-0CDC4F5844\Application Data\vShare
[2012/04/29 09:20:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/08/12 21:10:47 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/04/29 09:20:52 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/08/14 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2008/06/02 23:18:36 | 000,000,000 | ---D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2008/06/02 23:18:36 | 000,000,000 | ---D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2008/05/23 19:54:11 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
[2008/05/23 19:54:11 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
[2008/05/11 11:25:54 | 000,000,000 | ---D | M](C:\Program Files\??pPatch\??pPatch) -- C:\Program Files\ΑрpPatch\ΑрpPatch
[2008/05/11 10:42:09 | 000,000,000 | ---D | M](C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
[2008/05/11 10:42:09 | 000,000,000 | ---D | M](C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
[2007/08/22 00:23:10 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2007/08/22 00:23:10 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2007/08/21 02:57:58 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem32\??stem32) -- C:\Program Files\Common Files\ѕуstem32\ѕуstem32
(C:\Program Files\W?nSxS) -- C:\Program Files\WіnSxS
(C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
(C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
(C:\Program Files\??curity) -- C:\Program Files\ѕеcurity

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
 
--EXT:
OTL Extras logfile created on: 8/14/2012 9:21:09 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\javier.YOUR-0CDC4F5844\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

478.54 Mb Total Physical Memory | 137.20 Mb Available Physical Memory | 28.67% Memory free
1.10 Gb Paging File | 0.87 Gb Available in Paging File | 79.26% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.96 Gb Total Space | 19.47 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
Drive D: | 11.53 Gb Total Space | 1.21 Gb Free Space | 10.48% Space Free | Partition Type: FAT32
Drive F: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.90 Gb Total Space | 1.38 Gb Free Space | 72.31% Space Free | Partition Type: FAT

Computer Name: YOUR-0CDC4F5844 | User Name: javier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:pinnacle VideoSpin
"C:\Program Files\cacaoweb\cacaoweb.exe" = C:\Program Files\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{13BCF6CB-2F54-4962-9B11-32F07048ACF3}" = HP User Guides 0031
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{471159EB-BECC-453C-B6F2-FE4FAB29B3F3}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0F64C44-DC77-497D-9A27-C0F5BAB12493}" = muveeNow 2.0 - Creative
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"074EEF5F-3BE8-4112-B253-C5D6CDE2924C" = Zuma Deluxe from Hewlett-Packard Laptops (remove only)
"0E5266B4-9069-401A-93AE-5FF9F1712016" = Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)
"103EFD47-9F2C-4490-95DD-AE6C442AFB92" = SCRABBLE from Hewlett-Packard Laptops (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86" = Tradewinds from Hewlett-Packard Laptops (remove only)
"382C11F0-1A18-4F76-B8E0-15CA7F209C22" = Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)
"384E0BF4-1E1F-45A6-B60E-42144A3F15CD" = Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)
"4C061F83-EE92-445A-A03F-184B0BD59242" = Jewel Quest from Hewlett-Packard Laptops (remove only)
"5658FB14-16A4-4DAE-946B-1457BE31572E" = Boggle Supreme from Hewlett-Packard Laptops (remove only)
"5758A0E8-A112-4A1D-82EC-EC72F7F16B88" = Lexibox Deluxe from Hewlett-Packard Laptops (remove only)
"5DE4D54F-AA79-43A4-9C8A-C173E7E2B025" = 5 Card Slingo from Hewlett-Packard Laptops (remove only)
"6E377D95-DF37-4E67-B64B-68C314600BCB" = Bejeweled 2 Deluxe from Hewlett-Packard Laptops (remove only)
"7948472C-423F-4134-B68F-48D660A05D71" = Big Kahuna Reef from Hewlett-Packard Laptops (remove only)
"7A940E33-6993-404B-ABA6-ED62E8FBE615" = Bounce Symphony from Hewlett-Packard Laptops (remove only)
"7ED8A70C-9597-40BE-AEA0-0573182F1F51" = Super Granny from Hewlett-Packard Laptops (remove only)
"7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54" = Polar Bowler from Hewlett-Packard Laptops (remove only)
"9F3399B2-9ED6-4339-84A2-686432638B86" = Blasterball 2 from Hewlett-Packard Laptops (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"B0202B33-E73D-4FCD-AC88-0B2971AFC116" = Slyder from Hewlett-Packard Laptops (remove only)
"B0769D17-E72A-4E87-A83F-1F7A3F080008" = Bookworm Deluxe from Hewlett-Packard Laptops (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"C264D692-8E15-4141-96A2-5621332E5DD0" = Slingo Deluxe from Hewlett-Packard Laptops (remove only)
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Doodling" = Creative Live! Cam Doodling
"Creative Live! Cam FX Creator" = Creative Live! Cam FX Creator
"Creative Live! Cam Manager" = Creative Live! Cam Manager
"Creative Live! Cam User's Guide" = Creative Live! Cam User's Guide
"Creative VF0090" = Creative WebCam Vista Plus Driver (1.02.02.0414)
"Creative VF0350" = Creative Live! Cam Video Chat or Video IM Driver (1.02.01.00)
"Creative WebCam Center" = Creative WebCam Center
"D2E44AA4-8665-4490-A6C9-2D0744B47B27" = Polar Golfer from Hewlett-Packard Laptops (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"E332F38A-75F6-4EF2-88CC-246E8A1CB5D7" = Oasis from Hewlett-Packard Laptops (remove only)
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2" = Crystal Maze from Hewlett-Packard Laptops (remove only)
"EF860173-4FB7-4DE1-8BE8-5400F05A0DC5" = Puzzle Express from Hewlett-Packard Laptops (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"F2566CC2-D4C4-44ED-A838-3F8288D8D3FE" = Flip Words from Hewlett-Packard Laptops (remove only)
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 2.9.0.0
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"Glary Registry Repair_is1" = Glary Registry Repair 3.3.0.852
"Glary Utilities_is1" = Glary Utilities 2.23.0.923
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SightSpeed" = SightSpeed (remove only)
"Silvestri_2009" = Silvestri Comp Review PN 4e
"Silvestri_PN_4e_2009" = Silvestri Comp Review PN 4e
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Veetle TV" = Veetle TV 0.9.18
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"Videora iPod Converter" = Videora iPod Converter 4.08
"vShare" = vShare Plugin
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/11/2012 9:34:46 PM | Computer Name = YOUR-0CDC4F5844 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 8/12/2012 9:46:12 PM | Computer Name = YOUR-0CDC4F5844 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 8/12/2012 9:46:12 PM | Computer Name = YOUR-0CDC4F5844 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 8/12/2012 9:51:20 PM | Computer Name = YOUR-0CDC4F5844 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 8/12/2012 9:51:37 PM | Computer Name = YOUR-0CDC4F5844 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 8/13/2012 12:09:32 AM | Computer Name = YOUR-0CDC4F5844 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 8/13/2012 12:09:33 AM | Computer Name = YOUR-0CDC4F5844 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 8/14/2012 10:17:42 PM | Computer Name = YOUR-0CDC4F5844 | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 8/14/2012 10:17:44 PM | Computer Name = YOUR-0CDC4F5844 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 8/14/2012 10:49:36 PM | Computer Name = YOUR-0CDC4F5844 | Source = Application Error | ID = 1000
Description = Faulting application sete.tmp, version 9.1.0.429, faulting module
sete.tmp, version 9.1.0.429, fault address 0x0000814b.

[ OSession Events ]
Error - 5/21/2010 3:52:46 PM | Computer Name = YOUR-0CDC4F5844 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 493
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/30/2012 3:41:40 PM | Computer Name = YOUR-0CDC4F5844 | Source = nv | ID = 262187
Description = The system sleep operation failed

Error - 5/5/2012 4:23:31 PM | Computer Name = YOUR-0CDC4F5844 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 7/6/2012 4:35:23 AM | Computer Name = YOUR-0CDC4F5844 | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +239447 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.nist.gov (ntp.m|0x1|192.168.1.6:123->132.163.4.103:123) is working
properly.

Error - 7/8/2012 4:38:07 AM | Computer Name = YOUR-0CDC4F5844 | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by +66648 seconds. The time service will not change the system time by more than
+54000 seconds. Verify that your time and time zone are correct, and that the time
source time.nist.gov (ntp.m|0x1|192.168.1.6:123->132.163.4.103:123) is working
properly.

Error - 8/7/2012 1:44:32 AM | Computer Name = YOUR-0CDC4F5844 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 8/12/2012 9:51:15 PM | Computer Name = YOUR-0CDC4F5844 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/12/2012 9:51:18 PM | Computer Name = YOUR-0CDC4F5844 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/12/2012 9:51:30 PM | Computer Name = YOUR-0CDC4F5844 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/12/2012 9:52:53 PM | Computer Name = YOUR-0CDC4F5844 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/12/2012 9:53:12 PM | Computer Name = YOUR-0CDC4F5844 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
 
Ohh no! It appeared as if on RogueKiller, that was the next step! So I clicked the "delete" button.
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = cdn;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O33 - MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\Shell - "" = AutoRun
O33 - MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
O33 - MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\Shell - "" = AutoRun
O33 - MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
O33 - MountPoints2\{4189aa2d-f54c-11e0-a269-0014a5db0976}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\Shell - "" = AutoRun
O33 - MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007/02/12 18:33:37 | 001,110,016 | R--- | M] ()
[2008/05/11 18:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/08/14 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

========================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\free\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2311882d-6432-11de-a010-001636b7ae7c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2311882d-6432-11de-a010-001636b7ae7c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2311882d-6432-11de-a010-001636b7ae7c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2311882d-6432-11de-a010-001636b7ae7c}\ not found.
File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35dea8c8-6fe0-11dd-9f69-0014a5db0976}\ not found.
File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4189aa2d-f54c-11e0-a269-0014a5db0976}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4189aa2d-f54c-11e0-a269-0014a5db0976}\ not found.
File F:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa9057c0-e246-11e1-a2a4-ac7c61f63f28}\ not found.
File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
Folder C:\Documents and Settings\All Users\Application Data\Viewpoint\ not found.
File C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 .
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: j
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: j.YOUR-0CDC4F5844
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jav's version
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Javier

User: javier chavez
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: javier.YOUR-0CDC4F5844
->Temp folder emptied: 1087 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: j
->Java cache emptied: 0 bytes

User: j.YOUR-0CDC4F5844
->Java cache emptied: 0 bytes

User: jav's version
->Java cache emptied: 0 bytes

User: Javier

User: javier chavez
->Java cache emptied: 0 bytes

User: javier.YOUR-0CDC4F5844
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: j
->Flash cache emptied: 0 bytes

User: j.YOUR-0CDC4F5844
->Flash cache emptied: 0 bytes

User: jav's version
->Flash cache emptied: 0 bytes

User: Javier

User: javier chavez
->Flash cache emptied: 0 bytes

User: javier.YOUR-0CDC4F5844
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08152012_125452
Files\Folders moved on Reboot...
File move failed. F:\LaunchU3.exe scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2007/02/12 18:33:37 | 001,110,016 | R--- | M] () F:\LaunchU3.exe : MD5=AF3543ED6F0ACC75C1C12B094518B289
Registry entries deleted on Reboot...
 
SECCHECK:
Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java(TM) 6 Update 17
Java version out of Date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````
 
You must log in or register to reply here.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back