Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need Help to remove Win32:MBRoot-J

Started by robnj , Apr 14 2012 07:03 PM

Please log in to reply

#1
robnj

Posted 14 April 2012 - 07:03 PM

New Member

Member
5 posts

My Avast antivirus tells me I have a Win32:MBRoot-J[Trj] on something called MBR\\.\PHYSICALDRIVE0 . I have run Avast Quick scans, full scans and boot time scans and tried to move this to the virus chest and to fix, but to no avail. I downloaded Malwarebytes and ran the quick scan and it identified 5 registry key threats and removed them. I then ran a full scan (Malwarbytes) and it didn't find anything further. My Avast still indicates I have the Win32:MBRoot-J threat. I downloaded OTR and did the quick scan and got two tex files. I am attaching both below, along with the MalwareBytes quick scan log file. Can you please tell me if my laptop is still infected and if so what can I do to clean it? Thanks in advance.
-----------------------------------------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rob :: ROB-18087AE0E32 [administrator]

4/14/2012 1:53:02 PM
mbam-log-2012-04-14 (13-53-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216628
Time elapsed: 17 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCR\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
HKCR\Setup.Player.2K2 (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
HKCR\Setup.Player (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SVCWINSPOOL (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SVCWINSPOOL (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
---------------------------------------
OTL logfile created on: 4/14/2012 6:18:39 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 258.75 Mb Available Physical Memory | 25.31% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 74.16% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 66.99 Gb Free Space | 71.92% Space Free | Partition Type: NTFS

Computer Name: ROB-18087AE0E32 | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/14 18:15:25 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/01/25 19:05:44 | 001,712,176 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2008/08/13 16:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\TrainingCenter\gStart.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/12 09:51:30 | 000,508,848 | ---- | M] ( ) -- C:\WINDOWS\system32\LMabcoms.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/02/02 06:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 13:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/14 12:36:02 | 001,756,160 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12041401\algo.dll
MOD - [2012/03/13 11:36:10 | 000,684,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\eae9ae33ab98878a7c1e60eb4b4d76c1\SolutoCleanup.ni.dll
MOD - [2012/03/13 11:36:07 | 000,838,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\360df41a05e7617f1e64eca8b620e181\PCGDataAggregation.ni.dll
MOD - [2012/03/13 11:36:02 | 000,333,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\8f295da6e1ac004f96f13378043476f2\PCGBootVisualizingCore.ni.dll
MOD - [2012/03/13 11:35:59 | 000,050,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\88062dbcdba732ceb9fdd86a742fbece\Interop.NetFwTypeLib.ni.dll
MOD - [2012/03/13 11:35:57 | 000,357,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\90ccb042dc0be31da30f1c4ed310fdd4\PCGCatalogItemFootprint.ni.dll
MOD - [2012/03/13 11:35:55 | 000,876,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\bbf205347028baa69c358251530b4126\PCGBrowsersProbe.ni.dll
MOD - [2012/03/13 11:35:52 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\da41a181609ecf93fba1cb55430105bb\PCGSAProbe.ni.dll
MOD - [2012/03/13 11:35:51 | 000,111,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\ac5eeda8b9d98e7f2d87ac651a354afe\PCGCatalogItemCache.ni.dll
MOD - [2012/03/13 11:35:49 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\db2e71ae4e3dde727eb9b1112783bcb9\PCGEntities.ni.dll
MOD - [2012/03/13 11:35:48 | 000,888,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\ff345df442cdcd997a6a2490ebec1b9c\PCGClientCommunication.ni.dll
MOD - [2012/03/13 11:35:45 | 000,129,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\3a0fa3984e236b7a75b3c909dfef8ced\SolutoUpdateService.ni.dll
MOD - [2012/03/13 11:35:43 | 000,148,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\cd1c23f4aa813d74bcdafa2fee0bbec6\PCGUpgrader.ni.dll
MOD - [2012/03/13 11:35:40 | 001,933,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\4eec3c6cf20872fa6757daf52cd0b574\SolutoService.ni.exe
MOD - [2012/03/13 11:35:21 | 000,645,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\90018d74d8f07518d4f54f9e6c0268c0\PCGPostBootResources.ni.dll
MOD - [2012/03/13 11:35:18 | 000,060,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\24b5b3eb839c33e9412b743ab956ee59\PCGHIDProbe.ni.dll
MOD - [2012/03/13 11:35:13 | 000,044,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\186b1d1a6ebdbaa80128337eaf7699f0\PCGRSPProbe.ni.dll
MOD - [2012/03/13 11:35:08 | 002,327,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\4fd4a77fda7c2de21fb561f5bea96f4e\Community.CsharpSqlite.ni.dll
MOD - [2012/03/13 11:35:06 | 000,202,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\7e0f151afe2970214d839f9858ed7dc9\PCGWuInfo.ni.dll
MOD - [2012/03/13 11:35:05 | 000,100,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\d1b78475fd571b27e9f55dd9f2a5cb24\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2012/03/13 11:35:05 | 000,067,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\875b3737ddc0bcf3040a04120e1e9c8b\PCGUsersCenter.ni.dll
MOD - [2012/03/13 11:35:03 | 000,026,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\13b0b5c4a64a30dc8c4021d2c40c17db\PCGAppControlPluginLoader.ni.dll
MOD - [2012/03/13 11:35:00 | 004,109,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\bd3ee210527fd8210b7ac9cc99ecc090\PCGClientCommon.ni.dll
MOD - [2012/03/13 11:34:52 | 000,197,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\ba5b3c49e4d0254a2138dacc943dcba6\PCGBootVisualizingCommon.ni.dll
MOD - [2012/03/13 11:34:49 | 000,065,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\28564b93772e724051a9f886512285bf\PCGConfiguration.ni.dll
MOD - [2012/03/13 11:34:47 | 000,766,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\4608321d03e3ccba57b16ca7e6299ebe\System.Data.SqlServerCe.ni.dll
MOD - [2012/03/13 11:34:45 | 003,903,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\d418c69e65592fde09dfb27ed6c3d4af\PCGDatabase.ni.dll
MOD - [2012/03/13 11:34:40 | 000,047,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\39e5b6e68e13d09edc6482a737735c74\PCGAzureEntityFramework.ni.dll
MOD - [2012/03/13 11:34:39 | 001,308,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\326d4abf8ef5c17d607e837e5ede8e01\PCGAzureShared.ni.dll
MOD - [2012/03/13 11:34:37 | 001,278,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\335405a95001384843800057211f4811\PCGCommunication.ni.dll
MOD - [2012/03/13 11:34:32 | 000,194,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\67192c33a90a54c01312f1ef46082f17\PCGDriverProbe.ni.dll
MOD - [2012/03/13 11:34:30 | 002,845,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\2670ccbc0dcec9627647765c40e8e23a\PCGPreCompiled.ni.dll
MOD - [2012/03/13 11:34:26 | 000,205,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\eaaf2a2f7f22aa69fe9ea81cbcbaf01a\PCGPrestoSerializer.ni.dll
MOD - [2012/03/13 11:34:25 | 000,596,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\e5fda0e4f58f3145384f1a90a5c16c09\Ionic.Zip.Reduced.ni.dll
MOD - [2012/03/13 11:34:20 | 001,554,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ff6010a4a96718eabacee87d09f39aa8\Newtonsoft.Json.Net35.ni.dll
MOD - [2012/03/13 11:34:17 | 002,652,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\9b867a950447d7405f03ad82e920d6c4\PCGFramework.ni.dll
MOD - [2012/03/13 11:34:08 | 001,999,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\7b1d9ea7bd22654622b5f01453e20285\Soluto.ni.exe
MOD - [2012/02/16 10:53:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2012/02/16 10:47:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/16 10:46:54 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
MOD - [2012/02/16 10:46:54 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 10:46:51 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
MOD - [2012/02/16 10:46:47 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
MOD - [2012/02/16 10:46:45 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
MOD - [2012/02/16 10:46:08 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/16 10:43:39 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
MOD - [2012/02/16 10:41:48 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/16 10:41:41 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/16 10:41:24 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/16 10:41:07 | 002,516,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
MOD - [2012/02/16 10:41:01 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/02/16 10:40:50 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
MOD - [2012/02/16 10:36:10 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/15 20:53:16 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/02/15 20:52:59 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/15 20:52:58 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/01/25 18:57:02 | 000,071,216 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2011/10/12 21:02:18 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2007/01/12 09:51:30 | 000,508,848 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\system32\LMabcoms.exe -- (lmab_device)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/07 08:34:08 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2009/03/03 22:22:55 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2006/07/06 13:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/03 20:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/22 15:39:44 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 15:39:42 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 15:39:40 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/15 10:14:52 | 000,346,496 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/15 10:14:52 | 000,037,760 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/10 03:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/11 16:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/28 04:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {A914433C-940D-4306-B1EC-C900AC2C3860}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{A914433C-940D-4306-B1EC-C900AC2C3860}: "URL" = http://www.google.ca...1I7ADBF_enCA229
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/31 09:55:19 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Google Search = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Gmail = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [gStart] C:\Garmin\TrainingCenter\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 File not found
O4 - Startup: C:\Documents and Settings\Rob\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1321309714031 (MUCatalogWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47CC1509-D42A-4330-A269-4F6F69FB7A9E}: DhcpNameServer = 192.168.1.254 75.153.176.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/06 12:08:21 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{25c5371e-0d19-11de-bed4-0014a52fbda9}\Shell - "" = AutoRun
O33 - MountPoints2\{25c5371e-0d19-11de-bed4-0014a52fbda9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{25c5371e-0d19-11de-bed4-0014a52fbda9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9221cd06-1bcf-11de-bf0d-0014a52fbda9}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O33 - MountPoints2\{bc6a2cb1-aec8-11dd-bdda-0014a52fbda9}\Shell - "" = AutoRun
O33 - MountPoints2\{bc6a2cb1-aec8-11dd-bdda-0014a52fbda9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bc6a2cb1-aec8-11dd-bdda-0014a52fbda9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/14 18:15:10 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
[2012/04/14 13:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\Malwarebytes
[2012/04/14 13:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/14 13:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/14 13:50:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/14 13:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/14 18:15:25 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
[2012/04/14 18:08:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/14 17:14:18 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/04/14 16:42:48 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3D1086B-FF70-4450-83F2-D93055DEC513}.job
[2012/04/14 16:08:01 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/14 14:19:52 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/14 14:16:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/14 14:15:58 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1708537768-1547161642-839522115-1004.job
[2012/04/14 14:15:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/14 14:15:47 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/14 13:50:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/14 12:12:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/14 11:38:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/13 16:22:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/14 13:50:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/13 15:57:05 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/15 20:49:48 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/15 18:33:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/06/24 13:23:53 | 000,188,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/24 13:18:16 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

========== LOP Check ==========

[2010/10/19 11:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/04/18 14:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2007/06/06 12:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2012/03/14 09:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2008/07/18 21:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoneFiveSoftware
[2010/11/16 23:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/07 14:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/24 17:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/02/09 20:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\GARMIN
[2008/01/09 20:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\InterVideo
[2011/12/08 23:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\JLAdventCalendarLondon2011
[2007/08/27 16:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Leadertech
[2010/11/16 22:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\MSNInstaller
[2008/10/18 20:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\muvee Technologies
[2007/06/07 22:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\OfficeUpdate12
[2009/11/19 16:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\SmartDraw
[2012/04/14 14:19:52 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/04/14 16:42:48 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B3D1086B-FF70-4450-83F2-D93055DEC513}.job

========== Purity Check ==========

< End of report >
--OTL Extras logfile created on: 4/14/2012 6:18:39 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 258.75 Mb Available Physical Memory | 25.31% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 74.16% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 66.99 Gb Free Space | 71.92% Space Free | Partition Type: NTFS

Computer Name: ROB-18087AE0E32 | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Disabled:Steam -- (Valve Corporation)
"C:\WINDOWS\system32\LMabcoms.exe" = C:\WINDOWS\system32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP -- ( )
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
"C:\WINDOWS\system\svhost.exe" = C:\WINDOWS\system\svhost.exe:*:Enabled:svhost
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Soluto\Soluto.exe" = C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray -- (Soluto)
"C:\Program Files\Soluto\SolutoService.exe" = C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service -- (Soluto)
"C:\Program Files\Soluto\SolutoConsole.exe" = C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console -- (Soluto)
"C:\Program Files\Soluto\SolutoUpdateService.exe" = C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service -- (Soluto)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E22217-0E96-4C3F-B831-83AA942B7715}" = UserGuides
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10B3936F-0E93-4431-8E7B-3FEA5DAC88C3}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{2A09274B-98DE-CB96-1EE9-2436A0D37480}" = CCC Help English
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3374B4A6-5595-4667-882D-755ABE093806}" = Lyra Applications
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A3
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{46697B13-FCD5-7BC4-78C4-49FE0D60A00B}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF433B6-BEC9-4AD5-86D5-06EB5C62E792}" = Northern Alberta Institute of Technology
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{56192D4B-DB85-7029-6E77-E1505FBD5173}" = Catalyst Control Center Core Implementation
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACA9227-30FC-0DFE-B74F-C106F36A50B6}" = Catalyst Control Center Graphics Previews Common
"{5B48A8D9-D1AD-4424-BD4D-E462737099DF}" = SportTracks 3.0
"{5DF72004-F4A7-6AA2-0552-F7737199491E}" = ccc-core-static
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74379B6F-C173-F80E-5E3E-6A5F3E523DEC}" = Catalyst Control Center Graphics Full Existing
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{987F2E66-35EC-D7CC-02E0-6F7094D35B71}" = ccc-core-preinstall
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C16084-032F-4A6D-B19A-2E700421F9FB}" = Microsoft WorldWide Telescope
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B330C431-CDF4-E40D-A9E9-FF275A47AB7E}" = Catalyst Control Center Graphics Full New
"{B9C22F96-61F6-4ADA-808A-4A1AE835E75F}" = TIPCI
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B3
"{D29E46AC-B703-5A56-A795-12FB8E6C5DFC}" = Skins
"{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5
"{E3EC0A0D-3FA5-9175-F81C-BDD77FC1A087}" = ccc-utility
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{EF45B43B-D526-49F7-A2CD-4050A939AA1E}" = Lyra Digital Audio Player
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F6DC2328-1FA4-4F7A-954C-C733363266EE}" = Soluto
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"123di Version 5.0 5.0" = 123di Version 5.0
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = Data Fax SoftModem with SmartCP
"Compaq Presario r4000 User Guides" = Compaq Presario r4000 User Guides
"Conexant PCI Audio" = Conexant AC-Link Audio
"DivX Setup.divx.com" = DivX Setup
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Pavillion zv6000 User Guides" = HP Pavillion zv6000 User Guides
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{B9C22F96-61F6-4ADA-808A-4A1AE835E75F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6
"Lexmark_HostCD" = Lexmark Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/5/2008 10:47:17 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

Error - 4/6/2008 5:37:31 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

Error - 4/6/2008 8:54:37 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

Error - 4/6/2008 9:46:25 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

Error - 4/8/2008 8:57:33 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

Error - 11/9/2008 2:51:19 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

Error - 11/7/2009 2:21:23 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 4/14/2012 1:52:39 AM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8514516

Error - 4/14/2012 1:52:55 AM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/14/2012 1:52:55 AM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8530141

Error - 4/14/2012 1:52:55 AM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8530141

Error - 4/14/2012 1:53:11 AM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/14/2012 1:53:11 AM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8545875

Error - 4/14/2012 1:53:11 AM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8545875

Error - 4/14/2012 1:53:26 AM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/14/2012 1:53:26 AM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8561500

Error - 4/14/2012 1:53:26 AM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8561500

[ System Events ]
Error - 4/13/2012 5:34:47 PM | Computer Name = ROB-18087AE0E32 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/13/2012 5:34:49 PM | Computer Name = ROB-18087AE0E32 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/13/2012 5:35:37 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Soluto PCGenome Core
Service service to connect.

Error - 4/13/2012 5:35:37 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7000
Description = The Soluto PCGenome Core Service service failed to start due to the
following error: %%1053

Error - 4/13/2012 5:35:37 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AmdK8 aswSnx aswSP aswTdi eabfiltr Fips Soluto

Error - 4/13/2012 5:55:56 PM | Computer Name = ROB-18087AE0E32 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/13/2012 7:12:25 PM | Computer Name = ROB-18087AE0E32 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/13/2012 7:12:25 PM | Computer Name = ROB-18087AE0E32 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 4/13/2012 8:09:22 PM | Computer Name = ROB-18087AE0E32 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 4/13/2012 8:09:22 PM | Computer Name = ROB-18087AE0E32 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

< End of report >
------------------------------------

#2
RKinner

Posted 15 April 2012 - 12:48 AM

Malware Expert

Expert
24,625 posts

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 22
J2SE Runtime Environment 5.0 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
robnj

Posted 15 April 2012 - 09:01 PM

New Member

Topic Starter
Member
5 posts

Thanks Ron. I appreciate your help. I think I've run everything and copied all the log files below. I cleaned up my Java files and uploaded the latest version as well, so I hope I'm good to go. Here's my log file info:
ComboFix 12-04-15.02 - Rob 04/15/2012 17:51:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.488 [GMT -6:00]
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Rob\System
c:\documents and settings\Rob\System\win_qs8.jqx
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SYSDRV32
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-14 19:50 . 2012-04-14 19:50 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
2012-04-14 19:50 . 2012-04-14 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-04-14 19:50 . 2012-04-14 21:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-14 19:50 . 2012-04-04 21:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 00:45 . 2012-04-14 00:45 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{0C6CA56C-91DC-4811-AB06-6234F5CE6087}\offreg.dll
2012-04-13 22:25 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{0C6CA56C-91DC-4811-AB06-6234F5CE6087}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2010-10-19 17:36 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2008-09-02 04:01 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-03-22 02:02 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2008-09-02 04:02 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2008-09-02 04:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2008-09-02 04:02 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2008-09-02 04:02 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2008-09-02 04:02 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2008-09-02 04:02 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2008-09-02 04:02 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 02:23 . 2011-05-17 14:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-23 16:18 . 2009-10-02 22:07 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 06:03 . 2007-06-08 04:25 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gStart"="c:\garmin\TrainingCenter\gStart.exe" [2008-08-13 1891416]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-12 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 53248]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
c:\documents and settings\Rob\Start Menu\Programs\Startup\
Jacquie Lawson London Advent Calendar.lnk - c:\program files\Jacquie Lawson London Advent Calendar\Jacquie Lawson London Advent Calendar.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\LMabcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [7/14/2011 9:09 AM 51144]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/21/2011 8:02 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/1/2008 10:02 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/1/2008 10:02 PM 20696]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/13/2011 1:10 PM 200192]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2010 12:18 AM 135664]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [1/25/2012 7:05 PM 547872]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/19/2010 12:18 AM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 06:18]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 06:18]
.
2012-04-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
2012-04-15 c:\windows\Tasks\User_Feed_Synchronization-{B3D1086B-FF70-4450-83F2-D93055DEC513}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\DivXConverterUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 18:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?6?1?6??????? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2152)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wscntfy.exe
c:\program files\HPQ\shared\hpqwmi.exe
.
**************************************************************************
.
Completion time: 2012-04-15 18:20:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-16 00:20
.
Pre-Run: 71,429,726,208 bytes free
Post-Run: 72,193,122,304 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 0DC607A4E0E62DA7E58B42B7C9412BB2

18:33:03.0750 3448 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
18:33:04.0234 3448 ============================================================
18:33:04.0234 3448 Current date / time: 2012/04/15 18:33:04.0234
18:33:04.0234 3448 SystemInfo:
18:33:04.0234 3448
18:33:04.0234 3448 OS Version: 5.1.2600 ServicePack: 3.0
18:33:04.0234 3448 Product type: Workstation
18:33:04.0234 3448 ComputerName: ROB-18087AE0E32
18:33:04.0234 3448 UserName: Rob
18:33:04.0234 3448 Windows directory: C:\WINDOWS
18:33:04.0234 3448 System windows directory: C:\WINDOWS
18:33:04.0234 3448 Processor architecture: Intel x86
18:33:04.0234 3448 Number of processors: 1
18:33:04.0234 3448 Page size: 0x1000
18:33:04.0234 3448 Boot type: Normal boot
18:33:04.0234 3448 ============================================================
18:33:05.0343 3448 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:33:05.0343 3448 \Device\Harddisk0\DR0:
18:33:05.0343 3448 MBR used
18:33:05.0343 3448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
18:33:05.0437 3448 Initialize success
18:33:05.0437 3448 ============================================================
18:33:30.0421 0128 ============================================================
18:33:30.0421 0128 Scan started
18:33:30.0421 0128 Mode: Manual;
18:33:30.0421 0128 ============================================================
18:33:30.0750 0128 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:33:30.0750 0128 Aavmker4 - ok
18:33:30.0781 0128 Abiosdsk - ok
18:33:30.0796 0128 abp480n5 - ok
18:33:30.0859 0128 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:33:30.0859 0128 ACPI - ok
18:33:30.0921 0128 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:33:30.0921 0128 ACPIEC - ok
18:33:30.0937 0128 adpu160m - ok
18:33:31.0062 0128 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:33:31.0062 0128 aec - ok
18:33:31.0125 0128 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:33:31.0140 0128 AFD - ok
18:33:31.0156 0128 Aha154x - ok
18:33:31.0187 0128 aic78u2 - ok
18:33:31.0203 0128 aic78xx - ok
18:33:31.0265 0128 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:33:31.0281 0128 Alerter - ok
18:33:31.0312 0128 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:33:31.0312 0128 ALG - ok
18:33:31.0343 0128 AliIde - ok
18:33:31.0421 0128 AmdK8 (a2d5f093f9cb160c183c77015704f156) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:33:31.0421 0128 AmdK8 - ok
18:33:31.0453 0128 amsint - ok
18:33:31.0593 0128 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:33:31.0593 0128 Apple Mobile Device - ok
18:33:31.0609 0128 AppMgmt - ok
18:33:31.0671 0128 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:33:31.0671 0128 Arp1394 - ok
18:33:31.0703 0128 asc - ok
18:33:31.0718 0128 asc3350p - ok
18:33:31.0750 0128 asc3550 - ok
18:33:31.0890 0128 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:33:31.0890 0128 aspnet_state - ok
18:33:31.0968 0128 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:33:31.0968 0128 aswFsBlk - ok
18:33:32.0000 0128 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
18:33:32.0015 0128 aswMon2 - ok
18:33:32.0140 0128 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
18:33:32.0140 0128 aswRdr - ok
18:33:32.0250 0128 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
18:33:32.0265 0128 aswSnx - ok
18:33:32.0343 0128 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
18:33:32.0359 0128 aswSP - ok
18:33:32.0390 0128 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
18:33:32.0390 0128 aswTdi - ok
18:33:32.0453 0128 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:33:32.0453 0128 AsyncMac - ok
18:33:32.0500 0128 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:33:32.0500 0128 atapi - ok
18:33:32.0531 0128 Atdisk - ok
18:33:32.0609 0128 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
18:33:32.0625 0128 Ati HotKey Poller - ok
18:33:32.0718 0128 ATI Smart (d0adab8f96f521a35fd59a821820144e) C:\WINDOWS\system32\ati2sgag.exe
18:33:32.0718 0128 ATI Smart - ok
18:33:32.0812 0128 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:33:32.0906 0128 ati2mtag - ok
18:33:32.0968 0128 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:33:32.0968 0128 Atmarpc - ok
18:33:33.0031 0128 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:33:33.0031 0128 AudioSrv - ok
18:33:33.0078 0128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:33:33.0078 0128 audstub - ok
18:33:33.0265 0128 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
18:33:33.0265 0128 avast! Antivirus - ok
18:33:33.0453 0128 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:33:33.0453 0128 BCM43XX - ok
18:33:33.0515 0128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:33:33.0515 0128 Beep - ok
18:33:33.0593 0128 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:33:33.0593 0128 BITS - ok
18:33:33.0734 0128 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:33:33.0750 0128 Bonjour Service - ok
18:33:34.0031 0128 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:33:34.0031 0128 Browser - ok
18:33:34.0140 0128 CAMCAUD (23913c28ac89875bbfa03bccdc3a41e5) C:\WINDOWS\system32\drivers\camc6aud.sys
18:33:34.0140 0128 CAMCAUD - ok
18:33:34.0359 0128 CAMCHALA (e6edb12a44dafcef05dbddf3ed652388) C:\WINDOWS\system32\drivers\camc6hal.sys
18:33:34.0359 0128 CAMCHALA - ok
18:33:34.0375 0128 catchme - ok
18:33:34.0453 0128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:33:34.0453 0128 cbidf2k - ok
18:33:34.0484 0128 cd20xrnt - ok
18:33:34.0546 0128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:33:34.0546 0128 Cdaudio - ok
18:33:34.0609 0128 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:33:34.0609 0128 Cdfs - ok
18:33:34.0656 0128 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:33:34.0656 0128 Cdrom - ok
18:33:34.0671 0128 Changer - ok
18:33:34.0750 0128 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:33:34.0750 0128 CiSvc - ok
18:33:34.0781 0128 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:33:34.0781 0128 ClipSrv - ok
18:33:34.0906 0128 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:33:34.0906 0128 clr_optimization_v2.0.50727_32 - ok
18:33:35.0000 0128 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:33:35.0015 0128 CmBatt - ok
18:33:35.0046 0128 CmdIde - ok
18:33:35.0078 0128 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:33:35.0078 0128 Compbatt - ok
18:33:35.0109 0128 COMSysApp - ok
18:33:35.0140 0128 Cpqarray - ok
18:33:35.0171 0128 cpuz135 - ok
18:33:35.0234 0128 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:33:35.0234 0128 CryptSvc - ok
18:33:35.0328 0128 dac2w2k - ok
18:33:35.0359 0128 dac960nt - ok
18:33:35.0468 0128 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:33:35.0484 0128 DcomLaunch - ok
18:33:35.0546 0128 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:33:35.0546 0128 Dhcp - ok
18:33:35.0593 0128 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:33:35.0609 0128 Disk - ok
18:33:35.0640 0128 dmadmin - ok
18:33:35.0734 0128 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:33:35.0750 0128 dmboot - ok
18:33:35.0812 0128 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:33:35.0812 0128 dmio - ok
18:33:35.0875 0128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:33:35.0875 0128 dmload - ok
18:33:35.0953 0128 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:33:35.0953 0128 dmserver - ok
18:33:36.0015 0128 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:33:36.0015 0128 DMusic - ok
18:33:36.0093 0128 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:33:36.0093 0128 Dnscache - ok
18:33:36.0187 0128 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:33:36.0187 0128 Dot3svc - ok
18:33:36.0218 0128 dpti2o - ok
18:33:36.0281 0128 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:33:36.0281 0128 drmkaud - ok
18:33:36.0437 0128 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
18:33:36.0437 0128 eabfiltr - ok
18:33:36.0484 0128 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
18:33:36.0484 0128 eabusb - ok
18:33:36.0562 0128 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:33:36.0562 0128 EapHost - ok
18:33:36.0640 0128 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:33:36.0640 0128 ERSvc - ok
18:33:36.0718 0128 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:33:36.0734 0128 Eventlog - ok
18:33:36.0828 0128 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:33:36.0828 0128 EventSystem - ok
18:33:36.0890 0128 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:33:36.0890 0128 Fastfat - ok
18:33:36.0953 0128 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:33:36.0968 0128 FastUserSwitchingCompatibility - ok
18:33:37.0015 0128 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:33:37.0015 0128 Fdc - ok
18:33:37.0046 0128 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:33:37.0046 0128 Fips - ok
18:33:37.0078 0128 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:33:37.0078 0128 Flpydisk - ok
18:33:37.0125 0128 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:33:37.0125 0128 FltMgr - ok
18:33:37.0234 0128 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:33:37.0234 0128 FontCache3.0.0.0 - ok
18:33:37.0328 0128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:33:37.0328 0128 Fs_Rec - ok
18:33:37.0375 0128 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:33:37.0390 0128 Ftdisk - ok
18:33:37.0515 0128 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:33:37.0531 0128 GEARAspiWDM - ok
18:33:37.0625 0128 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:33:37.0625 0128 Gpc - ok
18:33:37.0703 0128 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
18:33:37.0718 0128 grmnusb - ok
18:33:37.0937 0128 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:33:37.0937 0128 gupdate - ok
18:33:37.0984 0128 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:33:37.0984 0128 gupdatem - ok
18:33:38.0046 0128 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:33:38.0046 0128 gusvc - ok
18:33:38.0218 0128 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:33:38.0218 0128 helpsvc - ok
18:33:38.0312 0128 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:33:38.0328 0128 HidServ - ok
18:33:38.0421 0128 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:33:38.0421 0128 HidUsb - ok
18:33:38.0609 0128 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:33:38.0609 0128 hkmsvc - ok
18:33:38.0671 0128 hpn - ok
18:33:38.0828 0128 hpqwmi (6745820c1b0783a367f03da128f5b1e2) C:\Program Files\HPQ\shared\hpqwmi.exe
18:33:38.0828 0128 hpqwmi - ok
18:33:38.0890 0128 HSFHWATI (13d4b70bf2f9bc550e9079da864d3ec1) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
18:33:38.0906 0128 HSFHWATI - ok
18:33:39.0000 0128 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:33:39.0078 0128 HSF_DP - ok
18:33:39.0156 0128 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:33:39.0171 0128 HTTP - ok
18:33:39.0234 0128 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:33:39.0250 0128 HTTPFilter - ok
18:33:39.0281 0128 i2omgmt - ok
18:33:39.0312 0128 i2omp - ok
18:33:39.0390 0128 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:33:39.0390 0128 i8042prt - ok
18:33:39.0718 0128 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:33:39.0781 0128 idsvc - ok
18:33:39.0906 0128 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:33:39.0906 0128 Imapi - ok
18:33:39.0984 0128 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:33:39.0984 0128 ImapiService - ok
18:33:40.0031 0128 ini910u - ok
18:33:40.0062 0128 IntelIde - ok
18:33:40.0109 0128 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:33:40.0109 0128 Ip6Fw - ok
18:33:40.0171 0128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:33:40.0171 0128 IpFilterDriver - ok
18:33:40.0203 0128 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:33:40.0203 0128 IpInIp - ok
18:33:40.0250 0128 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:33:40.0265 0128 IpNat - ok
18:33:40.0390 0128 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:33:40.0437 0128 iPod Service - ok
18:33:40.0484 0128 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:33:40.0484 0128 IPSec - ok
18:33:40.0531 0128 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:33:40.0531 0128 IRENUM - ok
18:33:40.0578 0128 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:33:40.0578 0128 isapnp - ok
18:33:40.0625 0128 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:33:40.0625 0128 Kbdclass - ok
18:33:40.0656 0128 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:33:40.0671 0128 kmixer - ok
18:33:40.0828 0128 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:33:40.0828 0128 KSecDD - ok
18:33:40.0890 0128 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:33:40.0906 0128 lanmanserver - ok
18:33:40.0984 0128 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:33:41.0015 0128 lanmanworkstation - ok
18:33:41.0031 0128 lbrtfdc - ok
18:33:41.0078 0128 lmab_device - ok
18:33:41.0140 0128 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:33:41.0140 0128 LmHosts - ok
18:33:41.0218 0128 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:33:41.0218 0128 mdmxsdk - ok
18:33:41.0265 0128 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:33:41.0265 0128 Messenger - ok
18:33:41.0343 0128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:33:41.0343 0128 mnmdd - ok
18:33:41.0421 0128 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:33:41.0421 0128 mnmsrvc - ok
18:33:41.0500 0128 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:33:41.0500 0128 Modem - ok
18:33:41.0562 0128 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:33:41.0562 0128 Mouclass - ok
18:33:41.0609 0128 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:33:41.0609 0128 mouhid - ok
18:33:41.0671 0128 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:33:41.0687 0128 MountMgr - ok
18:33:41.0703 0128 mraid35x - ok
18:33:41.0812 0128 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:33:41.0812 0128 MRxDAV - ok
18:33:41.0906 0128 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:33:41.0921 0128 MRxSmb - ok
18:33:42.0000 0128 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:33:42.0000 0128 MSDTC - ok
18:33:42.0046 0128 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:33:42.0062 0128 Msfs - ok
18:33:42.0078 0128 MSIServer - ok
18:33:42.0125 0128 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:33:42.0125 0128 MSKSSRV - ok
18:33:42.0171 0128 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:33:42.0171 0128 MSPCLOCK - ok
18:33:42.0203 0128 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:33:42.0203 0128 MSPQM - ok
18:33:42.0234 0128 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:33:42.0234 0128 mssmbios - ok
18:33:42.0312 0128 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:33:42.0312 0128 Mup - ok
18:33:42.0390 0128 MxlW2k (88f57a15b786bf2af9458f7903768085) C:\WINDOWS\system32\drivers\MxlW2k.sys
18:33:42.0390 0128 MxlW2k - ok
18:33:42.0484 0128 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:33:42.0500 0128 napagent - ok
18:33:42.0578 0128 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:33:42.0578 0128 NDIS - ok
18:33:42.0640 0128 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:33:42.0656 0128 NdisTapi - ok
18:33:42.0687 0128 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:33:42.0687 0128 Ndisuio - ok
18:33:42.0718 0128 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:33:42.0718 0128 NdisWan - ok
18:33:42.0796 0128 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:33:42.0796 0128 NDProxy - ok
18:33:42.0921 0128 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:33:42.0921 0128 NetBIOS - ok
18:33:43.0000 0128 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:33:43.0015 0128 NetBT - ok
18:33:43.0093 0128 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:33:43.0109 0128 NetDDE - ok
18:33:43.0125 0128 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:33:43.0140 0128 NetDDEdsdm - ok
18:33:43.0187 0128 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:33:43.0203 0128 Netlogon - ok
18:33:43.0250 0128 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:33:43.0265 0128 Netman - ok
18:33:43.0421 0128 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:33:43.0421 0128 NetTcpPortSharing - ok
18:33:43.0546 0128 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:33:43.0546 0128 NIC1394 - ok
18:33:43.0656 0128 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:33:43.0671 0128 Nla - ok
18:33:43.0718 0128 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:33:43.0734 0128 Npfs - ok
18:33:43.0765 0128 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:33:43.0781 0128 Ntfs - ok
18:33:43.0859 0128 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:33:43.0859 0128 NtLmSsp - ok
18:33:43.0984 0128 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:33:44.0000 0128 NtmsSvc - ok
18:33:44.0078 0128 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:33:44.0078 0128 NuidFltr - ok
18:33:44.0140 0128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:33:44.0140 0128 Null - ok
18:33:44.0218 0128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:33:44.0218 0128 NwlnkFlt - ok
18:33:44.0265 0128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:33:44.0265 0128 NwlnkFwd - ok
18:33:44.0328 0128 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:33:44.0343 0128 ohci1394 - ok
18:33:44.0437 0128 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:33:44.0453 0128 ose - ok
18:33:44.0593 0128 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:33:44.0593 0128 Parport - ok
18:33:44.0640 0128 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:33:44.0640 0128 PartMgr - ok
18:33:44.0687 0128 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:33:44.0687 0128 ParVdm - ok
18:33:44.0718 0128 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:33:44.0718 0128 PCI - ok
18:33:44.0750 0128 PCIDump - ok
18:33:44.0796 0128 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:33:44.0812 0128 PCIIde - ok
18:33:44.0843 0128 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:33:44.0843 0128 Pcmcia - ok
18:33:44.0875 0128 PDCOMP - ok
18:33:44.0906 0128 PDFRAME - ok
18:33:44.0984 0128 PDRELI - ok
18:33:45.0015 0128 PDRFRAME - ok
18:33:45.0031 0128 perc2 - ok
18:33:45.0062 0128 perc2hib - ok
18:33:45.0187 0128 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:33:45.0203 0128 PlugPlay - ok
18:33:45.0265 0128 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
18:33:45.0265 0128 Point32 - ok
18:33:45.0312 0128 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:33:45.0328 0128 PolicyAgent - ok
18:33:45.0390 0128 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:33:45.0390 0128 PptpMiniport - ok
18:33:45.0421 0128 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:33:45.0421 0128 Processor - ok
18:33:45.0500 0128 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:33:45.0500 0128 ProtectedStorage - ok
18:33:45.0562 0128 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:33:45.0578 0128 PSched - ok
18:33:45.0609 0128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:33:45.0609 0128 Ptilink - ok
18:33:45.0671 0128 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:33:45.0671 0128 PxHelp20 - ok
18:33:45.0703 0128 ql1080 - ok
18:33:45.0718 0128 Ql10wnt - ok
18:33:45.0750 0128 ql12160 - ok
18:33:45.0781 0128 ql1240 - ok
18:33:45.0812 0128 ql1280 - ok
18:33:45.0843 0128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:33:45.0843 0128 RasAcd - ok
18:33:45.0921 0128 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:33:45.0937 0128 RasAuto - ok
18:33:45.0968 0128 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:33:45.0968 0128 Rasl2tp - ok
18:33:46.0109 0128 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:33:46.0125 0128 RasMan - ok
18:33:46.0203 0128 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:33:46.0203 0128 RasPppoe - ok
18:33:46.0234 0128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:33:46.0234 0128 Raspti - ok
18:33:46.0281 0128 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:33:46.0296 0128 Rdbss - ok
18:33:46.0343 0128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:33:46.0343 0128 RDPCDD - ok
18:33:46.0437 0128 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:33:46.0453 0128 RDPWD - ok
18:33:46.0515 0128 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:33:46.0531 0128 RDSessMgr - ok
18:33:46.0609 0128 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:33:46.0609 0128 redbook - ok
18:33:46.0687 0128 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:33:46.0703 0128 RemoteAccess - ok
18:33:46.0750 0128 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:33:46.0750 0128 RpcLocator - ok
18:33:46.0843 0128 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:33:46.0859 0128 RpcSs - ok
18:33:46.0937 0128 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:33:46.0953 0128 RSVP - ok
18:33:47.0015 0128 RTL8023xp (1e7978c5e355407efdfc7b7328ef13e7) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
18:33:47.0031 0128 RTL8023xp - ok
18:33:47.0156 0128 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:33:47.0156 0128 rtl8139 - ok
18:33:47.0218 0128 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:33:47.0234 0128 SamSs - ok
18:33:47.0312 0128 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:33:47.0343 0128 SCardSvr - ok
18:33:47.0437 0128 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:33:47.0437 0128 Schedule - ok
18:33:47.0500 0128 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:33:47.0500 0128 sdbus - ok
18:33:47.0578 0128 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:33:47.0578 0128 Secdrv - ok
18:33:47.0656 0128 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:33:47.0671 0128 seclogon - ok
18:33:47.0703 0128 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:33:47.0703 0128 SENS - ok
18:33:47.0781 0128 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:33:47.0781 0128 Serial - ok
18:33:47.0859 0128 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:33:47.0875 0128 Sfloppy - ok
18:33:47.0968 0128 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:33:47.0984 0128 SharedAccess - ok
18:33:48.0046 0128 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:33:48.0062 0128 ShellHWDetection - ok
18:33:48.0171 0128 Simbad - ok
18:33:48.0250 0128 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\WINDOWS\system32\DRIVERS\Soluto.sys
18:33:48.0250 0128 Soluto - ok
18:33:48.0421 0128 SolutoService (a642a3a95c421a1ffded2e906f2a9856) C:\Program Files\Soluto\SolutoService.exe
18:33:48.0437 0128 SolutoService - ok
18:33:48.0468 0128 Sparrow - ok
18:33:48.0531 0128 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:33:48.0531 0128 splitter - ok
18:33:48.0593 0128 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:33:48.0593 0128 Spooler - ok
18:33:48.0625 0128 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:33:48.0640 0128 sr - ok
18:33:48.0718 0128 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:33:48.0734 0128 srservice - ok
18:33:48.0796 0128 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:33:48.0812 0128 Srv - ok
18:33:48.0859 0128 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:33:48.0875 0128 SSDPSRV - ok
18:33:48.0968 0128 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:33:48.0984 0128 stisvc - ok
18:33:49.0046 0128 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:33:49.0046 0128 swenum - ok
18:33:49.0093 0128 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:33:49.0093 0128 swmidi - ok
18:33:49.0125 0128 SwPrv - ok
18:33:49.0234 0128 symc810 - ok
18:33:49.0265 0128 symc8xx - ok
18:33:49.0296 0128 sym_hi - ok
18:33:49.0328 0128 sym_u3 - ok
18:33:49.0406 0128 SynTP (1dbc86da355b5db35174f862c110fd09) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:33:49.0421 0128 SynTP - ok
18:33:49.0484 0128 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:33:49.0484 0128 sysaudio - ok
18:33:49.0562 0128 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:33:49.0593 0128 SysmonLog - ok
18:33:49.0640 0128 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:33:49.0656 0128 TapiSrv - ok
18:33:49.0734 0128 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:33:49.0750 0128 Tcpip - ok
18:33:49.0812 0128 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:33:49.0812 0128 TDPIPE - ok
18:33:49.0875 0128 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:33:49.0875 0128 TDTCP - ok
18:33:49.0921 0128 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:33:49.0921 0128 TermDD - ok
18:33:50.0000 0128 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:33:50.0015 0128 TermService - ok
18:33:50.0109 0128 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:33:50.0125 0128 Themes - ok
18:33:50.0187 0128 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\WINDOWS\system32\drivers\tifm21.sys
18:33:50.0203 0128 tifm21 - ok
18:33:50.0312 0128 TosIde - ok
18:33:50.0390 0128 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:33:50.0406 0128 TrkWks - ok
18:33:50.0484 0128 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:33:50.0484 0128 Udfs - ok
18:33:50.0515 0128 ultra - ok
18:33:50.0578 0128 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:33:50.0593 0128 Update - ok
18:33:50.0640 0128 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:33:50.0640 0128 upnphost - ok
18:33:50.0687 0128 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:33:50.0687 0128 UPS - ok
18:33:50.0750 0128 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:33:50.0750 0128 USBAAPL - ok
18:33:50.0812 0128 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:33:50.0828 0128 usbehci - ok
18:33:50.0890 0128 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:33:50.0890 0128 usbhub - ok
18:33:50.0953 0128 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:33:50.0953 0128 usbohci - ok
18:33:51.0000 0128 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:33:51.0000 0128 usbscan - ok
18:33:51.0031 0128 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:33:51.0031 0128 USBSTOR - ok
18:33:51.0078 0128 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:33:51.0078 0128 VgaSave - ok
18:33:51.0109 0128 ViaIde - ok
18:33:51.0140 0128 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:33:51.0140 0128 VolSnap - ok
18:33:51.0218 0128 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:33:51.0234 0128 VSS - ok
18:33:51.0281 0128 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:33:51.0296 0128 W32Time - ok
18:33:51.0437 0128 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:33:51.0437 0128 Wanarp - ok
18:33:51.0515 0128 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:33:51.0546 0128 Wdf01000 - ok
18:33:51.0562 0128 WDICA - ok
18:33:51.0625 0128 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:33:51.0625 0128 wdmaud - ok
18:33:51.0687 0128 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:33:51.0687 0128 WebClient - ok
18:33:51.0781 0128 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:33:51.0796 0128 winachsf - ok
18:33:51.0921 0128 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
18:33:51.0921 0128 WinDefend - ok
18:33:52.0093 0128 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:33:52.0093 0128 winmgmt - ok
18:33:52.0187 0128 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:33:52.0187 0128 WmdmPmSN - ok
18:33:52.0250 0128 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:33:52.0250 0128 WmiAcpi - ok
18:33:52.0343 0128 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:33:52.0343 0128 WmiApSrv - ok
18:33:52.0609 0128 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:33:52.0656 0128 WMPNetworkSvc - ok
18:33:52.0859 0128 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:33:52.0859 0128 WS2IFSL - ok
18:33:52.0968 0128 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:33:52.0984 0128 wscsvc - ok
18:33:53.0046 0128 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:33:53.0062 0128 wuauserv - ok
18:33:53.0140 0128 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:33:53.0140 0128 WudfPf - ok
18:33:53.0171 0128 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:33:53.0171 0128 WudfRd - ok
18:33:53.0218 0128 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:33:53.0234 0128 WudfSvc - ok
18:33:53.0328 0128 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:33:53.0390 0128 WZCSVC - ok
18:33:53.0468 0128 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:33:53.0484 0128 xmlprov - ok
18:33:53.0562 0128 xpsec - ok
18:33:53.0593 0128 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
18:33:53.0593 0128 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - infected
18:33:53.0593 0128 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Sinowal.b (0)
18:33:53.0609 0128 Boot (0x1200) (5789d396748d649541eb31307636995c) \Device\Harddisk0\DR0\Partition0
18:33:53.0609 0128 \Device\Harddisk0\DR0\Partition0 - ok
18:33:53.0625 0128 ============================================================
18:33:53.0625 0128 Scan finished
18:33:53.0625 0128 ============================================================
18:33:53.0671 2056 Detected object count: 1
18:33:53.0671 2056 Actual detected object count: 1
18:35:37.0968 2056 \Device\Harddisk0\DR0\# - copied to quarantine
18:35:37.0968 2056 \Device\Harddisk0\DR0 - copied to quarantine
18:35:37.0984 2056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
18:35:38.0031 2056 \Device\Harddisk0\DR0 - ok
18:35:38.0031 2056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
18:35:46.0625 0496 Deinitialize success

18:43:27.0875 0232 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
18:43:28.0515 0232 ============================================================
18:43:28.0515 0232 Current date / time: 2012/04/15 18:43:28.0515
18:43:28.0515 0232 SystemInfo:
18:43:28.0515 0232
18:43:28.0515 0232 OS Version: 5.1.2600 ServicePack: 3.0
18:43:28.0515 0232 Product type: Workstation
18:43:28.0515 0232 ComputerName: ROB-18087AE0E32
18:43:28.0515 0232 UserName: Rob
18:43:28.0515 0232 Windows directory: C:\WINDOWS
18:43:28.0515 0232 System windows directory: C:\WINDOWS
18:43:28.0515 0232 Processor architecture: Intel x86
18:43:28.0515 0232 Number of processors: 1
18:43:28.0515 0232 Page size: 0x1000
18:43:28.0515 0232 Boot type: Normal boot
18:43:28.0515 0232 ============================================================
18:43:29.0593 0232 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:43:29.0593 0232 \Device\Harddisk0\DR0:
18:43:29.0593 0232 MBR used
18:43:29.0593 0232 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBA4CF41
18:43:29.0625 0232 Initialize success
18:43:29.0625 0232 ============================================================
18:44:11.0421 2892 ============================================================
18:44:11.0421 2892 Scan started
18:44:11.0421 2892 Mode: Manual; SigCheck; TDLFS;
18:44:11.0421 2892 ============================================================
18:44:11.0906 2892 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:44:12.0203 2892 Aavmker4 - ok
18:44:12.0265 2892 Abiosdsk - ok
18:44:12.0296 2892 abp480n5 - ok
18:44:12.0375 2892 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:44:14.0828 2892 ACPI - ok
18:44:15.0015 2892 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:44:15.0234 2892 ACPIEC - ok
18:44:15.0296 2892 adpu160m - ok
18:44:15.0359 2892 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:44:15.0531 2892 aec - ok
18:44:15.0593 2892 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:44:15.0687 2892 AFD - ok
18:44:15.0703 2892 Aha154x - ok
18:44:15.0734 2892 aic78u2 - ok
18:44:15.0765 2892 aic78xx - ok
18:44:15.0812 2892 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:44:15.0984 2892 Alerter - ok
18:44:16.0031 2892 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:44:16.0187 2892 ALG - ok
18:44:16.0218 2892 AliIde - ok
18:44:16.0250 2892 AmdK8 (a2d5f093f9cb160c183c77015704f156) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:44:16.0296 2892 AmdK8 - ok
18:44:16.0312 2892 amsint - ok
18:44:16.0468 2892 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:44:16.0484 2892 Apple Mobile Device - ok
18:44:16.0593 2892 AppMgmt - ok
18:44:16.0671 2892 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:44:16.0828 2892 Arp1394 - ok
18:44:16.0843 2892 asc - ok
18:44:16.0875 2892 asc3350p - ok
18:44:16.0906 2892 asc3550 - ok
18:44:17.0078 2892 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:44:17.0109 2892 aspnet_state - ok
18:44:17.0171 2892 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:44:17.0187 2892 aswFsBlk - ok
18:44:17.0218 2892 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
18:44:17.0250 2892 aswMon2 - ok
18:44:17.0281 2892 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
18:44:17.0296 2892 aswRdr - ok
18:44:17.0421 2892 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
18:44:17.0468 2892 aswSnx - ok
18:44:17.0562 2892 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
18:44:17.0593 2892 aswSP - ok
18:44:17.0640 2892 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
18:44:17.0656 2892 aswTdi - ok
18:44:17.0718 2892 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:44:17.0859 2892 AsyncMac - ok
18:44:17.0890 2892 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:44:18.0062 2892 atapi - ok
18:44:18.0078 2892 Atdisk - ok
18:44:18.0140 2892 Ati HotKey Poller (abc57a6f6070baf9786c318f59f29f0b) C:\WINDOWS\system32\Ati2evxx.exe
18:44:18.0234 2892 Ati HotKey Poller - ok
18:44:18.0328 2892 ATI Smart (d0adab8f96f521a35fd59a821820144e) C:\WINDOWS\system32\ati2sgag.exe
18:44:18.0375 2892 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
18:44:18.0375 2892 ATI Smart - detected UnsignedFile.Multi.Generic (1)
18:44:18.0593 2892 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:44:18.0718 2892 ati2mtag - ok
18:44:18.0781 2892 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:44:19.0046 2892 Atmarpc - ok
18:44:19.0093 2892 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:44:19.0234 2892 AudioSrv - ok
18:44:19.0296 2892 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:44:19.0453 2892 audstub - ok
18:44:19.0609 2892 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
18:44:19.0609 2892 avast! Antivirus - ok
18:44:19.0796 2892 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:44:19.0890 2892 BCM43XX - ok
18:44:19.0953 2892 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:44:20.0156 2892 Beep - ok
18:44:20.0218 2892 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:44:20.0437 2892 BITS - ok
18:44:20.0562 2892 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:44:20.0593 2892 Bonjour Service - ok
18:44:20.0765 2892 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:44:20.0906 2892 Browser - ok
18:44:20.0984 2892 CAMCAUD (23913c28ac89875bbfa03bccdc3a41e5) C:\WINDOWS\system32\drivers\camc6aud.sys
18:44:21.0031 2892 CAMCAUD - ok
18:44:21.0109 2892 CAMCHALA (e6edb12a44dafcef05dbddf3ed652388) C:\WINDOWS\system32\drivers\camc6hal.sys
18:44:21.0156 2892 CAMCHALA - ok
18:44:21.0187 2892 catchme - ok
18:44:21.0234 2892 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:44:21.0421 2892 cbidf2k - ok
18:44:21.0437 2892 cd20xrnt - ok
18:44:21.0500 2892 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:44:21.0687 2892 Cdaudio - ok
18:44:21.0750 2892 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:44:21.0875 2892 Cdfs - ok
18:44:21.0906 2892 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:44:22.0046 2892 Cdrom - ok
18:44:22.0078 2892 Changer - ok
18:44:22.0125 2892 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:44:22.0281 2892 CiSvc - ok
18:44:22.0312 2892 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:44:22.0453 2892 ClipSrv - ok
18:44:22.0593 2892 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:44:22.0687 2892 clr_optimization_v2.0.50727_32 - ok
18:44:22.0796 2892 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:44:22.0921 2892 CmBatt - ok
18:44:22.0953 2892 CmdIde - ok
18:44:23.0015 2892 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:44:23.0156 2892 Compbatt - ok
18:44:23.0187 2892 COMSysApp - ok
18:44:23.0218 2892 Cpqarray - ok
18:44:23.0265 2892 cpuz135 - ok
18:44:23.0328 2892 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:44:23.0484 2892 CryptSvc - ok
18:44:23.0515 2892 dac2w2k - ok
18:44:23.0562 2892 dac960nt - ok
18:44:23.0656 2892 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:44:23.0781 2892 DcomLaunch - ok
18:44:23.0937 2892 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:44:24.0078 2892 Dhcp - ok
18:44:24.0140 2892 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:44:24.0359 2892 Disk - ok
18:44:24.0406 2892 dmadmin - ok
18:44:24.0515 2892 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:44:24.0687 2892 dmboot - ok
18:44:24.0750 2892 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:44:24.0906 2892 dmio - ok
18:44:24.0968 2892 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:44:25.0125 2892 dmload - ok
18:44:25.0234 2892 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:44:25.0375 2892 dmserver - ok
18:44:25.0453 2892 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:44:25.0593 2892 DMusic - ok
18:44:25.0671 2892 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:44:25.0796 2892 Dnscache - ok
18:44:25.0937 2892 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:44:26.0109 2892 Dot3svc - ok
18:44:26.0156 2892 dpti2o - ok
18:44:26.0218 2892 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:44:26.0421 2892 drmkaud - ok
18:44:26.0500 2892 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
18:44:26.0546 2892 eabfiltr - ok
18:44:26.0593 2892 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
18:44:26.0625 2892 eabusb - ok
18:44:26.0687 2892 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:44:26.0828 2892 EapHost - ok
18:44:26.0890 2892 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:44:27.0015 2892 ERSvc - ok
18:44:27.0078 2892 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:44:27.0093 2892 Eventlog - ok
18:44:27.0171 2892 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:44:27.0234 2892 EventSystem - ok
18:44:27.0296 2892 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:44:27.0453 2892 Fastfat - ok
18:44:27.0609 2892 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:44:27.0687 2892 FastUserSwitchingCompatibility - ok
18:44:27.0765 2892 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:44:27.0921 2892 Fdc - ok
18:44:27.0953 2892 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:44:28.0187 2892 Fips - ok
18:44:28.0250 2892 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:44:28.0375 2892 Flpydisk - ok
18:44:28.0421 2892 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:44:28.0546 2892 FltMgr - ok
18:44:28.0687 2892 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:44:28.0703 2892 FontCache3.0.0.0 - ok
18:44:28.0781 2892 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:44:28.0953 2892 Fs_Rec - ok
18:44:29.0015 2892 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:44:29.0187 2892 Ftdisk - ok
18:44:29.0250 2892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:44:29.0265 2892 GEARAspiWDM - ok
18:44:29.0343 2892 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:44:29.0453 2892 Gpc - ok
18:44:29.0515 2892 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
18:44:29.0562 2892 grmnusb - ok
18:44:29.0765 2892 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:44:29.0781 2892 gupdate - ok
18:44:29.0812 2892 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:44:29.0812 2892 gupdatem - ok
18:44:29.0890 2892 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:44:29.0906 2892 gusvc - ok
18:44:30.0062 2892 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:44:30.0296 2892 helpsvc - ok
18:44:30.0390 2892 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:44:30.0500 2892 HidServ - ok
18:44:30.0593 2892 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:44:30.0703 2892 HidUsb - ok
18:44:30.0796 2892 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:44:30.0953 2892 hkmsvc - ok
18:44:30.0968 2892 hpn - ok
18:44:31.0109 2892 hpqwmi (6745820c1b0783a367f03da128f5b1e2) C:\Program Files\HPQ\shared\hpqwmi.exe
18:44:31.0125 2892 hpqwmi ( UnsignedFile.Multi.Generic ) - warning
18:44:31.0125 2892 hpqwmi - detected UnsignedFile.Multi.Generic (1)
18:44:31.0187 2892 HSFHWATI (13d4b70bf2f9bc550e9079da864d3ec1) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
18:44:31.0265 2892 HSFHWATI - ok
18:44:31.0343 2892 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
18:44:31.0500 2892 HSF_DP - ok
18:44:31.0578 2892 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:44:31.0625 2892 HTTP - ok
18:44:31.0687 2892 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:44:31.0906 2892 HTTPFilter - ok
18:44:31.0937 2892 i2omgmt - ok
18:44:31.0953 2892 i2omp - ok
18:44:32.0031 2892 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:44:32.0140 2892 i8042prt - ok
18:44:32.0312 2892 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:44:32.0390 2892 idsvc - ok
18:44:32.0453 2892 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:44:32.0578 2892 Imapi - ok
18:44:32.0640 2892 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:44:32.0796 2892 ImapiService - ok
18:44:32.0828 2892 ini910u - ok
18:44:32.0859 2892 IntelIde - ok
18:44:32.0890 2892 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:44:33.0046 2892 Ip6Fw - ok
18:44:33.0078 2892 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:44:33.0281 2892 IpFilterDriver - ok
18:44:33.0328 2892 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:44:33.0437 2892 IpInIp - ok
18:44:33.0484 2892 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:44:33.0609 2892 IpNat - ok
18:44:33.0750 2892 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:44:33.0812 2892 iPod Service - ok
18:44:33.0984 2892 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:44:34.0140 2892 IPSec - ok
18:44:34.0171 2892 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:44:34.0312 2892 IRENUM - ok
18:44:34.0359 2892 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:44:34.0500 2892 isapnp - ok
18:44:34.0531 2892 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:44:34.0671 2892 Kbdclass - ok
18:44:34.0718 2892 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:44:34.0859 2892 kmixer - ok
18:44:34.0921 2892 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:44:35.0000 2892 KSecDD - ok
18:44:35.0062 2892 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:44:35.0125 2892 lanmanserver - ok
18:44:35.0203 2892 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:44:35.0296 2892 lanmanworkstation - ok
18:44:35.0312 2892 lbrtfdc - ok
18:44:35.0343 2892 lmab_device - ok
18:44:35.0406 2892 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:44:35.0625 2892 LmHosts - ok
18:44:35.0687 2892 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:44:35.0718 2892 mdmxsdk - ok
18:44:35.0796 2892 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:44:35.0906 2892 Messenger - ok
18:44:35.0968 2892 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:44:36.0125 2892 mnmdd - ok
18:44:36.0187 2892 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:44:36.0343 2892 mnmsrvc - ok
18:44:36.0406 2892 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:44:36.0562 2892 Modem - ok
18:44:36.0609 2892 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:44:36.0750 2892 Mouclass - ok
18:44:36.0796 2892 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:44:36.0984 2892 mouhid - ok
18:44:37.0046 2892 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:44:37.0171 2892 MountMgr - ok
18:44:37.0203 2892 mraid35x - ok
18:44:37.0250 2892 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:44:37.0390 2892 MRxDAV - ok
18:44:37.0468 2892 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:44:37.0609 2892 MRxSmb - ok
18:44:37.0671 2892 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:44:37.0828 2892 MSDTC - ok
18:44:37.0890 2892 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:44:38.0031 2892 Msfs - ok
18:44:38.0062 2892 MSIServer - ok
18:44:38.0093 2892 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:44:38.0218 2892 MSKSSRV - ok
18:44:38.0250 2892 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:44:38.0390 2892 MSPCLOCK - ok
18:44:38.0421 2892 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:44:38.0562 2892 MSPQM - ok
18:44:38.0593 2892 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:44:38.0718 2892 mssmbios - ok
18:44:38.0796 2892 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:44:38.0828 2892 Mup - ok
18:44:38.0890 2892 MxlW2k (88f57a15b786bf2af9458f7903768085) C:\WINDOWS\system32\drivers\MxlW2k.sys
18:44:38.0906 2892 MxlW2k ( UnsignedFile.Multi.Generic ) - warning
18:44:38.0906 2892 MxlW2k - detected UnsignedFile.Multi.Generic (1)
18:44:39.0000 2892 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:44:39.0156 2892 napagent - ok
18:44:39.0218 2892 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:44:39.0359 2892 NDIS - ok
18:44:39.0421 2892 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:44:39.0500 2892 NdisTapi - ok
18:44:39.0562 2892 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:44:39.0703 2892 Ndisuio - ok
18:44:39.0734 2892 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:44:39.0875 2892 NdisWan - ok
18:44:39.0921 2892 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:44:40.0000 2892 NDProxy - ok
18:44:40.0093 2892 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:44:40.0234 2892 NetBIOS - ok
18:44:40.0296 2892 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:44:40.0421 2892 NetBT - ok
18:44:40.0500 2892 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:44:40.0656 2892 NetDDE - ok
18:44:40.0671 2892 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:44:40.0796 2892 NetDDEdsdm - ok
18:44:40.0875 2892 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:44:40.0984 2892 Netlogon - ok
18:44:41.0046 2892 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:44:41.0203 2892 Netman - ok
18:44:41.0343 2892 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:44:41.0359 2892 NetTcpPortSharing - ok
18:44:41.0468 2892 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:44:41.0609 2892 NIC1394 - ok
18:44:41.0687 2892 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:44:41.0718 2892 Nla - ok
18:44:41.0796 2892 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:44:41.0937 2892 Npfs - ok
18:44:42.0031 2892 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:44:42.0187 2892 Ntfs - ok
18:44:42.0234 2892 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:44:42.0375 2892 NtLmSsp - ok
18:44:42.0453 2892 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:44:42.0609 2892 NtmsSvc - ok
18:44:42.0656 2892 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:44:42.0671 2892 NuidFltr - ok
18:44:42.0734 2892 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:44:42.0906 2892 Null - ok
18:44:42.0968 2892 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:44:43.0171 2892 NwlnkFlt - ok
18:44:43.0218 2892 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:44:43.0406 2892 NwlnkFwd - ok
18:44:43.0468 2892 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:44:43.0578 2892 ohci1394 - ok
18:44:43.0687 2892 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:44:43.0703 2892 ose - ok
18:44:43.0859 2892 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:44:43.0968 2892 Parport - ok
18:44:44.0031 2892 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:44:44.0171 2892 PartMgr - ok
18:44:44.0203 2892 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:44:44.0390 2892 ParVdm - ok
18:44:44.0421 2892 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:44:44.0546 2892 PCI - ok
18:44:44.0562 2892 PCIDump - ok
18:44:44.0609 2892 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:44:44.0828 2892 PCIIde - ok
18:44:44.0875 2892 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:44:44.0984 2892 Pcmcia - ok
18:44:45.0000 2892 PDCOMP - ok
18:44:45.0031 2892 PDFRAME - ok
18:44:45.0046 2892 PDRELI - ok
18:44:45.0078 2892 PDRFRAME - ok
18:44:45.0109 2892 perc2 - ok
18:44:45.0125 2892 perc2hib - ok
18:44:45.0218 2892 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:44:45.0234 2892 PlugPlay - ok
18:44:45.0296 2892 Point32 (5c71f7cdd1b4ba5f00b87ca05e414aea) C:\WINDOWS\system32\DRIVERS\point32.sys
18:44:45.0359 2892 Point32 - ok
18:44:45.0406 2892 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:44:45.0562 2892 PolicyAgent - ok
18:44:45.0609 2892 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:44:45.0765 2892 PptpMiniport - ok
18:44:45.0812 2892 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:44:45.0953 2892 Processor - ok
18:44:46.0015 2892 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:44:46.0140 2892 ProtectedStorage - ok
18:44:46.0187 2892 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:44:46.0328 2892 PSched - ok
18:44:46.0343 2892 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:44:46.0531 2892 Ptilink - ok
18:44:46.0578 2892 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:44:46.0593 2892 PxHelp20 - ok
18:44:46.0625 2892 ql1080 - ok
18:44:46.0640 2892 Ql10wnt - ok
18:44:46.0671 2892 ql12160 - ok
18:44:46.0687 2892 ql1240 - ok
18:44:46.0718 2892 ql1280 - ok
18:44:46.0750 2892 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:44:46.0921 2892 RasAcd - ok
18:44:46.0984 2892 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:44:47.0109 2892 RasAuto - ok
18:44:47.0156 2892 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:44:47.0265 2892 Rasl2tp - ok
18:44:47.0328 2892 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:44:47.0468 2892 RasMan - ok
18:44:47.0500 2892 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:44:47.0671 2892 RasPppoe - ok
18:44:47.0687 2892 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:44:47.0875 2892 Raspti - ok
18:44:47.0921 2892 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:44:48.0031 2892 Rdbss - ok
18:44:48.0078 2892 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:44:48.0250 2892 RDPCDD - ok
18:44:48.0328 2892 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:44:48.0421 2892 RDPWD - ok
18:44:48.0484 2892 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:44:48.0609 2892 RDSessMgr - ok
18:44:48.0687 2892 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:44:48.0812 2892 redbook - ok
18:44:48.0890 2892 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:44:49.0015 2892 RemoteAccess - ok
18:44:49.0093 2892 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:44:49.0218 2892 RpcLocator - ok
18:44:49.0312 2892 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:44:49.0375 2892 RpcSs - ok
18:44:49.0453 2892 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:44:49.0671 2892 RSVP - ok
18:44:49.0812 2892 RTL8023xp (1e7978c5e355407efdfc7b7328ef13e7) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
18:44:49.0875 2892 RTL8023xp - ok
18:44:49.0921 2892 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:44:50.0046 2892 rtl8139 - ok
18:44:50.0093 2892 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:44:50.0218 2892 SamSs - ok
18:44:50.0296 2892 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:44:50.0437 2892 SCardSvr - ok
18:44:50.0515 2892 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:44:50.0656 2892 Schedule - ok
18:44:50.0734 2892 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:44:50.0875 2892 sdbus - ok
18:44:50.0937 2892 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:44:51.0062 2892 Secdrv - ok
18:44:51.0125 2892 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:44:51.0265 2892 seclogon - ok
18:44:51.0296 2892 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:44:51.0437 2892 SENS - ok
18:44:51.0500 2892 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:44:51.0625 2892 Serial - ok
18:44:51.0687 2892 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:44:51.0812 2892 Sfloppy - ok
18:44:51.0890 2892 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:44:52.0062 2892 SharedAccess - ok
18:44:52.0125 2892 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:44:52.0156 2892 ShellHWDetection - ok
18:44:52.0187 2892 Simbad - ok
18:44:52.0265 2892 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\WINDOWS\system32\DRIVERS\Soluto.sys
18:44:52.0281 2892 Soluto - ok
18:44:52.0437 2892 SolutoService (a642a3a95c421a1ffded2e906f2a9856) C:\Program Files\Soluto\SolutoService.exe
18:44:52.0468 2892 SolutoService - ok
18:44:52.0484 2892 Sparrow - ok
18:44:52.0546 2892 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:44:52.0671 2892 splitter - ok
18:44:52.0750 2892 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:44:52.0812 2892 Spooler - ok
18:44:52.0890 2892 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:44:53.0015 2892 sr - ok
18:44:53.0093 2892 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:44:53.0234 2892 srservice - ok
18:44:53.0312 2892 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:44:53.0437 2892 Srv - ok
18:44:53.0515 2892 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:44:53.0656 2892 SSDPSRV - ok
18:44:53.0734 2892 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:44:53.0937 2892 stisvc - ok
18:44:54.0000 2892 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:44:54.0125 2892 swenum - ok
18:44:54.0171 2892 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:44:54.0296 2892 swmidi - ok
18:44:54.0312 2892 SwPrv - ok
18:44:54.0359 2892 symc810 - ok
18:44:54.0390 2892 symc8xx - ok
18:44:54.0421 2892 sym_hi - ok
18:44:54.0437 2892 sym_u3 - ok
18:44:54.0515 2892 SynTP (1dbc86da355b5db35174f862c110fd09) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:44:54.0546 2892 SynTP - ok
18:44:54.0625 2892 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:44:54.0750 2892 sysaudio - ok
18:44:54.0828 2892 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:44:54.0968 2892 SysmonLog - ok
18:44:55.0031 2892 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:44:55.0203 2892 TapiSrv - ok
18:44:55.0265 2892 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:44:55.0343 2892 Tcpip - ok
18:44:55.0390 2892 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:44:55.0515 2892 TDPIPE - ok
18:44:55.0562 2892 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:44:55.0687 2892 TDTCP - ok
18:44:55.0718 2892 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:44:55.0859 2892 TermDD - ok
18:44:55.0921 2892 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:44:56.0062 2892 TermService - ok
18:44:56.0109 2892 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:44:56.0140 2892 Themes - ok
18:44:56.0203 2892 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\WINDOWS\system32\drivers\tifm21.sys
18:44:56.0281 2892 tifm21 - ok
18:44:56.0296 2892 TosIde - ok
18:44:56.0375 2892 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:44:56.0515 2892 TrkWks - ok
18:44:56.0562 2892 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:44:56.0718 2892 Udfs - ok
18:44:56.0734 2892 ultra - ok
18:44:56.0828 2892 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:44:57.0015 2892 Update - ok
18:44:57.0062 2892 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:44:57.0218 2892 upnphost - ok
18:44:57.0265 2892 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:44:57.0390 2892 UPS - ok
18:44:57.0453 2892 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:44:57.0468 2892 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
18:44:57.0468 2892 USBAAPL - detected UnsignedFile.Multi.Generic (1)
18:44:57.0546 2892 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:44:57.0687 2892 usbehci - ok
18:44:57.0750 2892 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:44:57.0875 2892 usbhub - ok
18:44:57.0921 2892 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:44:58.0031 2892 usbohci - ok
18:44:58.0078 2892 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:44:58.0218 2892 usbscan - ok
18:44:58.0250 2892 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:44:58.0390 2892 USBSTOR - ok
18:44:58.0421 2892 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:44:58.0562 2892 VgaSave - ok
18:44:58.0578 2892 ViaIde - ok
18:44:58.0625 2892 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:44:58.0750 2892 VolSnap - ok
18:44:58.0828 2892 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:44:58.0968 2892 VSS - ok
18:44:59.0031 2892 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:44:59.0156 2892 W32Time - ok
18:44:59.0218 2892 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:44:59.0343 2892 Wanarp - ok
18:44:59.0421 2892 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:44:59.0453 2892 Wdf01000 - ok
18:44:59.0484 2892 WDICA - ok
18:44:59.0531 2892 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:44:59.0640 2892 wdmaud - ok
18:44:59.0718 2892 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:44:59.0859 2892 WebClient - ok
18:44:59.0953 2892 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:45:00.0015 2892 winachsf - ok
18:45:00.0187 2892 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
18:45:00.0203 2892 WinDefend - ok
18:45:00.0359 2892 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:45:00.0484 2892 winmgmt - ok
18:45:00.0562 2892 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:45:00.0625 2892 WmdmPmSN - ok
18:45:00.0687 2892 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:45:00.0890 2892 WmiAcpi - ok
18:45:00.0968 2892 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:45:01.0078 2892 WmiApSrv - ok
18:45:01.0250 2892 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:45:01.0390 2892 WMPNetworkSvc - ok
18:45:01.0531 2892 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:45:01.0734 2892 WS2IFSL - ok
18:45:01.0781 2892 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:45:01.0921 2892 wscsvc - ok
18:45:01.0953 2892 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:45:02.0093 2892 wuauserv - ok
18:45:02.0140 2892 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:45:02.0171 2892 WudfPf - ok
18:45:02.0203 2892 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:45:02.0218 2892 WudfRd - ok
18:45:02.0265 2892 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:45:02.0296 2892 WudfSvc - ok
18:45:02.0375 2892 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:45:02.0546 2892 WZCSVC - ok
18:45:02.0687 2892 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:45:02.0812 2892 xmlprov - ok
18:45:02.0859 2892 xpsec - ok
18:45:02.0906 2892 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:45:03.0359 2892 \Device\Harddisk0\DR0 - ok
18:45:03.0375 2892 Boot (0x1200) (5789d396748d649541eb31307636995c) \Device\Harddisk0\DR0\Partition0
18:45:03.0375 2892 \Device\Harddisk0\DR0\Partition0 - ok
18:45:03.0375 2892 ============================================================
18:45:03.0375 2892 Scan finished
18:45:03.0375 2892 ============================================================
18:45:03.0515 3160 Detected object count: 4
18:45:03.0515 3160 Actual detected object count: 4
18:45:22.0140 3160 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
18:45:22.0140 3160 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:45:22.0140 3160 hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user
18:45:22.0140 3160 hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:45:22.0140 3160 MxlW2k ( UnsignedFile.Multi.Generic ) - skipped by user
18:45:22.0140 3160 MxlW2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:45:22.0140 3160 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
18:45:22.0140 3160 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:24.0968 0896 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 19:36:07
-----------------------------
19:36:07.765 OS Version: Windows 5.1.2600 Service Pack 3
19:36:07.765 Number of processors: 1 586 0x2F02
19:36:07.765 ComputerName: ROB-18087AE0E32 UserName: Rob
19:36:17.640 Initialize success
19:36:21.171 AVAST engine defs: 12041502
19:36:54.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:36:54.375 Disk 0 Vendor: ST9100822A 3.02 Size: 95396MB BusType: 3
19:36:54.453 Disk 0 MBR read successfully
19:36:54.468 Disk 0 MBR scan
19:36:54.468 Disk 0 Windows XP default MBR code
19:36:54.484 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 95385 MB offset 63
19:36:54.531 Disk 0 scanning sectors +195350400
19:36:54.718 Disk 0 scanning C:\WINDOWS\system32\drivers
19:37:22.046 Service scanning
19:37:42.031 Modules scanning
19:37:51.187 AVAST engine scan C:\WINDOWS
19:38:14.125 AVAST engine scan C:\WINDOWS\system32
19:41:03.406 AVAST engine scan C:\WINDOWS\system32\drivers
19:41:20.906 AVAST engine scan C:\Documents and Settings\Rob
19:45:51.812 AVAST engine scan C:\Documents and Settings\All Users
19:47:32.984 Scan finished successfully
19:48:25.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rob\Desktop\MBR.dat"
19:48:25.812 The log file has been saved successfully to "C:\Documents and Settings\Rob\Desktop\aswMBR.txt"

OTL logfile created on: 4/15/2012 8:12:40 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 430.30 Mb Available Physical Memory | 42.08% Memory free
2.40 Gb Paging File | 1.96 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 67.35 Gb Free Space | 72.31% Space Free | Partition Type: NTFS

Computer Name: ROB-18087AE0E32 | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/14 18:15:25 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
PRC - [2012/03/06 17:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/08/13 16:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\TrainingCenter\gStart.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/03/04 03:36:46 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
PRC - [2005/03/04 03:36:46 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
PRC - [2005/02/02 06:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 13:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/15 14:52:39 | 001,756,160 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12041502\algo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/06 17:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto) [Auto | Stopped] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2007/01/12 09:51:30 | 000,508,848 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\system32\LMabcoms.exe -- (lmab_device)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Rob\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/03/06 17:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 17:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 17:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 17:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 17:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 17:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 16:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/07 08:34:08 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2009/03/03 22:22:55 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2006/07/06 13:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/03 20:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/22 15:39:44 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/03/22 15:39:42 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/03/22 15:39:40 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/15 10:14:52 | 000,346,496 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/03/15 10:14:52 | 000,037,760 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/10 03:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/11 16:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/28 04:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {A914433C-940D-4306-B1EC-C900AC2C3860}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{A914433C-940D-4306-B1EC-C900AC2C3860}: "URL" = http://www.google.ca...1I7ADBF_enCA229
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/31 09:55:19 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Gmail = C:\Documents and Settings\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/15 18:12:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [gStart] C:\Garmin\TrainingCenter\gStart.exe (GARMIN Corp.)
O4 - Startup: C:\Documents and Settings\Rob\Start Menu\Programs\Startup\Jacquie Lawson London Advent Calendar.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1321309714031 (MUCatalogWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47CC1509-D42A-4330-A269-4F6F69FB7A9E}: DhcpNameServer = 192.168.1.254 75.153.176.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/06 12:08:21 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: SolutoService - C:\Program Files\Soluto\SolutoService.exe (Soluto)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SolutoService - C:\Program Files\Soluto\SolutoService.exe (Soluto)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/15 20:08:43 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/15 20:08:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/15 20:08:42 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/15 20:08:42 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/15 20:05:31 | 000,909,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Rob\Desktop\JavaSetup6u31.exe
[2012/04/15 19:49:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/15 19:13:59 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe
[2012/04/15 18:35:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/15 18:32:07 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rob\Desktop\tdsskiller.exe
[2012/04/15 17:48:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/15 17:45:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/15 17:45:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/15 17:45:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/15 17:45:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/15 17:45:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/04/15 17:45:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/15 17:43:02 | 004,463,836 | R--- | C] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
[2012/04/15 16:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2012/04/14 19:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\My Documents\Virus Logs
[2012/04/14 18:15:10 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
[2012/04/14 13:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\Malwarebytes
[2012/04/14 13:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/14 13:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/14 13:50:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/14 13:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/15 20:08:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/04/15 20:08:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/04/15 20:08:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/04/15 20:08:20 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/15 20:08:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/15 20:08:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 20:05:35 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Rob\Desktop\JavaSetup6u31.exe
[2012/04/15 19:48:25 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\MBR.dat
[2012/04/15 19:36:41 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/15 19:35:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/15 19:34:30 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/04/15 19:33:14 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/15 19:32:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/15 19:32:54 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/15 19:14:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe
[2012/04/15 18:32:07 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Rob\Desktop\tdsskiller.exe
[2012/04/15 18:12:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/15 17:48:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/15 17:43:12 | 004,463,836 | R--- | M] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
[2012/04/15 17:24:03 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B3D1086B-FF70-4450-83F2-D93055DEC513}.job
[2012/04/15 12:58:18 | 000,436,314 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/15 12:58:18 | 000,069,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/14 18:15:25 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
[2012/04/14 17:14:18 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/04/14 13:50:23 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/14 12:12:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/04/14 11:38:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/13 16:22:28 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/15 19:48:25 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\MBR.dat
[2012/04/15 17:48:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/15 17:48:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/15 17:45:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/15 17:45:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/15 17:45:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/15 17:45:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/15 17:45:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/14 13:50:23 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/13 15:57:05 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/15 20:49:48 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/15 18:33:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/06/24 13:23:53 | 000,188,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/24 13:18:16 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST9100822A
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 93.00GB
Starting Offset: 32256
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/01/22 11:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Adobe
[2007/11/29 23:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\AdobeUM
[2010/11/18 13:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Apple Computer
[2010/11/16 22:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\DivX
[2012/02/09 20:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\GARMIN
[2007/06/28 20:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Google
[2012/04/15 16:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\HpUpdate
[2007/06/06 11:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Identities
[2008/01/09 20:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\InterVideo
[2011/12/08 23:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\JLAdventCalendarLondon2011
[2007/08/27 16:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Leadertech
[2007/06/07 21:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Macromedia
[2012/04/14 13:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Malwarebytes
[2012/01/22 11:14:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Rob\Application Data\Microsoft
[2010/11/16 22:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\MSNInstaller
[2008/10/18 20:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\muvee Technologies
[2007/06/07 22:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\OfficeUpdate12
[2011/12/04 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Real
[2009/11/19 16:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\SmartDraw
[2008/11/09 13:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Sonic
[2007/11/11 14:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Sun
[2009/10/09 09:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\U3

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/23 21:46:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/23 21:46:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/13 18:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 18:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004/08/04 06:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/12 01:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/12 01:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/12 01:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/12 01:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 06:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 06:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 06:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/12 01:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/12 01:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/12 01:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/12 01:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 06:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 06:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 06:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< >

< End of report >

OTL Extras logfile created on: 4/15/2012 8:12:40 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 430.30 Mb Available Physical Memory | 42.08% Memory free
2.40 Gb Paging File | 1.96 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 67.35 Gb Free Space | 72.31% Space Free | Partition Type: NTFS

Computer Name: ROB-18087AE0E32 | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Disabled:Steam -- (Valve Corporation)
"C:\WINDOWS\system32\LMabcoms.exe" = C:\WINDOWS\system32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP -- ( )
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Soluto\Soluto.exe" = C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray -- (Soluto)
"C:\Program Files\Soluto\SolutoService.exe" = C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service -- (Soluto)
"C:\Program Files\Soluto\SolutoConsole.exe" = C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console -- (Soluto)
"C:\Program Files\Soluto\SolutoUpdateService.exe" = C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service -- (Soluto)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E22217-0E96-4C3F-B831-83AA942B7715}" = UserGuides
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{10B3936F-0E93-4431-8E7B-3FEA5DAC88C3}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A09274B-98DE-CB96-1EE9-2436A0D37480}" = CCC Help English
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3374B4A6-5595-4667-882D-755ABE093806}" = Lyra Applications
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A3
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{46697B13-FCD5-7BC4-78C4-49FE0D60A00B}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF433B6-BEC9-4AD5-86D5-06EB5C62E792}" = Northern Alberta Institute of Technology
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{56192D4B-DB85-7029-6E77-E1505FBD5173}" = Catalyst Control Center Core Implementation
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACA9227-30FC-0DFE-B74F-C106F36A50B6}" = Catalyst Control Center Graphics Previews Common
"{5B48A8D9-D1AD-4424-BD4D-E462737099DF}" = SportTracks 3.0
"{5DF72004-F4A7-6AA2-0552-F7737199491E}" = ccc-core-static
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74379B6F-C173-F80E-5E3E-6A5F3E523DEC}" = Catalyst Control Center Graphics Full Existing
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{987F2E66-35EC-D7CC-02E0-6F7094D35B71}" = ccc-core-preinstall
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C16084-032F-4A6D-B19A-2E700421F9FB}" = Microsoft WorldWide Telescope
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B330C431-CDF4-E40D-A9E9-FF275A47AB7E}" = Catalyst Control Center Graphics Full New
"{B9C22F96-61F6-4ADA-808A-4A1AE835E75F}" = TIPCI
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B3
"{D29E46AC-B703-5A56-A795-12FB8E6C5DFC}" = Skins
"{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5
"{E3EC0A0D-3FA5-9175-F81C-BDD77FC1A087}" = ccc-utility
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{EF45B43B-D526-49F7-A2CD-4050A939AA1E}" = Lyra Digital Audio Player
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F6DC2328-1FA4-4F7A-954C-C733363266EE}" = Soluto
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"123di Version 5.0 5.0" = 123di Version 5.0
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = Data Fax SoftModem with SmartCP
"Compaq Presario r4000 User Guides" = Compaq Presario r4000 User Guides
"Conexant PCI Audio" = Conexant AC-Link Audio
"DivX Setup.divx.com" = DivX Setup
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Pavillion zv6000 User Guides" = HP Pavillion zv6000 User Guides
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{B9C22F96-61F6-4ADA-808A-4A1AE835E75F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6
"Lexmark_HostCD" = Lexmark Software Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/5/2008 10:47:17 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

Error - 4/6/2008 5:37:31 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

Error - 4/6/2008 8:54:37 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

Error - 4/6/2008 9:46:25 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

Error - 4/8/2008 8:57:33 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

Error - 11/9/2008 2:51:19 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

Error - 11/7/2009 2:21:23 PM | Computer Name = ROB-18087AE0E32 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 4/14/2012 11:54:30 PM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1379781

Error - 4/14/2012 11:54:46 PM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/14/2012 11:54:46 PM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1395531

Error - 4/14/2012 11:54:46 PM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1395531

Error - 4/14/2012 11:55:01 PM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/14/2012 11:55:01 PM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1411156

Error - 4/14/2012 11:55:01 PM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1411156

Error - 4/14/2012 11:55:17 PM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/14/2012 11:55:17 PM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1426906

Error - 4/14/2012 11:55:17 PM | Computer Name = ROB-18087AE0E32 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1426906

[ System Events ]
Error - 4/15/2012 10:01:14 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/15/2012 10:01:14 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/15/2012 10:01:14 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/15/2012 10:01:14 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/15/2012 10:01:15 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/15/2012 10:01:15 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/15/2012 10:01:15 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/15/2012 10:01:15 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/15/2012 10:01:15 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/15/2012 10:01:15 PM | Computer Name = ROB-18087AE0E32 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

< End of report >

#4
RKinner

Posted 15 April 2012 - 09:34 PM

Malware Expert

Expert
24,625 posts

You missed one old java:
J2SE Runtime Environment 5.0 Update 2

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\xpsec.sys

Driver::
xpsec

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron

#5
robnj

Posted 16 April 2012 - 03:06 PM

New Member

Topic Starter
Member
5 posts

OK, I uninstalled the last old Java file and ran the new Combofix scan. Log file attached. Thanks again.

Rob

Attached Files

ComboFix.txt 12.45KB 116 downloads

#6
RKinner

Posted 16 April 2012 - 06:31 PM

Malware Expert

Expert
24,625 posts

Looks good. Any sign of your infection left?

If not we can clean up:

We need to clean up System Restore.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chrome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/ tho the free version only blocks 200 ads a day - good reason to use Firefox or Chrome instead.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron

#7
robnj

Posted 17 April 2012 - 07:34 PM

New Member

Topic Starter
Member
5 posts

I cleaned System Restore with OTL, uninstalled or deleted all cleanup tools and logs and diabled Javascript in Adobe. I don't use any P2P and my wireless router runs with encryption already. My Avast Screensaver Scan alerted me that there was a threat, but it was in the C:\TDSKILLER_Quarantine\ folder so I assumed it was OK.
I ran an Avast Full Scan and it came back with a whole wack of files with <Error: Archive is Password Protected (42056)> and two files under C:\RECYCLERS\ with <Threat: Win32:MBRoot-J [Trj]>. Avast said to run a Boot-time scan to complete the disinfection and the result identified the same threats and indicated that they had been moved to the virus chest. The files were:
C:\RECYCLERS\S-1-5-21-1708537768-1547161642-839522115-1004\Dc14\15.04.2012_18.33.04\mbr0000\mbr0000\tsk0000.dta and
C:\RECYCLERS\S-1-5-21-1708537768-1547161642-839522115-1004\Dc14\15.04.2012_18.33.04\mbr0000\mbr0000\tsk0001.dta
if this is of any help.
I ran another Boot-time scan just to be sure and it came back clean. I then ran an Avast Quick scan and got a bunch of files with te Archive is Password protected error again, but no virus threats. I ran another Boot-time scan which finished an hour ago and it came back with no virus found. So, I think I might be clean (?).
Assumimg I am, Thanks ever so much for your help and useful tips Ron. I don't envy you having to actually read all those log files. I got a headache just posting them.

#8
RKinner

Posted 17 April 2012 - 09:03 PM

Malware Expert

Expert
24,625 posts

The cleanup speech is just a generic thing I tack on at the end of a case. Just some advice that I think may help to keep them from coming back.

Sounds like you are clean now. I doubt the stuff in Recyclers was an active danger but it's good to remove them. Did it tell you where the archives were that were password protected?

#9
robnj

Posted 17 April 2012 - 10:34 PM

New Member

Topic Starter
Member
5 posts

Yes, they were in <C:\Docs & Settings\....\Temporary Internet Files\Content.IE5\FKCFUTV\Install_flashplayer11x32ax_gtbp_chord_aih[1].exe/....>.
I suspect they were just remanents hanging around from my install of the latest Adobe Flash Player. I did another Quick Scan earlier this evening and these did not appear so I'm hoping they have gone to cyber heaven.
Things are looking good now thanks to your expert help. Now I can use my fresh, clean laptop to check out Orcas Island on Google Earth. It sounds intriguing. Thanks again for all your help and to GeekstoGo for such a great resource.
Rob
PS - I forgot to thank you for the speed of your replies. I was expecting a couple of day turnarounds like you get with most commercial companies these days.

Edited by robnj, 17 April 2012 - 10:38 PM.

#10
RKinner

Posted 18 April 2012 - 01:42 AM

Malware Expert

Expert
24,625 posts

You could delete those files or even the FKCFUTV folder (if it will let you) but it doesn't appear to be malware so probably not worth worrying about.

Some pictures from Orcas Island:

https://picasaweb.go...590/OrcasIsland

https://picasaweb.go...767590/NewHouse