Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

DNS changed from automatic to manual - Malware?


  • Please log in to reply

#1
Home Bass

Home Bass

    Member

  • Member
  • PipPip
  • 45 posts
Greetings!
One day at the end of September, I suddenly was unable to get my email or access the internet. Using a different computer I managed to ask for help here in a different forum but before I got a reply to my post I discovered that my DNS settings had changed from automatic to manual with the IP addresses 216.58.97.64 and 216.58.97.12 inserted. When I changed the settings back to manual, internet and email access was restored.
I called my ISP to ask for their help. The tech support agent I spoke to there said I had been infected with the DNS hijacking malware. Apparently, governments had posted websites advising computer users about this malware and had posted helper tools on the internet for users to check whether their computers had been infected. Apparently, these helper tools were no longer useful after July of this year. I don't remember the name of the malware but I hope my description is sufficient for you to know what I'm referring to.
At any rate, I do have internet and email access, as I said, but I was unable to determine why my settings changed and whether I do (did) in fact have malware on my computer. I ran scans with both Malwarebytes antimalware and Avast antivirus software but neither of these indicated that there were any problems. Can you help me to ensure that my pc is not infected?
Thanks in advance for your help!
Carl

Here is my OTL.txt information:

some kOTL logfile created on: 10/9/2012 10:50:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\swsetup\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 509.48 Mb Available Physical Memory | 49.83% Memory free
2.40 Gb Paging File | 1.82 Gb Available in Paging File | 75.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.45 Gb Free Space | 22.07% Space Free | Partition Type: NTFS
Drive F: | 55.89 Gb Total Space | 3.14 Gb Free Space | 5.61% Space Free | Partition Type: NTFS

Computer Name: HOME-135978DFB9 | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/09 22:49:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\swsetup\OTL\OTL.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Carl\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/09/01 18:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/10/23 20:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 20:40:54 | 000,815,104 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2006/12/01 10:43:42 | 001,852,329 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2006/11/30 18:49:10 | 000,135,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/11/30 18:49:06 | 000,397,312 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/11/30 18:48:08 | 001,115,317 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2005/05/11 18:48:22 | 001,044,480 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcmntray.EXE
PRC - [2004/12/03 13:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/08/25 12:26:46 | 000,442,368 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe
PRC - [2002/08/12 10:00:40 | 001,568,768 | ---- | M] (Scansoft, Inc.) -- C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
PRC - [2000/02/08 23:19:48 | 000,036,864 | ---- | M] (Roland) -- C:\Program Files\Roland\VSC32\vscvol.exe
PRC - [2000/02/07 03:02:44 | 000,036,864 | ---- | M] (Roland) -- C:\Program Files\Roland\VSC32\Vsc32Cnf.exe
PRC - [1998/08/24 21:18:12 | 000,027,136 | ---- | M] (Intuit) -- C:\QUICKENW\QWDLLS.EXE


========== Modules (No Company Name) ==========

MOD - [2012/10/09 04:35:47 | 001,815,552 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12100900\algo.dll
MOD - [2012/06/15 08:25:53 | 000,163,840 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\OdfAddinLib\d92eda2fa9081ee12b4add90bc3ee7b7\OdfAddinLib.ni.dll
MOD - [2012/06/15 08:24:26 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/15 08:23:44 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 14:21:34 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/14 14:21:31 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/14 14:21:24 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/06/14 14:21:19 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/14 14:21:16 | 000,659,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2012/06/14 14:21:08 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/06/14 14:17:29 | 000,054,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\OdfWordAddin\a85279bbeb645ec31f49e7d703fcb962\OdfWordAddin.ni.dll
MOD - [2012/05/13 15:34:49 | 002,087,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WordprocessingConve#\fdc112ac37c369b6fa244d2d391a8187\WordprocessingConverter.ni.dll
MOD - [2012/05/13 15:34:45 | 000,044,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\stdole\ea2ce22237bca91e0110f67a9ebf545c\stdole.ni.dll
MOD - [2012/05/13 15:34:44 | 000,454,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\OdfConverterLib\8b932fd10e1396923143eb8020f50d2e\OdfConverterLib.ni.dll
MOD - [2012/05/11 21:29:06 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 21:23:58 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 21:23:15 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/03/12 16:33:47 | 000,180,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.dll
MOD - [2012/03/12 16:33:47 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll
MOD - [2012/03/12 16:33:39 | 000,416,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\office.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/22 22:12:20 | 000,016,832 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2010/05/10 20:12:55 | 000,662,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
MOD - [2010/04/30 20:39:47 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
MOD - [2010/02/15 13:12:02 | 000,056,320 | ---- | M] () -- C:\Program Files\Top Producer\Top Producer Outlook Connector 2.0\MapiWrapperNative.dll
MOD - [2009/10/23 20:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
MOD - [2006/11/30 18:47:56 | 000,045,056 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Common\rpc_client.dll
MOD - [2005/05/07 14:14:56 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\custmon2k.dll
MOD - [2002/08/12 09:21:28 | 000,006,144 | ---- | M] () -- C:\Program Files\Scansoft\PaperPort\BliceCtr.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2006/11/30 18:49:06 | 000,397,312 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/10 17:45:00 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\swsetup\PCWizard\pc-wizard_2010.1.961\pcwiz_x32.sys -- (cpuz134)
DRV - [2010/05/10 20:24:07 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/05/10 20:24:07 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/05/10 20:24:02 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2008/10/23 01:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/14 00:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/01/24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/03 20:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/12 00:13:00 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/01/12 00:12:12 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2004/12/15 15:18:30 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/11 16:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/04/14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/04/16 09:16:58 | 000,951,284 | ---- | M] (Roland) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vsc.sys -- (vsc32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...sario&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://barrie.fusionmls.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{7D19B6E2-D977-4AA4-8823-A89D37FFE5F3}: "URL" = http://websearch.ask...0D-BB4C6DEEA136
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:1.03
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/09/05 19:10:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/24 20:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/24 20:37:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Extensions
[2012/01/24 20:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\12cgt0l3.default\extensions
[2012/01/24 20:46:35 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\12cgt0l3.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/01/24 20:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\Vsc32Cnf.exe (Roland)
O4 - HKLM..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe (Roland)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [QAGENT] C:\QUICKENW\qagent.exe ()
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe (Scansoft, Inc.)
O4 - Startup: C:\Documents and Settings\Carl\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Carl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: mlxchange.com ([barrie] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1272674739890 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://barrie.mlxcha...ol/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} http://barrie.mlxcha...trol/WebDog.cab (Cerebus Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38282288-114D-4897-ABDC-178A55AE9C9B}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Amber Migration.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Amber Migration.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/30 14:36:48 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/09 19:22:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/10/06 09:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\My Documents\My Kindle Content
[2012/10/06 09:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Start Menu\Programs\Amazon
[2012/10/06 09:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\Amazon
[2012/10/06 09:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012/09/30 22:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[2012/09/13 21:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/13 21:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/09/10 09:16:28 | 000,649,864 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Carl\Desktop\autoruns.exe
[2012/09/10 09:16:28 | 000,567,944 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Carl\Desktop\autorunsc.exe
[2011/01/10 15:22:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Carl\Application Data\pcouffin.sys
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\Carl\My Documents\*.tmp files -> C:\Documents and Settings\Carl\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/09 22:52:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1177238915-839522115-1004UA.job
[2012/10/09 19:58:39 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Google Chrome.lnk
[2012/10/09 19:58:39 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/09 19:58:19 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/09 19:13:58 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D73A6A9A-E6EE-46BC-9EF9-0D1CECE340A1}.job
[2012/10/09 19:10:08 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/09 10:19:50 | 000,649,864 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Carl\Desktop\autoruns.exe
[2012/10/09 10:19:50 | 000,567,944 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Carl\Desktop\autorunsc.exe
[2012/10/09 10:19:50 | 000,049,648 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\autoruns.chm
[2012/10/08 09:07:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/08 09:05:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/08 09:05:31 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/06 09:52:14 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Kindle.lnk
[2012/10/04 18:01:20 | 000,002,652 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
[2012/10/04 10:14:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/02 21:52:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1177238915-839522115-1004Core.job
[2012/09/30 22:11:41 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/09/26 15:19:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/26 14:08:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/13 21:59:13 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/09/12 03:04:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\Carl\My Documents\*.tmp files -> C:\Documents and Settings\Carl\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/06 09:52:14 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\Kindle.lnk
[2012/09/30 22:11:41 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/05/30 12:59:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2012/05/30 12:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2012/05/30 12:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2012/05/22 14:28:47 | 000,194,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/04 13:59:10 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Carl\g2mdlhlpx.exe
[2012/02/15 11:15:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/07 22:44:10 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/12/07 22:44:10 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/08/16 14:14:25 | 000,076,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/24 17:41:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2011/04/24 17:41:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/04/24 17:41:49 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/04/24 17:41:48 | 001,212,416 | ---- | C] () -- C:\WINDOWS\System32\bcmwcfg.dll
[2011/04/24 17:41:48 | 000,950,272 | ---- | C] () -- C:\WINDOWS\System32\bcmacfg.dll
[2011/04/24 17:41:48 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\bcmctrls.dll
[2011/03/04 18:06:24 | 000,038,486 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\Comma Separated Values (DOS).ADR
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2011/01/10 15:35:07 | 000,611,840 | ---- | C] () -- C:\WINDOWS\System32\DVD43.dll
[2011/01/10 15:22:40 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\inst.exe
[2011/01/10 15:22:40 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\pcouffin.cat
[2011/01/10 15:22:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\pcouffin.inf
[2010/12/19 16:30:40 | 000,000,155 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2010/05/17 10:53:53 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\fusioncache.dat
[2010/05/09 12:40:59 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/04/30 14:31:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/06/29 17:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1click dvd copy
[2010/05/10 13:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/04/30 23:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/07/25 14:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/10/05 12:38:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/06/23 14:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/04/30 14:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/05/02 21:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySpell
[2011/12/19 10:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/03 17:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/12/06 08:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/02/12 12:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/10/06 14:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Canon
[2012/10/08 09:09:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Dropbox
[2011/08/01 22:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\ElevatedDiagnostics
[2012/08/16 14:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\foobar2000
[2011/01/10 15:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\GetRightToGo
[2010/06/04 20:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\InterVideo
[2011/01/04 15:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Leadertech
[2012/08/06 21:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\PDFill
[2010/05/03 17:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\PPIMAGES
[2011/03/28 20:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\PriceGong
[2011/12/19 10:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Research In Motion
[2012/09/30 22:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\TeamViewer
[2012/06/03 12:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\uTorrent
[2011/01/10 15:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Vso
[2011/06/09 14:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\webex

========== Purity Check ==========



< End of report >


And the Extras.txt info as well in case you need it:

OTL Extras logfile created on: 10/9/2012 10:50:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\swsetup\OTL
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 509.48 Mb Available Physical Memory | 49.83% Memory free
2.40 Gb Paging File | 1.82 Gb Available in Paging File | 75.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.45 Gb Free Space | 22.07% Space Free | Partition Type: NTFS
Drive F: | 55.89 Gb Total Space | 3.14 Gb Free Space | 5.61% Space Free | Partition Type: NTFS

Computer Name: HOME-135978DFB9 | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Documents and Settings\Carl\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Carl\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B93B3A-283F-411B-A648-69CABCACC986}" = Canon MF Drivers
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C3FCE48-6984-11D5-90F8-00E029591716}" = Brother MFL Pro Suite
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.7.0.0.mf04
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{59D1195A-7E64-4120-BB37-F053D9FD45FB}" = ODF Add-in for Microsoft Office
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72A28FB5-718C-41EC-8956-7A4FEB850A73}" = Top Producer Outlook Connector 2.0
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9242140C-E909-45B4-8315-2A3CC0786FB0}" = PDFill PDF Editor 4.1 with Writer and Tools (Unicode)
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI1620/1520
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1914265-0D07-48E0-A937-F20A76D0032D}" = Acronis True Image Home
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.9.1.0
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Kindle" = Amazon Kindle
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BB_is1" = Band-in-a-Box Font Update
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Broadcom 802.11 Application" = Broadcom Wireless Utility
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = Data Fax SoftModem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"DesignerTool" = DesignerTool
"DVD43 Plug-in_is1" = DVD43 Plug-in v1.0.0.5
"DVD43_is1" = DVD43 v4.6.0
"DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.5
"FinePrint" = FinePrint
"foobar2000" = foobar2000 v1.1.13
"ie8" = Windows Internet Explorer 8
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSPUB4" = Microsoft Publisher 97
"PDFill PDF Writer" = PDFill PDF Writer
"Quicken Deluxe 99" = Quicken Deluxe 99
"Security Task Manager" = Security Task Manager 1.8d
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"Top Producer Editor_is1" = Top Producer Editor
"uTorrent" = µTorrent
"VSC32" = Virtual Sound Canvas 3.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/26/2012 8:35:59 PM | Computer Name = HOME-135978DFB9 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/26/2012 8:35:59 PM | Computer Name = HOME-135978DFB9 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/28/2012 9:47:32 PM | Computer Name = HOME-135978DFB9 | Source = Application Error | ID = 1000
Description = Faulting application dropbox.exe, version 1.4.7.0, faulting module
unknown, version 0.0.0.0, fault address 0x1e0bfda3.

Error - 9/28/2012 9:47:33 PM | Computer Name = HOME-135978DFB9 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jscript.dll, version 5.8.6001.23141, fault address 0x00029cb3.

Error - 9/29/2012 7:00:43 PM | Computer Name = HOME-135978DFB9 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/29/2012 7:00:43 PM | Computer Name = HOME-135978DFB9 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2250

Error - 9/29/2012 7:00:43 PM | Computer Name = HOME-135978DFB9 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2250

Error - 9/30/2012 6:58:17 PM | Computer Name = HOME-135978DFB9 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/30/2012 6:58:17 PM | Computer Name = HOME-135978DFB9 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2141

Error - 9/30/2012 6:58:17 PM | Computer Name = HOME-135978DFB9 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2141

[ System Events ]
Error - 9/29/2012 8:40:50 PM | Computer Name = HOME-135978DFB9 | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 10/1/2012 6:09:18 AM | Computer Name = HOME-135978DFB9 | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{38282288-114D-4897-ABDC-178A55AE9C9B}
because another computer on the network has the same name. The server could not
start.

Error - 10/3/2012 5:20:18 AM | Computer Name = HOME-135978DFB9 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.217 for the Network Card with network
address 00904BEA1133 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/4/2012 3:12:57 PM | Computer Name = HOME-135978DFB9 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00904BEA1133 has been denied by the DHCP server 192.168.88.239 (The DHCP
Server sent a DHCPNACK message).

Error - 10/5/2012 10:36:18 AM | Computer Name = HOME-135978DFB9 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.188 for the Network Card with network
address 00904BEA1133 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/5/2012 11:42:29 AM | Computer Name = HOME-135978DFB9 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service hpqwmi with
arguments "-Service" in order to run the server: {7DC5B2D7-CACC-47F2-836E-4DF85F026072}

Error - 10/5/2012 11:42:34 AM | Computer Name = HOME-135978DFB9 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HP WMI Interface service
to connect.

Error - 10/5/2012 11:42:34 AM | Computer Name = HOME-135978DFB9 | Source = Service Control Manager | ID = 7000
Description = The HP WMI Interface service failed to start due to the following
error: %%1053

Error - 10/9/2012 9:55:22 AM | Computer Name = HOME-135978DFB9 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.101 on
the Network Card with network address 00904BEA1133.

Error - 10/9/2012 7:08:41 PM | Computer Name = HOME-135978DFB9 | Source = Service Control Manager | ID = 7034
Description = The Windows Image Acquisition (WIA) service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
I don't think your ISP knows what they are talking about.

216.58.97.64 is not on the list of bad DNS servers that were replaced by the FBI and then turned off (and that was on July 9, 2012 so you probably would have noticed earlier tho some ISP's like Comcast actually replaced the DNS servers for their clients). See:

http://www.fbi.gov/n...ger-malware.pdf

216.58.97.64 shows as otthost.avalonworks.net and is not on any blacklists.

Details:

OrgName: DISTRIBUTEL COMMUNICATIONS LTD.
OrgId: DISTRI-47
Address: 177 Nepean St
Address: Suite 300
City: Ottawa
StateProv: ON
PostalCode: K2P 0B4
Country: CA
RegDate: 2001-06-06
Updated: 2011-12-15
Comment: http://www.distributel.ca

See:

http://whois.domaint...om/216.58.97.64

I just checked with my computer and the DNS is working correctly now so they may have had a server failure:

nslookup
Default Server: google-public-dns-a.google.com
Address: 8.8.8.8

> server 216.58.97.64
Default Server: otthost.avalonworks.net
Address: 216.58.97.64

> att.com
Server: otthost.avalonworks.net
Address: 216.58.97.64

Non-authoritative answer:
Name: att.com
Addresses: 2001:1890:1c00:3113::f:3005
2001:1890:1c00:5112::f:1008
144.160.155.43
144.160.36.42


Don't know why you PC was set to look at them tho. There is no sign of malware in your logs tho you do have out of date Java:

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 26

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Special note on Java. Currently there is an exploit out that works on all Java Version 7 software so we are recommending that if you do not visit websites that absolutely require Java that you turn it off in your browser per the instructions in http://www.geekstogo...ur-web-browser/
If you use websites that require Java and you trust them then we recommend that you use either Firefox with the NoScript add-on or Chrome with the ScriptNo add-on and avoid IE. NoScript/ScriptNo will turn off Java and Javascript on all websites you visit except for those that you specifically approve. More info on the exploit is here: http://krebsonsecuri...y-java-exploit/
A new Java 7 Version 7 was released on an emergency basis to fix the exploit but apparently still has major security flaws.

You can also uninstall:

Adobe Reader 9.4.0 - Obsolete. Go to adobe.com and get the latest version of Reader. Make sure you uncheck the foistware like Yahoo or Ask Toolbar or McAfee Security Scan before downloading.

Skype Toolbars - These just cause any 10 digit number on a website to look like a telephone number which you can call with Skype. I find them very annoying.

Yahoo! Detect

I do see a little adware so let's:


Download the adwCleaner

  • Run the Tool
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.




Also your Avast appears to be out of date or at least based on an older install. I would download the latest version of the free Avast

http://www.avast.com...ivirus-download

Save it and then uninstall the older version, reboot and install the new.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Text version of the report is at: C:\ProgramData\Avast Software\Avast\report\aswboot.txt

If you feel you need a firewall then the free Online Armor http://www.online-ar...-armor-free.php can be used with Avast.

Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free.

Since you are worried we can run a series of scans but I doubt we will find anything:



Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Right click on (My) Computer and select Manage, then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.


Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

You can also try an ESET online scan.


Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).


Ron
  • 0

#3
Home Bass

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Ron,
Thanks for your quick response and comprehensive instructions. I very much appreciate it.
First, I agree. My ISP's tech support person didn't know what she was talking about.
Now, here are the results of following your instructions...

I removed old version and updated Java and turned it off in my browsers.
Upgraded Acrobat Reader.
Eliminated Skype toolbars.
Could not find Yahoo! Detect.

Ran adwCleaner. Here's the log:

# AdwCleaner v2.004 - Logfile created 10/11/2012 at 13:04:37
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Carl - HOME-135978DFB9
# Boot Mode : Normal
# Running from : C:\swsetup\AdWare Cleaner\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\DOCUME~1\Carl\LOCALS~1\Temp\Zynga
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\Carl\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Carl\Local Settings\Application Data\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\12cgt0l3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.92

File : C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2285 octets] - [11/10/2012 13:04:37]

########## EOF - C:\AdwCleaner[S1].txt - [2345 octets] ##########


Updated Avast and ran boot time scan. Here's the log:

10/11/2012 13:54
Scan of all local drives

File C:\1754 rabinowitz\swsetup\MusicMatch Jukebox\mmsetup_10002058b_CNET.exe|>TDM\TDMInstall.exe|>Wise0010.bin Error 42145 {Installer archive is corrupted.}
File C:\swsetup\FinePrint\file4.RB0|>svl-fpuk.exe is infected by Win32:Malware-gen, Moved to chest
File C:\swsetup\FinePrint\file4.zip|>svl-fpuk.exe is infected by Win32:Malware-gen, Moved to chest
File C:\swsetup\FinePrint\svl-fpuk.exe is infected by Win32:Malware-gen, Moved to chest
File C:\swsetup\KB934428\WindowsXP-KB934428-v3-x86-ENU.exe|>_sfx_0001._p Error 42127 {CAB archive is corrupted.}
File C:\System Volume Information\_restore{3296356D-0865-45F9-B18C-2496BB0CD7E0}\RP656\A0131949.exe is infected by Win32:Malware-gen, Moved to chest
File C:\WINDOWS\SoftwareDistribution\Download\b8bbc23bc34bb0dbd64afcad0544484e\BIT17.tmp|>hpc3530c.cab|>HPCHL093.CAB|>hpccs093.chm Error 42127 {CAB archive is corrupted.}
File C:\WINDOWS\SoftwareDistribution\Download\b8bbc23bc34bb0dbd64afcad0544484e\BIT17.tmp|>hpc3530c.cab|>HPCHL093.CAB Error 42127 {CAB archive is corrupted.}
File C:\WINDOWS\SoftwareDistribution\Download\b8bbc23bc34bb0dbd64afcad0544484e\BIT17.tmp|>hpc3530c.cab Error 42127 {CAB archive is corrupted.}
Number of searched folders: 9974
Number of tested files: 887396
Number of infected files: 4


Installed Online Armor firewall (after disabling Windows Firewall)

Downloaded and ran aswMBR. I followed your instructions exactly but it would not permit me to save the log. I received a message saying the Desktop was inaccessible. I pressed the Save Log button, but the log would not save no matter where I tried to put it.

ComboFix would not run. I suspect that the problem was that Online Armor was enabled at first.

The TDSSkiller log is here:

20:11:29.0203 3900 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:11:29.0593 3900 ============================================================
20:11:29.0593 3900 Current date / time: 2012/10/11 20:11:29.0593
20:11:29.0593 3900 SystemInfo:
20:11:29.0593 3900
20:11:29.0593 3900 OS Version: 5.1.2600 ServicePack: 3.0
20:11:29.0593 3900 Product type: Workstation
20:11:29.0593 3900 ComputerName: HOME-135978DFB9
20:11:29.0593 3900 UserName: Carl
20:11:29.0593 3900 Windows directory: C:\WINDOWS
20:11:29.0593 3900 System windows directory: C:\WINDOWS
20:11:29.0593 3900 Processor architecture: Intel x86
20:11:29.0593 3900 Number of processors: 1
20:11:29.0593 3900 Page size: 0x1000
20:11:29.0593 3900 Boot type: Normal boot
20:11:29.0593 3900 ============================================================
20:11:31.0281 3900 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:11:31.0281 3900 Drive \Device\Harddisk1\DR2 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:11:31.0281 3900 ============================================================
20:11:31.0281 3900 \Device\Harddisk0\DR0:
20:11:31.0281 3900 MBR partitions:
20:11:31.0281 3900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
20:11:31.0281 3900 \Device\Harddisk1\DR2:
20:11:31.0281 3900 MBR partitions:
20:11:31.0281 3900 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
20:11:31.0281 3900 ============================================================
20:11:31.0328 3900 C: <-> \Device\Harddisk0\DR0\Partition1
20:11:31.0718 3900 F: <-> \Device\Harddisk1\DR2\Partition1
20:11:31.0718 3900 ============================================================
20:11:31.0718 3900 Initialize success
20:11:31.0718 3900 ============================================================
20:11:50.0640 3332 ============================================================
20:11:50.0640 3332 Scan started
20:11:50.0640 3332 Mode: Manual;
20:11:50.0640 3332 ============================================================
20:11:51.0437 3332 ================ Scan system memory ========================
20:11:51.0453 3332 System memory - ok
20:11:51.0468 3332 ================ Scan services =============================
20:11:51.0687 3332 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:11:51.0687 3332 Aavmker4 - ok
20:11:51.0703 3332 Abiosdsk - ok
20:11:51.0718 3332 abp480n5 - ok
20:11:51.0796 3332 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:11:51.0796 3332 ACPI - ok
20:11:51.0828 3332 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:11:51.0828 3332 ACPIEC - ok
20:11:51.0937 3332 [ 09951DD226E17A62FED1178404846D02 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
20:11:51.0937 3332 AcrSch2Svc - ok
20:11:51.0968 3332 adpu160m - ok
20:11:51.0984 3332 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:11:51.0984 3332 aec - ok
20:11:52.0046 3332 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:11:52.0046 3332 AegisP - ok
20:11:52.0109 3332 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:11:52.0125 3332 AFD - ok
20:11:52.0140 3332 Aha154x - ok
20:11:52.0156 3332 aic78u2 - ok
20:11:52.0187 3332 aic78xx - ok
20:11:52.0234 3332 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:11:52.0234 3332 Alerter - ok
20:11:52.0265 3332 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:11:52.0265 3332 ALG - ok
20:11:52.0281 3332 AliIde - ok
20:11:52.0343 3332 [ A2D5F093F9CB160C183C77015704F156 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:11:52.0343 3332 AmdK8 - ok
20:11:52.0359 3332 amsint - ok
20:11:52.0468 3332 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:11:52.0484 3332 Apple Mobile Device - ok
20:11:52.0500 3332 AppMgmt - ok
20:11:52.0546 3332 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:11:52.0546 3332 Arp1394 - ok
20:11:52.0562 3332 asc - ok
20:11:52.0578 3332 asc3350p - ok
20:11:52.0593 3332 asc3550 - ok
20:11:52.0750 3332 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:11:52.0765 3332 aspnet_state - ok
20:11:52.0828 3332 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:11:52.0828 3332 aswFsBlk - ok
20:11:52.0859 3332 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:11:52.0859 3332 aswMon2 - ok
20:11:52.0921 3332 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
20:11:52.0921 3332 AswRdr - ok
20:11:52.0984 3332 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:11:53.0031 3332 aswSnx - ok
20:11:53.0062 3332 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:11:53.0078 3332 aswSP - ok
20:11:53.0109 3332 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:11:53.0109 3332 aswTdi - ok
20:11:53.0125 3332 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:11:53.0125 3332 AsyncMac - ok
20:11:53.0156 3332 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:11:53.0156 3332 atapi - ok
20:11:53.0171 3332 Atdisk - ok
20:11:53.0234 3332 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:11:53.0250 3332 Ati HotKey Poller - ok
20:11:53.0343 3332 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:11:53.0484 3332 ati2mtag - ok
20:11:54.0343 3332 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:11:54.0343 3332 Atmarpc - ok
20:11:54.0390 3332 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:11:54.0390 3332 AudioSrv - ok
20:11:54.0437 3332 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:11:54.0437 3332 audstub - ok
20:11:54.0515 3332 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:11:54.0515 3332 avast! Antivirus - ok
20:11:54.0609 3332 [ 37F385A93C620CBE0F89C17E45F697A1 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:11:54.0656 3332 BCM43XX - ok
20:11:54.0703 3332 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:11:54.0703 3332 Beep - ok
20:11:54.0765 3332 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:11:54.0812 3332 BITS - ok
20:11:54.0890 3332 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:11:54.0921 3332 Bonjour Service - ok
20:11:54.0968 3332 [ 4BA311473E0D8557827E6F2FE33A8095 ] brfilt C:\WINDOWS\system32\Drivers\Brfilt.sys
20:11:54.0968 3332 brfilt - ok
20:11:55.0015 3332 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:11:55.0015 3332 Browser - ok
20:11:55.0046 3332 [ 8E06CD96E00472C03770A697D04031C0 ] BrSerWDM C:\WINDOWS\system32\Drivers\BrSerWdm.sys
20:11:55.0046 3332 BrSerWDM - ok
20:11:55.0078 3332 [ 37E2D0B12DDF536CD64AF6EB3B580EF8 ] BrUsbMdm C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
20:11:55.0078 3332 BrUsbMdm - ok
20:11:55.0125 3332 [ 1C5F014048E5B2748C1A8AD297C50B6F ] BrUsbScn C:\WINDOWS\system32\Drivers\BrUsbScn.sys
20:11:55.0125 3332 BrUsbScn - ok
20:11:55.0187 3332 [ 23913C28AC89875BBFA03BCCDC3A41E5 ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
20:11:55.0187 3332 CAMCAUD - ok
20:11:55.0218 3332 [ E6EDB12A44DAFCEF05DBDDF3ED652388 ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
20:11:55.0234 3332 CAMCHALA - ok
20:11:55.0281 3332 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:11:55.0281 3332 cbidf2k - ok
20:11:55.0296 3332 cd20xrnt - ok
20:11:55.0343 3332 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:11:55.0343 3332 Cdaudio - ok
20:11:55.0375 3332 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:11:55.0390 3332 Cdfs - ok
20:11:55.0437 3332 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:11:55.0453 3332 Cdrom - ok
20:11:55.0468 3332 Changer - ok
20:11:55.0515 3332 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:11:55.0515 3332 CiSvc - ok
20:11:55.0562 3332 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:11:55.0578 3332 ClipSrv - ok
20:11:55.0625 3332 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:11:55.0687 3332 clr_optimization_v2.0.50727_32 - ok
20:11:55.0718 3332 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:11:55.0718 3332 CmBatt - ok
20:11:55.0750 3332 CmdIde - ok
20:11:55.0765 3332 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:11:55.0765 3332 Compbatt - ok
20:11:55.0781 3332 COMSysApp - ok
20:11:55.0812 3332 Cpqarray - ok
20:11:55.0921 3332 [ 75FA19142531CBF490770C2988A7DB64 ] cpuz134 C:\swsetup\PCWizard\pc-wizard_2010.1.961\pcwiz_x32.sys
20:11:55.0921 3332 cpuz134 - ok
20:11:55.0968 3332 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:11:55.0984 3332 CryptSvc - ok
20:11:56.0000 3332 dac2w2k - ok
20:11:56.0015 3332 dac960nt - ok
20:11:56.0078 3332 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:11:56.0109 3332 DcomLaunch - ok
20:11:56.0171 3332 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:11:56.0171 3332 Dhcp - ok
20:11:56.0218 3332 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:11:56.0218 3332 Disk - ok
20:11:56.0234 3332 dmadmin - ok
20:11:56.0296 3332 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:11:56.0328 3332 dmboot - ok
20:11:56.0390 3332 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:11:56.0390 3332 dmio - ok
20:11:56.0453 3332 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:11:56.0453 3332 dmload - ok
20:11:56.0500 3332 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:11:56.0515 3332 dmserver - ok
20:11:56.0546 3332 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:11:56.0546 3332 DMusic - ok
20:11:56.0609 3332 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:11:56.0609 3332 Dnscache - ok
20:11:56.0656 3332 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:11:56.0671 3332 Dot3svc - ok
20:11:56.0687 3332 dpti2o - ok
20:11:56.0718 3332 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:11:56.0718 3332 drmkaud - ok
20:11:56.0781 3332 [ 1FC1EED3EA0C3A0ECF8A95B97E1B4831 ] dvd43llh C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
20:11:56.0781 3332 dvd43llh - ok
20:11:56.0828 3332 [ 81B7808D3B5892388F33273119C2DC31 ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
20:11:56.0828 3332 eabfiltr - ok
20:11:56.0859 3332 [ 1BA14DA377B66278335D4B9E8824CD42 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
20:11:56.0859 3332 eabusb - ok
20:11:56.0906 3332 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:11:56.0906 3332 EapHost - ok
20:11:56.0968 3332 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:11:56.0968 3332 ERSvc - ok
20:11:57.0015 3332 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:11:57.0046 3332 Eventlog - ok
20:11:57.0109 3332 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:11:57.0125 3332 EventSystem - ok
20:11:57.0171 3332 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:11:57.0187 3332 Fastfat - ok
20:11:57.0250 3332 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:11:57.0265 3332 FastUserSwitchingCompatibility - ok
20:11:57.0296 3332 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:11:57.0296 3332 Fdc - ok
20:11:57.0328 3332 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:11:57.0328 3332 Fips - ok
20:11:57.0375 3332 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:11:57.0375 3332 Flpydisk - ok
20:11:57.0437 3332 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:11:57.0437 3332 FltMgr - ok
20:11:57.0531 3332 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:11:57.0531 3332 FontCache3.0.0.0 - ok
20:11:57.0562 3332 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:11:57.0562 3332 Fs_Rec - ok
20:11:57.0578 3332 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:11:57.0593 3332 Ftdisk - ok
20:11:57.0609 3332 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:11:57.0625 3332 GEARAspiWDM - ok
20:11:57.0640 3332 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:11:57.0640 3332 Gpc - ok
20:11:57.0718 3332 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:11:57.0734 3332 gupdate - ok
20:11:57.0765 3332 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:11:57.0765 3332 gupdatem - ok
20:11:57.0843 3332 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:11:57.0843 3332 helpsvc - ok
20:11:57.0875 3332 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:11:57.0875 3332 HidServ - ok
20:11:57.0906 3332 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:11:57.0906 3332 hidusb - ok
20:11:57.0968 3332 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:11:57.0968 3332 hkmsvc - ok
20:11:58.0078 3332 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
20:11:58.0078 3332 HP Port Resolver - ok
20:11:58.0140 3332 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
20:11:58.0140 3332 HP Status Server - ok
20:11:58.0156 3332 hpn - ok
20:11:58.0234 3332 [ 61556FA814F907BCED618B64DA66212A ] hpqwmi C:\Program Files\HPQ\shared\hpqwmi.exe
20:11:58.0234 3332 hpqwmi - ok
20:11:58.0296 3332 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:11:58.0296 3332 HPZid412 - ok
20:11:58.0312 3332 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:11:58.0312 3332 HPZipr12 - ok
20:11:58.0375 3332 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:11:58.0375 3332 HPZius12 - ok
20:11:58.0437 3332 [ 13D4B70BF2F9BC550E9079DA864D3EC1 ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
20:11:58.0437 3332 HSFHWATI - ok
20:11:58.0531 3332 [ DFA8F86C0DBCA7DB948043AA3BE6793B ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:11:58.0562 3332 HSF_DP - ok
20:11:58.0625 3332 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:11:58.0640 3332 HTTP - ok
20:11:58.0687 3332 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:11:58.0703 3332 HTTPFilter - ok
20:11:58.0718 3332 i2omgmt - ok
20:11:58.0734 3332 i2omp - ok
20:11:58.0796 3332 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:11:58.0796 3332 i8042prt - ok
20:11:58.0921 3332 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:11:58.0953 3332 idsvc - ok
20:11:59.0015 3332 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:11:59.0015 3332 Imapi - ok
20:11:59.0078 3332 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:11:59.0093 3332 ImapiService - ok
20:11:59.0109 3332 ini910u - ok
20:11:59.0140 3332 IntelIde - ok
20:11:59.0203 3332 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:11:59.0203 3332 Ip6Fw - ok
20:11:59.0234 3332 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:11:59.0234 3332 IpFilterDriver - ok
20:11:59.0281 3332 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:11:59.0281 3332 IpInIp - ok
20:11:59.0312 3332 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:11:59.0312 3332 IpNat - ok
20:11:59.0375 3332 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:11:59.0406 3332 iPod Service - ok
20:11:59.0468 3332 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:11:59.0468 3332 IPSec - ok
20:11:59.0500 3332 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:11:59.0500 3332 IRENUM - ok
20:11:59.0546 3332 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:11:59.0546 3332 isapnp - ok
20:11:59.0718 3332 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:11:59.0718 3332 JavaQuickStarterService - ok
20:11:59.0750 3332 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:11:59.0765 3332 Kbdclass - ok
20:11:59.0828 3332 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:11:59.0828 3332 kmixer - ok
20:11:59.0875 3332 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:11:59.0875 3332 KSecDD - ok
20:11:59.0937 3332 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:11:59.0953 3332 lanmanserver - ok
20:12:00.0000 3332 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:12:00.0031 3332 lanmanworkstation - ok
20:12:00.0046 3332 lbrtfdc - ok
20:12:00.0109 3332 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:12:00.0109 3332 LmHosts - ok
20:12:00.0140 3332 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:12:00.0140 3332 mdmxsdk - ok
20:12:00.0187 3332 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:12:00.0203 3332 Messenger - ok
20:12:00.0234 3332 [ A7DA20AB18A1BDAE28B0F349E57DA0D1 ] mf C:\WINDOWS\system32\DRIVERS\mf.sys
20:12:00.0234 3332 mf - ok
20:12:00.0296 3332 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:12:00.0296 3332 mnmdd - ok
20:12:00.0343 3332 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:12:00.0359 3332 mnmsrvc - ok
20:12:00.0421 3332 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:12:00.0421 3332 Modem - ok
20:12:00.0468 3332 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:12:00.0484 3332 Mouclass - ok
20:12:00.0515 3332 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:12:00.0531 3332 mouhid - ok
20:12:00.0546 3332 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:12:00.0546 3332 MountMgr - ok
20:12:00.0578 3332 mraid35x - ok
20:12:00.0593 3332 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:12:00.0593 3332 MRxDAV - ok
20:12:00.0671 3332 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:12:00.0703 3332 MRxSmb - ok
20:12:00.0765 3332 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:12:00.0765 3332 MSDTC - ok
20:12:00.0796 3332 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:12:00.0796 3332 Msfs - ok
20:12:00.0812 3332 MSIServer - ok
20:12:00.0859 3332 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:12:00.0859 3332 MSKSSRV - ok
20:12:00.0890 3332 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:12:00.0890 3332 MSPCLOCK - ok
20:12:00.0937 3332 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:12:00.0937 3332 MSPQM - ok
20:12:00.0968 3332 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:12:00.0968 3332 mssmbios - ok
20:12:01.0031 3332 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:12:01.0046 3332 Mup - ok
20:12:01.0109 3332 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:12:01.0140 3332 napagent - ok
20:12:01.0171 3332 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:12:01.0171 3332 NDIS - ok
20:12:01.0234 3332 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:12:01.0234 3332 NdisTapi - ok
20:12:01.0296 3332 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:12:01.0296 3332 Ndisuio - ok
20:12:01.0328 3332 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:12:01.0328 3332 NdisWan - ok
20:12:01.0359 3332 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:12:01.0359 3332 NDProxy - ok
20:12:01.0406 3332 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:12:01.0406 3332 NetBIOS - ok
20:12:01.0453 3332 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:12:01.0453 3332 NetBT - ok
20:12:01.0515 3332 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:12:01.0531 3332 NetDDE - ok
20:12:01.0546 3332 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:12:01.0562 3332 NetDDEdsdm - ok
20:12:01.0625 3332 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:12:01.0625 3332 Netlogon - ok
20:12:01.0703 3332 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:12:01.0718 3332 Netman - ok
20:12:01.0765 3332 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:12:01.0781 3332 NetTcpPortSharing - ok
20:12:01.0812 3332 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:12:01.0828 3332 NIC1394 - ok
20:12:01.0890 3332 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:12:01.0906 3332 Nla - ok
20:12:01.0968 3332 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:12:01.0968 3332 Npfs - ok
20:12:02.0015 3332 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:12:02.0031 3332 Ntfs - ok
20:12:02.0046 3332 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:12:02.0062 3332 NtLmSsp - ok
20:12:02.0140 3332 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:12:02.0171 3332 NtmsSvc - ok
20:12:02.0203 3332 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:12:02.0203 3332 Null - ok
20:12:02.0250 3332 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:12:02.0250 3332 NwlnkFlt - ok
20:12:02.0281 3332 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:12:02.0281 3332 NwlnkFwd - ok
20:12:02.0421 3332 [ 1A008CBB313F7A6644B883AE1829393B ] OAcat C:\Program Files\Online Armor\OAcat.exe
20:12:02.0421 3332 OAcat - ok
20:12:02.0484 3332 [ C0BA927C3A1A62F2BF664F242D91C082 ] OADevice C:\WINDOWS\system32\drivers\OADriver.sys
20:12:02.0484 3332 OADevice - ok
20:12:02.0531 3332 [ C968369E2BC5F6A8426C1E7D78E33F1B ] oahlpXX C:\WINDOWS\system32\drivers\oahlp32.sys
20:12:02.0531 3332 oahlpXX - ok
20:12:02.0562 3332 [ 04E7E92CD91E61E0CC1BDF849032AD81 ] OAmon C:\WINDOWS\system32\drivers\OAmon.sys
20:12:02.0562 3332 OAmon - ok
20:12:02.0609 3332 [ F3250D94BEE44A0D00939F10830B3563 ] OAnet C:\WINDOWS\system32\drivers\OAnet.sys
20:12:02.0609 3332 OAnet - ok
20:12:02.0640 3332 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:12:02.0656 3332 ohci1394 - ok
20:12:02.0734 3332 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:12:02.0734 3332 ose - ok
20:12:02.0812 3332 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:12:02.0828 3332 Parport - ok
20:12:02.0859 3332 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:12:02.0859 3332 PartMgr - ok
20:12:02.0921 3332 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:12:02.0921 3332 ParVdm - ok
20:12:02.0953 3332 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:12:02.0953 3332 PCI - ok
20:12:02.0968 3332 PCIDump - ok
20:12:03.0000 3332 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:12:03.0000 3332 PCIIde - ok
20:12:03.0046 3332 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:12:03.0062 3332 Pcmcia - ok
20:12:03.0109 3332 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
20:12:03.0109 3332 pcouffin - ok
20:12:03.0125 3332 PDCOMP - ok
20:12:03.0156 3332 PDFRAME - ok
20:12:03.0171 3332 PDRELI - ok
20:12:03.0187 3332 PDRFRAME - ok
20:12:03.0203 3332 perc2 - ok
20:12:03.0234 3332 perc2hib - ok
20:12:03.0343 3332 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:12:03.0343 3332 PlugPlay - ok
20:12:03.0406 3332 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
20:12:03.0406 3332 Pml Driver HPZ12 - ok
20:12:03.0421 3332 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:12:03.0421 3332 PolicyAgent - ok
20:12:03.0484 3332 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:12:03.0484 3332 PptpMiniport - ok
20:12:03.0500 3332 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:12:03.0500 3332 Processor - ok
20:12:03.0515 3332 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:12:03.0531 3332 ProtectedStorage - ok
20:12:03.0578 3332 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:12:03.0578 3332 Ptilink - ok
20:12:03.0609 3332 [ 30CBAE0A34359F1CD19D1576245149ED ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:12:03.0609 3332 PxHelp20 - ok
20:12:03.0625 3332 ql1080 - ok
20:12:03.0640 3332 Ql10wnt - ok
20:12:03.0656 3332 ql12160 - ok
20:12:03.0671 3332 ql1240 - ok
20:12:03.0687 3332 ql1280 - ok
20:12:03.0718 3332 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:12:03.0718 3332 RasAcd - ok
20:12:03.0781 3332 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:12:03.0781 3332 RasAuto - ok
20:12:03.0812 3332 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:12:03.0828 3332 Rasl2tp - ok
20:12:03.0875 3332 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:12:03.0890 3332 RasMan - ok
20:12:03.0906 3332 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:12:03.0921 3332 RasPppoe - ok
20:12:03.0937 3332 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:12:03.0953 3332 Raspti - ok
20:12:04.0000 3332 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:12:04.0015 3332 Rdbss - ok
20:12:04.0031 3332 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:12:04.0031 3332 RDPCDD - ok
20:12:04.0109 3332 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:12:04.0125 3332 RDPWD - ok
20:12:04.0171 3332 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:12:04.0171 3332 RDSessMgr - ok
20:12:04.0203 3332 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:12:04.0203 3332 redbook - ok
20:12:04.0265 3332 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:12:04.0265 3332 RemoteAccess - ok
20:12:04.0312 3332 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
20:12:04.0312 3332 RimUsb - ok
20:12:04.0343 3332 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:12:04.0343 3332 RimVSerPort - ok
20:12:04.0390 3332 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
20:12:04.0390 3332 ROOTMODEM - ok
20:12:04.0453 3332 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:12:04.0453 3332 RpcLocator - ok
20:12:04.0500 3332 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:12:04.0515 3332 RpcSs - ok
20:12:04.0546 3332 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:12:04.0546 3332 RSVP - ok
20:12:04.0609 3332 [ 3529828EC571FB2F64F6B142F9109993 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
20:12:04.0609 3332 RTL8023xp - ok
20:12:04.0656 3332 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:12:04.0671 3332 rtl8139 - ok
20:12:04.0687 3332 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:12:04.0687 3332 SamSs - ok
20:12:04.0750 3332 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:12:04.0765 3332 SCardSvr - ok
20:12:04.0812 3332 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:12:04.0828 3332 Schedule - ok
20:12:04.0890 3332 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:12:04.0890 3332 sdbus - ok
20:12:04.0937 3332 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:12:04.0953 3332 Secdrv - ok
20:12:04.0984 3332 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:12:05.0000 3332 seclogon - ok
20:12:05.0062 3332 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:12:05.0078 3332 SENS - ok
20:12:05.0125 3332 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:12:05.0125 3332 Serial - ok
20:12:05.0156 3332 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:12:05.0171 3332 Sfloppy - ok
20:12:05.0218 3332 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:12:05.0234 3332 SharedAccess - ok
20:12:05.0265 3332 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:12:05.0265 3332 ShellHWDetection - ok
20:12:05.0281 3332 Simbad - ok
20:12:05.0359 3332 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:12:05.0359 3332 SkypeUpdate - ok
20:12:05.0437 3332 [ 5052DBAFC8F4E4507E6AD0D467DD3529 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
20:12:05.0437 3332 snapman - ok
20:12:05.0437 3332 Sparrow - ok
20:12:05.0500 3332 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:12:05.0500 3332 splitter - ok
20:12:05.0562 3332 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:12:05.0562 3332 Spooler - ok
20:12:05.0593 3332 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:12:05.0593 3332 sr - ok
20:12:05.0640 3332 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:12:05.0656 3332 srservice - ok
20:12:05.0718 3332 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:12:05.0734 3332 Srv - ok
20:12:05.0796 3332 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:12:05.0796 3332 SSDPSRV - ok
20:12:05.0859 3332 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:12:05.0875 3332 stisvc - ok
20:12:06.0078 3332 [ A54B4FBC24C4EDE34BEB5F8D8974752A ] SvcOnlineArmor C:\Program Files\Online Armor\oasrv.exe
20:12:06.0218 3332 SvcOnlineArmor - ok
20:12:06.0265 3332 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:12:06.0265 3332 swenum - ok
20:12:06.0296 3332 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:12:06.0296 3332 swmidi - ok
20:12:06.0328 3332 SwPrv - ok
20:12:06.0343 3332 symc810 - ok
20:12:06.0375 3332 symc8xx - ok
20:12:06.0390 3332 sym_hi - ok
20:12:06.0406 3332 sym_u3 - ok
20:12:06.0515 3332 [ 0F332C0BA9B968EBC8CBB906416F8597 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:12:06.0531 3332 SynTP - ok
20:12:06.0562 3332 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:12:06.0562 3332 sysaudio - ok
20:12:06.0625 3332 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:12:06.0640 3332 SysmonLog - ok
20:12:06.0687 3332 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:12:06.0718 3332 TapiSrv - ok
20:12:06.0796 3332 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:12:06.0812 3332 Tcpip - ok
20:12:06.0875 3332 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:12:06.0875 3332 TDPIPE - ok
20:12:06.0921 3332 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:12:06.0921 3332 TDTCP - ok
20:12:06.0984 3332 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:12:06.0984 3332 TermDD - ok
20:12:07.0031 3332 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:12:07.0078 3332 TermService - ok
20:12:07.0125 3332 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:12:07.0140 3332 Themes - ok
20:12:07.0203 3332 [ E4C85C291DDB3DC5E4A2F227CA465BA6 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
20:12:07.0203 3332 tifm21 - ok
20:12:07.0265 3332 [ B84B82C0CBEB1B0D7EB7A946BADE5830 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
20:12:07.0265 3332 tifsfilter - ok
20:12:07.0343 3332 [ 74711884439BDF9CCF446C79CB05FAC0 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
20:12:07.0359 3332 timounter - ok
20:12:07.0375 3332 TosIde - ok
20:12:07.0421 3332 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:12:07.0437 3332 TrkWks - ok
20:12:07.0468 3332 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:12:07.0484 3332 Udfs - ok
20:12:07.0500 3332 ultra - ok
20:12:07.0578 3332 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:12:07.0593 3332 Update - ok
20:12:07.0640 3332 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:12:07.0656 3332 upnphost - ok
20:12:07.0687 3332 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:12:07.0703 3332 UPS - ok
20:12:07.0750 3332 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:12:07.0750 3332 usbaudio - ok
20:12:07.0812 3332 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:12:07.0812 3332 usbccgp - ok
20:12:07.0828 3332 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:12:07.0843 3332 usbehci - ok
20:12:07.0890 3332 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:12:07.0890 3332 usbhub - ok
20:12:07.0953 3332 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:12:07.0953 3332 usbohci - ok
20:12:07.0984 3332 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:12:07.0984 3332 usbprint - ok
20:12:08.0031 3332 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:12:08.0031 3332 usbscan - ok
20:12:08.0062 3332 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:12:08.0062 3332 USBSTOR - ok
20:12:08.0109 3332 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:12:08.0125 3332 VgaSave - ok
20:12:08.0140 3332 ViaIde - ok
20:12:08.0187 3332 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:12:08.0187 3332 VolSnap - ok
20:12:08.0281 3332 [ F7035815C23DF5DAD8A686C1CDA20F3E ] vsc32 C:\WINDOWS\system32\DRIVERS\vsc.sys
20:12:08.0312 3332 vsc32 - ok
20:12:08.0375 3332 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:12:08.0421 3332 VSS - ok
20:12:08.0468 3332 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:12:08.0500 3332 W32Time - ok
20:12:08.0562 3332 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:12:08.0578 3332 Wanarp - ok
20:12:08.0625 3332 [ 56242D5BE3BFC8F2A212E6D1F9A16697 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
20:12:08.0625 3332 wceusbsh - ok
20:12:08.0671 3332 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:12:08.0687 3332 Wdf01000 - ok
20:12:08.0718 3332 WDICA - ok
20:12:08.0765 3332 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:12:08.0765 3332 wdmaud - ok
20:12:08.0828 3332 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:12:08.0843 3332 WebClient - ok
20:12:08.0921 3332 [ 473EE64C368CE2EED110376C11960259 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:12:08.0968 3332 winachsf - ok
20:12:09.0062 3332 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:12:09.0062 3332 winmgmt - ok
20:12:09.0203 3332 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:12:09.0250 3332 wlidsvc - ok
20:12:09.0265 3332 wltrysvc - ok
20:12:09.0343 3332 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:12:09.0359 3332 WmdmPmSN - ok
20:12:09.0421 3332 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:12:09.0421 3332 WmiAcpi - ok
20:12:09.0468 3332 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:12:09.0468 3332 WmiApSrv - ok
20:12:09.0593 3332 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:12:09.0625 3332 WMPNetworkSvc - ok
20:12:09.0687 3332 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:12:09.0703 3332 wscsvc - ok
20:12:09.0765 3332 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:12:09.0781 3332 wuauserv - ok
20:12:09.0843 3332 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:12:09.0843 3332 WudfPf - ok
20:12:09.0875 3332 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:12:09.0875 3332 WudfRd - ok
20:12:09.0937 3332 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:12:09.0953 3332 WudfSvc - ok
20:12:10.0015 3332 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:12:10.0062 3332 WZCSVC - ok
20:12:10.0109 3332 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:12:10.0140 3332 xmlprov - ok
20:12:10.0156 3332 ================ Scan global ===============================
20:12:10.0203 3332 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:12:10.0250 3332 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:12:10.0312 3332 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:12:10.0343 3332 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:12:10.0359 3332 [Global] - ok
20:12:10.0359 3332 ================ Scan MBR ==================================
20:12:10.0390 3332 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:12:10.0625 3332 \Device\Harddisk0\DR0 - ok
20:12:10.0640 3332 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
20:12:10.0640 3332 \Device\Harddisk1\DR2 - ok
20:12:10.0656 3332 ================ Scan VBR ==================================
20:12:10.0656 3332 [ A28339583333C22573F5164FDDB3CC2B ] \Device\Harddisk0\DR0\Partition1
20:12:10.0656 3332 \Device\Harddisk0\DR0\Partition1 - ok
20:12:10.0671 3332 [ 3F2488EA63247D81C3AC1191208176F8 ] \Device\Harddisk1\DR2\Partition1
20:12:10.0687 3332 \Device\Harddisk1\DR2\Partition1 - ok
20:12:10.0687 3332 ============================================================
20:12:10.0687 3332 Scan finished
20:12:10.0687 3332 ============================================================
20:12:10.0718 2652 Detected object count: 0
20:12:10.0718 2652 Actual detected object count: 0
20:13:40.0015 1632 ============================================================
20:13:40.0015 1632 Scan started
20:13:40.0015 1632 Mode: Manual; SigCheck; TDLFS;
20:13:40.0015 1632 ============================================================
20:13:40.0640 1632 ================ Scan system memory ========================
20:13:40.0656 1632 System memory - ok
20:13:40.0671 1632 ================ Scan services =============================
20:13:40.0828 1632 [ 0352A73CD6B1782EA3ED7A03A8268F55 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:13:41.0093 1632 Aavmker4 - ok
20:13:41.0109 1632 Abiosdsk - ok
20:13:41.0125 1632 abp480n5 - ok
20:13:41.0203 1632 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:13:42.0015 1632 ACPI - ok
20:13:42.0031 1632 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:13:42.0203 1632 ACPIEC - ok
20:13:42.0296 1632 [ 09951DD226E17A62FED1178404846D02 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
20:13:42.0359 1632 AcrSch2Svc ( UnsignedFile.Multi.Generic ) - warning
20:13:42.0359 1632 AcrSch2Svc - detected UnsignedFile.Multi.Generic (1)
20:13:42.0375 1632 adpu160m - ok
20:13:42.0406 1632 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:13:42.0625 1632 aec - ok
20:13:42.0718 1632 [ 2C5C22990156A1063E19AD162191DC1D ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:13:42.0750 1632 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:13:42.0750 1632 AegisP - detected UnsignedFile.Multi.Generic (1)
20:13:42.0812 1632 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:13:42.0828 1632 AFD - ok
20:13:42.0843 1632 Aha154x - ok
20:13:42.0859 1632 aic78u2 - ok
20:13:42.0875 1632 aic78xx - ok
20:13:42.0921 1632 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:13:43.0109 1632 Alerter - ok
20:13:43.0140 1632 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:13:43.0218 1632 ALG - ok
20:13:43.0234 1632 AliIde - ok
20:13:43.0281 1632 [ A2D5F093F9CB160C183C77015704F156 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:13:43.0328 1632 AmdK8 - ok
20:13:43.0343 1632 amsint - ok
20:13:43.0437 1632 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:13:43.0453 1632 Apple Mobile Device - ok
20:13:43.0468 1632 AppMgmt - ok
20:13:43.0500 1632 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:13:43.0687 1632 Arp1394 - ok
20:13:43.0703 1632 asc - ok
20:13:43.0718 1632 asc3350p - ok
20:13:43.0734 1632 asc3550 - ok
20:13:43.0875 1632 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:13:43.0890 1632 aspnet_state - ok
20:13:43.0937 1632 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:13:43.0953 1632 aswFsBlk - ok
20:13:43.0968 1632 [ 2B9B1DF809E965EF63402CBBA6DB50AE ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:13:44.0000 1632 aswMon2 - ok
20:13:44.0046 1632 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
20:13:44.0062 1632 AswRdr - ok
20:13:44.0125 1632 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:13:44.0171 1632 aswSnx - ok
20:13:44.0203 1632 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:13:44.0234 1632 aswSP - ok
20:13:44.0281 1632 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:13:44.0296 1632 aswTdi - ok
20:13:44.0312 1632 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:13:44.0500 1632 AsyncMac - ok
20:13:44.0515 1632 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:13:44.0718 1632 atapi - ok
20:13:44.0734 1632 Atdisk - ok
20:13:44.0796 1632 [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:13:44.0859 1632 Ati HotKey Poller - ok
20:13:44.0921 1632 [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:13:44.0984 1632 ati2mtag - ok
20:13:45.0031 1632 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:13:45.0203 1632 Atmarpc - ok
20:13:45.0250 1632 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:13:45.0468 1632 AudioSrv - ok
20:13:45.0500 1632 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:13:45.0703 1632 audstub - ok
20:13:45.0765 1632 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:13:45.0781 1632 avast! Antivirus - ok
20:13:45.0859 1632 [ 37F385A93C620CBE0F89C17E45F697A1 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:13:45.0953 1632 BCM43XX - ok
20:13:46.0000 1632 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:13:46.0203 1632 Beep - ok
20:13:46.0265 1632 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:13:46.0515 1632 BITS - ok
20:13:46.0578 1632 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:13:46.0609 1632 Bonjour Service - ok
20:13:46.0656 1632 [ 4BA311473E0D8557827E6F2FE33A8095 ] brfilt C:\WINDOWS\system32\Drivers\Brfilt.sys
20:13:46.0890 1632 brfilt - ok
20:13:46.0953 1632 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:13:46.0984 1632 Browser - ok
20:13:47.0000 1632 [ 8E06CD96E00472C03770A697D04031C0 ] BrSerWDM C:\WINDOWS\system32\Drivers\BrSerWdm.sys
20:13:47.0218 1632 BrSerWDM - ok
20:13:47.0312 1632 [ 37E2D0B12DDF536CD64AF6EB3B580EF8 ] BrUsbMdm C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
20:13:47.0531 1632 BrUsbMdm - ok
20:13:47.0562 1632 [ 1C5F014048E5B2748C1A8AD297C50B6F ] BrUsbScn C:\WINDOWS\system32\Drivers\BrUsbScn.sys
20:13:47.0734 1632 BrUsbScn - ok
20:13:47.0781 1632 [ 23913C28AC89875BBFA03BCCDC3A41E5 ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
20:13:47.0828 1632 CAMCAUD - ok
20:13:47.0859 1632 [ E6EDB12A44DAFCEF05DBDDF3ED652388 ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
20:13:47.0921 1632 CAMCHALA - ok
20:13:47.0968 1632 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:13:48.0187 1632 cbidf2k - ok
20:13:48.0203 1632 cd20xrnt - ok
20:13:48.0234 1632 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:13:48.0406 1632 Cdaudio - ok
20:13:48.0453 1632 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:13:48.0671 1632 Cdfs - ok
20:13:48.0718 1632 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:13:48.0921 1632 Cdrom - ok
20:13:48.0937 1632 Changer - ok
20:13:48.0984 1632 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:13:49.0156 1632 CiSvc - ok
20:13:49.0187 1632 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:13:49.0375 1632 ClipSrv - ok
20:13:49.0437 1632 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:13:49.0453 1632 clr_optimization_v2.0.50727_32 - ok
20:13:49.0468 1632 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:13:49.0640 1632 CmBatt - ok
20:13:49.0656 1632 CmdIde - ok
20:13:49.0671 1632 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:13:49.0875 1632 Compbatt - ok
20:13:49.0890 1632 COMSysApp - ok
20:13:49.0921 1632 Cpqarray - ok
20:13:50.0015 1632 [ 75FA19142531CBF490770C2988A7DB64 ] cpuz134 C:\swsetup\PCWizard\pc-wizard_2010.1.961\pcwiz_x32.sys
20:13:50.0031 1632 cpuz134 - ok
20:13:50.0078 1632 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:13:50.0250 1632 CryptSvc - ok
20:13:50.0265 1632 dac2w2k - ok
20:13:50.0281 1632 dac960nt - ok
20:13:50.0328 1632 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:13:50.0359 1632 DcomLaunch - ok
20:13:50.0406 1632 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:13:50.0593 1632 Dhcp - ok
20:13:50.0640 1632 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:13:50.0859 1632 Disk - ok
20:13:50.0875 1632 dmadmin - ok
20:13:50.0906 1632 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:13:51.0140 1632 dmboot - ok
20:13:51.0171 1632 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:13:51.0390 1632 dmio - ok
20:13:51.0421 1632 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:13:51.0609 1632 dmload - ok
20:13:51.0640 1632 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:13:51.0828 1632 dmserver - ok
20:13:51.0875 1632 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:13:52.0062 1632 DMusic - ok
20:13:52.0125 1632 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:13:52.0156 1632 Dnscache - ok
20:13:52.0203 1632 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:13:52.0390 1632 Dot3svc - ok
20:13:52.0390 1632 dpti2o - ok
20:13:52.0421 1632 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:13:52.0625 1632 drmkaud - ok
20:13:52.0671 1632 [ 1FC1EED3EA0C3A0ECF8A95B97E1B4831 ] dvd43llh C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
20:13:52.0687 1632 dvd43llh ( UnsignedFile.Multi.Generic ) - warning
20:13:52.0687 1632 dvd43llh - detected UnsignedFile.Multi.Generic (1)
20:13:52.0718 1632 [ 81B7808D3B5892388F33273119C2DC31 ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
20:13:52.0734 1632 eabfiltr - ok
20:13:52.0765 1632 [ 1BA14DA377B66278335D4B9E8824CD42 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
20:13:52.0796 1632 eabusb - ok
20:13:52.0828 1632 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:13:53.0015 1632 EapHost - ok
20:13:53.0062 1632 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:13:53.0250 1632 ERSvc - ok
20:13:53.0281 1632 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:13:53.0328 1632 Eventlog - ok
20:13:53.0390 1632 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
20:13:53.0421 1632 EventSystem - ok
20:13:53.0468 1632 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:13:53.0703 1632 Fastfat - ok
20:13:53.0734 1632 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:13:53.0781 1632 FastUserSwitchingCompatibility - ok
20:13:53.0812 1632 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:13:53.0984 1632 Fdc - ok
20:13:54.0015 1632 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:13:54.0203 1632 Fips - ok
20:13:54.0265 1632 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:13:54.0453 1632 Flpydisk - ok
20:13:54.0500 1632 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:13:54.0687 1632 FltMgr - ok
20:13:54.0765 1632 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:13:54.0781 1632 FontCache3.0.0.0 - ok
20:13:54.0812 1632 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:13:55.0015 1632 Fs_Rec - ok
20:13:55.0031 1632 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:13:55.0250 1632 Ftdisk - ok
20:13:55.0296 1632 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:13:55.0296 1632 GEARAspiWDM - ok
20:13:55.0343 1632 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:13:55.0515 1632 Gpc - ok
20:13:55.0578 1632 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:55.0609 1632 gupdate - ok
20:13:55.0625 1632 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:55.0640 1632 gupdatem - ok
20:13:55.0734 1632 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:13:55.0921 1632 helpsvc - ok
20:13:55.0953 1632 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
20:13:56.0125 1632 HidServ - ok
20:13:56.0156 1632 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:13:56.0328 1632 hidusb - ok
20:13:56.0359 1632 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:13:56.0546 1632 hkmsvc - ok
20:13:56.0656 1632 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
20:13:56.0718 1632 HP Port Resolver - ok
20:13:56.0765 1632 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
20:13:56.0828 1632 HP Status Server - ok
20:13:56.0843 1632 hpn - ok
20:13:56.0921 1632 [ 61556FA814F907BCED618B64DA66212A ] hpqwmi C:\Program Files\HPQ\shared\hpqwmi.exe
20:13:56.0953 1632 hpqwmi ( UnsignedFile.Multi.Generic ) - warning
20:13:56.0953 1632 hpqwmi - detected UnsignedFile.Multi.Generic (1)
20:13:57.0000 1632 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:13:57.0031 1632 HPZid412 - ok
20:13:57.0062 1632 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:13:57.0093 1632 HPZipr12 - ok
20:13:57.0125 1632 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:13:57.0171 1632 HPZius12 - ok
20:13:57.0218 1632 [ 13D4B70BF2F9BC550E9079DA864D3EC1 ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
20:13:57.0281 1632 HSFHWATI - ok
20:13:57.0359 1632 [ DFA8F86C0DBCA7DB948043AA3BE6793B ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:13:57.0468 1632 HSF_DP - ok
20:13:57.0500 1632 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:13:57.0546 1632 HTTP - ok
20:13:57.0578 1632 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:13:57.0734 1632 HTTPFilter - ok
20:13:57.0750 1632 i2omgmt - ok
20:13:57.0765 1632 i2omp - ok
20:13:57.0812 1632 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:13:57.0984 1632 i8042prt - ok
20:13:58.0078 1632 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:13:58.0140 1632 idsvc - ok
20:13:58.0203 1632 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:13:58.0359 1632 Imapi - ok
20:13:58.0406 1632 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:13:58.0593 1632 ImapiService - ok
20:13:58.0609 1632 ini910u - ok
20:13:58.0625 1632 IntelIde - ok
20:13:58.0671 1632 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:13:58.0843 1632 Ip6Fw - ok
20:13:58.0875 1632 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:13:59.0015 1632 IpFilterDriver - ok
20:13:59.0046 1632 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:13:59.0203 1632 IpInIp - ok
20:13:59.0234 1632 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:13:59.0406 1632 IpNat - ok
20:13:59.0468 1632 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:13:59.0500 1632 iPod Service - ok
20:13:59.0546 1632 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:13:59.0765 1632 IPSec - ok
20:13:59.0812 1632 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:13:59.0875 1632 IRENUM - ok
20:13:59.0921 1632 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:14:00.0046 1632 isapnp - ok
20:14:00.0171 1632 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
20:14:00.0187 1632 JavaQuickStarterService - ok
20:14:00.0218 1632 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:14:00.0390 1632 Kbdclass - ok
20:14:00.0468 1632 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:14:00.0671 1632 kmixer - ok
20:14:00.0687 1632 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:14:00.0718 1632 KSecDD - ok
20:14:00.0765 1632 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:14:00.0796 1632 lanmanserver - ok
20:14:00.0843 1632 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:14:00.0875 1632 lanmanworkstation - ok
20:14:00.0875 1632 lbrtfdc - ok
20:14:00.0937 1632 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:14:01.0125 1632 LmHosts - ok
20:14:01.0125 1632 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:14:01.0187 1632 mdmxsdk - ok
20:14:01.0218 1632 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:14:01.0406 1632 Messenger - ok
20:14:01.0437 1632 [ A7DA20AB18A1BDAE28B0F349E57DA0D1 ] mf C:\WINDOWS\system32\DRIVERS\mf.sys
20:14:01.0625 1632 mf - ok
20:14:01.0687 1632 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:14:01.0843 1632 mnmdd - ok
20:14:01.0890 1632 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:14:02.0031 1632 mnmsrvc - ok
20:14:02.0078 1632 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:14:02.0250 1632 Modem - ok
20:14:02.0281 1632 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:14:02.0453 1632 Mouclass - ok
20:14:02.0484 1632 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:14:02.0656 1632 mouhid - ok
20:14:02.0687 1632 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:14:02.0875 1632 MountMgr - ok
20:14:02.0875 1632 mraid35x - ok
20:14:02.0890 1632 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:14:03.0062 1632 MRxDAV - ok
20:14:03.0109 1632 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:14:03.0140 1632 MRxSmb - ok
20:14:03.0187 1632 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:14:03.0328 1632 MSDTC - ok
20:14:03.0343 1632 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:14:03.0531 1632 Msfs - ok
20:14:03.0531 1632 MSIServer - ok
20:14:03.0562 1632 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:14:03.0703 1632 MSKSSRV - ok
20:14:03.0750 1632 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:14:03.0921 1632 MSPCLOCK - ok
20:14:03.0953 1632 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:14:04.0093 1632 MSPQM - ok
20:14:04.0125 1632 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:14:04.0281 1632 mssmbios - ok
20:14:04.0343 1632 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:14:04.0375 1632 Mup - ok
20:14:04.0421 1632 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:14:04.0625 1632 napagent - ok
20:14:04.0671 1632 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:14:04.0828 1632 NDIS - ok
20:14:04.0859 1632 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:14:04.0906 1632 NdisTapi - ok
20:14:04.0968 1632 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:14:05.0140 1632 Ndisuio - ok
20:14:05.0171 1632 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:14:05.0375 1632 NdisWan - ok
20:14:05.0421 1632 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:14:05.0437 1632 NDProxy - ok
20:14:05.0500 1632 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:14:05.0671 1632 NetBIOS - ok
20:14:05.0703 1632 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:14:05.0906 1632 NetBT - ok
20:14:05.0953 1632 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:14:06.0125 1632 NetDDE - ok
20:14:06.0140 1632 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:14:06.0343 1632 NetDDEdsdm - ok
20:14:06.0406 1632 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:14:06.0546 1632 Netlogon - ok
20:14:06.0593 1632 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:14:06.0812 1632 Netman - ok
20:14:06.0843 1632 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:14:06.0859 1632 NetTcpPortSharing - ok
20:14:06.0890 1632 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:14:07.0062 1632 NIC1394 - ok
20:14:07.0109 1632 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:14:07.0156 1632 Nla - ok
20:14:07.0203 1632 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:14:07.0375 1632 Npfs - ok
20:14:07.0421 1632 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:14:07.0593 1632 Ntfs - ok
20:14:07.0625 1632 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:14:07.0812 1632 NtLmSsp - ok
20:14:07.0859 1632 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:14:08.0078 1632 NtmsSvc - ok
20:14:08.0109 1632 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:14:08.0265 1632 Null - ok
20:14:08.0312 1632 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:14:08.0468 1632 NwlnkFlt - ok
20:14:08.0500 1632 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:14:08.0656 1632 NwlnkFwd - ok
20:14:08.0781 1632 [ 1A008CBB313F7A6644B883AE1829393B ] OAcat C:\Program Files\Online Armor\OAcat.exe
20:14:08.0812 1632 OAcat - ok
20:14:08.0843 1632 [ C0BA927C3A1A62F2BF664F242D91C082 ] OADevice C:\WINDOWS\system32\drivers\OADriver.sys
20:14:08.0875 1632 OADevice - ok
20:14:08.0921 1632 [ C968369E2BC5F6A8426C1E7D78E33F1B ] oahlpXX C:\WINDOWS\system32\drivers\oahlp32.sys
20:14:08.0937 1632 oahlpXX - ok
20:14:08.0953 1632 [ 04E7E92CD91E61E0CC1BDF849032AD81 ] OAmon C:\WINDOWS\system32\drivers\OAmon.sys
20:14:08.0968 1632 OAmon - ok
20:14:09.0000 1632 [ F3250D94BEE44A0D00939F10830B3563 ] OAnet C:\WINDOWS\system32\drivers\OAnet.sys
20:14:09.0015 1632 OAnet - ok
20:14:09.0031 1632 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:14:09.0218 1632 ohci1394 - ok
20:14:09.0296 1632 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:14:09.0312 1632 ose - ok
20:14:09.0375 1632 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:14:09.0593 1632 Parport - ok
20:14:09.0625 1632 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:14:09.0812 1632 PartMgr - ok
20:14:09.0859 1632 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:14:10.0062 1632 ParVdm - ok
20:14:10.0093 1632 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:14:10.0281 1632 PCI - ok
20:14:10.0296 1632 PCIDump - ok
20:14:10.0312 1632 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:14:10.0484 1632 PCIIde - ok
20:14:10.0500 1632 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:14:10.0718 1632 Pcmcia - ok
20:14:10.0765 1632 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
20:14:10.0796 1632 pcouffin ( UnsignedFile.Multi.Generic ) - warning
20:14:10.0796 1632 pcouffin - detected UnsignedFile.Multi.Generic (1)
20:14:10.0812 1632 PDCOMP - ok
20:14:10.0828 1632 PDFRAME - ok
20:14:10.0828 1632 PDRELI - ok
20:14:10.0843 1632 PDRFRAME - ok
20:14:10.0859 1632 perc2 - ok
20:14:10.0875 1632 perc2hib - ok
20:14:10.0921 1632 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:14:10.0953 1632 PlugPlay - ok
20:14:11.0000 1632 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
20:14:11.0046 1632 Pml Driver HPZ12 - ok
20:14:11.0062 1632 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:14:11.0218 1632 PolicyAgent - ok
20:14:11.0250 1632 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:14:11.0421 1632 PptpMiniport - ok
20:14:11.0453 1632 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:14:11.0656 1632 Processor - ok
20:14:11.0671 1632 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:14:11.0828 1632 ProtectedStorage - ok
20:14:11.0875 1632 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:14:12.0078 1632 Ptilink - ok
20:14:12.0140 1632 [ 30CBAE0A34359F1CD19D1576245149ED ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:14:12.0156 1632 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:14:12.0156 1632 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:14:12.0171 1632 ql1080 - ok
20:14:12.0171 1632 Ql10wnt - ok
20:14:12.0187 1632 ql12160 - ok
20:14:12.0203 1632 ql1240 - ok
20:14:12.0218 1632 ql1280 - ok
20:14:12.0250 1632 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:14:12.0390 1632 RasAcd - ok
20:14:12.0437 1632 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:14:12.0656 1632 RasAuto - ok
20:14:12.0687 1632 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:14:12.0890 1632 Rasl2tp - ok
20:14:12.0968 1632 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:14:13.0187 1632 RasMan - ok
20:14:13.0187 1632 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:14:13.0375 1632 RasPppoe - ok
20:14:13.0406 1632 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:14:13.0609 1632 Raspti - ok
20:14:13.0656 1632 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:14:13.0859 1632 Rdbss - ok
20:14:13.0890 1632 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:14:14.0046 1632 RDPCDD - ok
20:14:14.0125 1632 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:14:14.0156 1632 RDPWD - ok
20:14:14.0187 1632 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:14:14.0562 1632 RDSessMgr - ok
20:14:14.0593 1632 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:14:14.0781 1632 redbook - ok
20:14:14.0828 1632 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:14:15.0000 1632 RemoteAccess - ok
20:14:15.0046 1632 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
20:14:15.0078 1632 RimUsb - ok
20:14:15.0125 1632 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
20:14:15.0171 1632 RimVSerPort - ok
20:14:15.0203 1632 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
20:14:15.0390 1632 ROOTMODEM - ok
20:14:15.0468 1632 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
20:14:15.0734 1632 RpcLocator - ok
20:14:15.0828 1632 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:14:15.0859 1632 RpcSs - ok
20:14:15.0890 1632 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:14:16.0078 1632 RSVP - ok
20:14:16.0125 1632 [ 3529828EC571FB2F64F6B142F9109993 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
20:14:16.0187 1632 RTL8023xp - ok
20:14:16.0234 1632 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:14:16.0437 1632 rtl8139 - ok
20:14:16.0468 1632 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:14:16.0640 1632 SamSs - ok
20:14:16.0703 1632 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:14:16.0921 1632 SCardSvr - ok
20:14:16.0984 1632 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:14:17.0203 1632 Schedule - ok
20:14:17.0250 1632 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:14:17.0421 1632 sdbus - ok
20:14:17.0468 1632 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:14:17.0546 1632 Secdrv - ok
20:14:17.0562 1632 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:14:17.0734 1632 seclogon - ok
20:14:17.0750 1632 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:14:17.0968 1632 SENS - ok
20:14:18.0015 1632 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:14:18.0203 1632 Serial - ok
20:14:18.0250 1632 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:14:18.0390 1632 Sfloppy - ok
20:14:18.0453 1632 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:14:18.0656 1632 SharedAccess - ok
20:14:18.0687 1632 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:14:18.0703 1632 ShellHWDetection - ok
20:14:18.0718 1632 Simbad - ok
20:14:18.0781 1632 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:14:18.0796 1632 SkypeUpdate - ok
20:14:18.0859 1632 [ 5052DBAFC8F4E4507E6AD0D467DD3529 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
20:14:18.0890 1632 snapman ( UnsignedFile.Multi.Generic ) - warning
20:14:18.0890 1632 snapman - detected UnsignedFile.Multi.Generic (1)
20:14:18.0906 1632 Sparrow - ok
20:14:18.0953 1632 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:14:19.0109 1632 splitter - ok
20:14:19.0156 1632 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:14:19.0187 1632 Spooler - ok
20:14:19.0218 1632 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:14:19.0312 1632 sr - ok
20:14:19.0359 1632 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:14:19.0437 1632 srservice - ok
20:14:19.0500 1632 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:14:19.0546 1632 Srv - ok
20:14:19.0593 1632 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:14:19.0687 1632 SSDPSRV - ok
20:14:19.0734 1632 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:14:19.0953 1632 stisvc - ok
20:14:20.0156 1632 [ A54B4FBC24C4EDE34BEB5F8D8974752A ] SvcOnlineArmor C:\Program Files\Online Armor\oasrv.exe
20:14:20.0390 1632 SvcOnlineArmor - ok
20:14:20.0437 1632 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:14:20.0625 1632 swenum - ok
20:14:20.0656 1632 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:14:20.0859 1632 swmidi - ok
20:14:20.0875 1632 SwPrv - ok
20:14:20.0906 1632 symc810 - ok
20:14:20.0921 1632 symc8xx - ok
20:14:20.0937 1632 sym_hi - ok
20:14:20.0953 1632 sym_u3 - ok
20:14:21.0015 1632 [ 0F332C0BA9B968EBC8CBB906416F8597 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:14:21.0046 1632 SynTP - ok
20:14:21.0078 1632 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:14:21.0218 1632 sysaudio - ok
20:14:21.0281 1632 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:14:21.0453 1632 SysmonLog - ok
20:14:21.0515 1632 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:14:21.0718 1632 TapiSrv - ok
20:14:21.0781 1632 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:14:21.0828 1632 Tcpip - ok
20:14:21.0875 1632 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:14:22.0031 1632 TDPIPE - ok
20:14:22.0093 1632 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:14:22.0265 1632 TDTCP - ok
20:14:22.0312 1632 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:14:22.0468 1632 TermDD - ok
20:14:22.0515 1632 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:14:22.0734 1632 TermService - ok
20:14:22.0765 1632 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:14:22.0796 1632 Themes - ok
20:14:22.0843 1632 [ E4C85C291DDB3DC5E4A2F227CA465BA6 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
20:14:22.0890 1632 tifm21 - ok
20:14:22.0921 1632 [ B84B82C0CBEB1B0D7EB7A946BADE5830 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
20:14:22.0921 1632 tifsfilter ( UnsignedFile.Multi.Generic ) - warning
20:14:22.0921 1632 tifsfilter - detected UnsignedFile.Multi.Generic (1)
20:14:22.0968 1632 [ 74711884439BDF9CCF446C79CB05FAC0 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
20:14:23.0015 1632 timounter ( UnsignedFile.Multi.Generic ) - warning
20:14:23.0015 1632 timounter - detected UnsignedFile.Multi.Generic (1)
20:14:23.0031 1632 TosIde - ok
20:14:23.0078 1632 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:14:23.0234 1632 TrkWks - ok
20:14:23.0250 1632 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:14:23.0453 1632 Udfs - ok
20:14:23.0453 1632 ultra - ok
20:14:23.0515 1632 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:14:23.0734 1632 Update - ok
20:14:23.0781 1632 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:14:23.0859 1632 upnphost - ok
20:14:23.0890 1632 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:14:24.0046 1632 UPS - ok
20:14:24.0093 1632 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:14:24.0265 1632 usbaudio - ok
20:14:24.0296 1632 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:14:24.0453 1632 usbccgp - ok
20:14:24.0468 1632 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:14:24.0640 1632 usbehci - ok
20:14:24.0687 1632 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:14:24.0875 1632 usbhub - ok
20:14:24.0921 1632 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:14:25.0078 1632 usbohci - ok
20:14:25.0109 1632 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:14:25.0265 1632 usbprint - ok
20:14:25.0312 1632 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:14:25.0484 1632 usbscan - ok
20:14:25.0515 1632 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:14:25.0703 1632 USBSTOR - ok
20:14:25.0734 1632 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:14:25.0875 1632 VgaSave - ok
20:14:25.0890 1632 ViaIde - ok
20:14:25.0953 1632 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:14:26.0125 1632 VolSnap - ok
20:14:26.0187 1632 [ F7035815C23DF5DAD8A686C1CDA20F3E ] vsc32 C:\WINDOWS\system32\DRIVERS\vsc.sys
20:14:26.0234 1632 vsc32 ( UnsignedFile.Multi.Generic ) - warning
20:14:26.0234 1632 vsc32 - detected UnsignedFile.Multi.Generic (1)
20:14:26.0296 1632 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:14:26.0375 1632 VSS - ok
20:14:26.0390 1632 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:14:26.0562 1632 W32Time - ok
20:14:26.0593 1632 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:14:26.0781 1632 Wanarp - ok
20:14:26.0828 1632 [ 56242D5BE3BFC8F2A212E6D1F9A16697 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
20:14:26.0875 1632 wceusbsh - ok
20:14:26.0953 1632 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:14:26.0984 1632 Wdf01000 - ok
20:14:27.0000 1632 WDICA - ok
20:14:27.0046 1632 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:14:27.0234 1632 wdmaud - ok
20:14:27.0250 1632 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:14:27.0453 1632 WebClient - ok
20:14:27.0531 1632 [ 473EE64C368CE2EED110376C11960259 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:14:27.0625 1632 winachsf - ok
20:14:27.0718 1632 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:14:27.0937 1632 winmgmt - ok
20:14:28.0046 1632 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:14:28.0140 1632 wlidsvc - ok
20:14:28.0156 1632 wltrysvc - ok
20:14:28.0218 1632 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:14:28.0234 1632 WmdmPmSN - ok
20:14:28.0296 1632 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:14:28.0468 1632 WmiAcpi - ok
20:14:28.0515 1632 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:14:28.0734 1632 WmiApSrv - ok
20:14:28.0859 1632 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:14:28.0921 1632 WMPNetworkSvc - ok
20:14:29.0000 1632 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:14:29.0187 1632 wscsvc - ok
20:14:29.0234 1632 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:14:29.0421 1632 wuauserv - ok
20:14:29.0468 1632 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:14:29.0484 1632 WudfPf - ok
20:14:29.0515 1632 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:14:29.0546 1632 WudfRd - ok
20:14:29.0625 1632 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:14:29.0656 1632 WudfSvc - ok
20:14:29.0718 1632 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:14:29.0984 1632 WZCSVC - ok
20:14:30.0031 1632 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:14:30.0234 1632 xmlprov - ok
20:14:30.0265 1632 ================ Scan global ===============================
20:14:30.0296 1632 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:14:30.0359 1632 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:14:30.0390 1632 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:14:30.0406 1632 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:14:30.0421 1632 [Global] - ok
20:14:30.0421 1632 ================ Scan MBR ==================================
20:14:30.0453 1632 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:14:30.0750 1632 \Device\Harddisk0\DR0 - ok
20:14:30.0750 1632 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
20:14:31.0265 1632 \Device\Harddisk1\DR2 - ok
20:14:31.0281 1632 ================ Scan VBR ==================================
20:14:31.0281 1632 [ A28339583333C22573F5164FDDB3CC2B ] \Device\Harddisk0\DR0\Partition1
20:14:31.0296 1632 \Device\Harddisk0\DR0\Partition1 - ok
20:14:31.0312 1632 [ 3F2488EA63247D81C3AC1191208176F8 ] \Device\Harddisk1\DR2\Partition1
20:14:31.0312 1632 \Device\Harddisk1\DR2\Partition1 - ok
20:14:31.0328 1632 ============================================================
20:14:31.0328 1632 Scan finished
20:14:31.0328 1632 ============================================================
20:14:31.0453 2556 Detected object count: 10
20:14:31.0453 2556 Actual detected object count: 10
20:15:39.0515 2556 AcrSch2Svc ( UnsignedFile.Multi.Generic ) - skipped by user
20:15:39.0515 2556 AcrSch2Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:15:39.0515 2556 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:15:39.0515 2556 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:15:39.0515 2556 dvd43llh ( UnsignedFile.Multi.Generic ) - skipped by user
20:15:39.0515 2556 dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:15:39.0515 2556 hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user
20:15:39.0515 2556 hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:15:39.0531 2556 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
20:15:39.0531 2556 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:15:39.0531 2556 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:15:39.0531 2556 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:15:39.0531 2556 snapman ( UnsignedFile.Multi.Generic ) - skipped by user
20:15:39.0531 2556 snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:15:39.0531 2556 tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:15:39.0531 2556 tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:15:39.0531 2556 timounter ( UnsignedFile.Multi.Generic ) - skipped by user
20:15:39.0546 2556 timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:15:39.0546 2556 vsc32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:15:39.0546 2556 vsc32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:15:50.0796 2508 Deinitialize success


Replaced MalwareBytes with the newest version. Log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.11.15

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Carl :: HOME-135978DFB9 [administrator]

10/11/2012 8:33:20 PM
mbam-log-2012-10-11 (20-33-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214293
Time elapsed: 30 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Used the Event Viewer to clear the System and Application logs. Rebooted.

Ran the Event Viewer Tool and got the two logs:

Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/10/2012 9:23:16 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/10/2012 9:24:29 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Ran OTL as instructed and got two logs:

OTL logfile created on: 10/11/2012 9:34:27 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Carl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 395.16 Mb Available Physical Memory | 38.65% Memory free
2.40 Gb Paging File | 1.90 Gb Available in Paging File | 78.91% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.63 Gb Free Space | 22.32% Space Free | Partition Type: NTFS
Drive F: | 55.89 Gb Total Space | 3.14 Gb Free Space | 5.61% Space Free | Partition Type: NTFS

Computer Name: HOME-135978DFB9 | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/11 21:32:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
PRC - [2012/10/11 10:34:31 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2012/10/02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2012/10/02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Carl\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/09/01 18:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 20:40:54 | 000,815,104 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2006/12/01 10:43:42 | 001,852,329 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2006/11/30 18:49:10 | 000,135,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/11/30 18:49:06 | 000,397,312 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/11/30 18:48:08 | 001,115,317 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/05/11 18:48:22 | 001,044,480 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\bcmntray.EXE
PRC - [2004/12/03 13:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2002/08/12 10:00:40 | 001,568,768 | ---- | M] (Scansoft, Inc.) -- C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
PRC - [2000/02/08 23:19:48 | 000,036,864 | ---- | M] (Roland) -- C:\Program Files\Roland\VSC32\vscvol.exe
PRC - [2000/02/07 03:02:44 | 000,036,864 | ---- | M] (Roland) -- C:\Program Files\Roland\VSC32\Vsc32Cnf.exe
PRC - [1998/08/24 21:18:12 | 000,027,136 | ---- | M] (Intuit) -- C:\QUICKENW\QWDLLS.EXE


========== Modules (No Company Name) ==========

MOD - [2012/10/11 17:13:12 | 001,816,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12101101\algo.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/11/30 18:47:56 | 000,045,056 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Common\rpc_client.dll
MOD - [2005/05/07 14:14:56 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\custmon2k.dll
MOD - [2002/08/12 09:21:28 | 000,006,144 | ---- | M] () -- C:\Program Files\Scansoft\PaperPort\BliceCtr.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/11 10:34:31 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2006/11/30 18:49:06 | 000,397,312 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012/10/02 15:02:34 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012/10/02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012/10/02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/10 17:45:00 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\swsetup\PCWizard\pc-wizard_2010.1.961\pcwiz_x32.sys -- (cpuz134)
DRV - [2010/05/10 20:24:07 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010/05/10 20:24:07 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/05/10 20:24:02 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2008/10/23 01:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/14 00:06:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/01/24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/03 20:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/01/12 00:13:00 | 000,346,496 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/01/12 00:12:12 | 000,037,760 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2004/12/15 15:18:30 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/11 16:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/04/14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/06/06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/04/16 09:16:58 | 000,951,284 | ---- | M] (Roland) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vsc.sys -- (vsc32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...sario&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://barrie.fusionmls.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{7D19B6E2-D977-4AA4-8823-A89D37FFE5F3}: "URL" = http://websearch.ask...0D-BB4C6DEEA136
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:1.03
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1466
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/11 13:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/24 20:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/24 20:37:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Extensions
[2012/01/24 20:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\12cgt0l3.default\extensions
[2012/01/24 20:46:35 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\12cgt0l3.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/01/24 20:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.92\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.92\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 7 U7 (Disabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Disabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\bcmntray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [vsc32cnf.exe] C:\Program Files\Roland\VSC32\Vsc32Cnf.exe (Roland)
O4 - HKLM..\Run: [vscvol.exe] C:\Program Files\Roland\VSC32\vscvol.exe (Roland)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\BILLMIND.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe (Scansoft, Inc.)
O4 - Startup: C:\Documents and Settings\Carl\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Carl\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: mlxchange.com ([barrie] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1272674739890 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://barrie.mlxcha...ol/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} http://barrie.mlxcha...trol/WebDog.cab (Cerebus Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38282288-114D-4897-ABDC-178A55AE9C9B}: DhcpNameServer = 64.71.255.198
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Amber Migration.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Amber Migration.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/30 14:36:48 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: MIDI1 - C:\WINDOWS\System32\vscapi.dll (Roland)
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: WAVE1 - C:\WINDOWS\System32\vscapi.dll (Roland)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/11 21:32:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
[2012/10/11 20:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/11 20:28:08 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/11 20:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/11 19:49:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Carl\Desktop\aswMBR.exe
[2012/10/11 19:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Application Data\OnlineArmor
[2012/10/11 19:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2012/10/11 19:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Armor
[2012/10/11 19:25:17 | 000,031,920 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2012/10/11 19:25:17 | 000,027,648 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2012/10/11 19:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2012/10/11 13:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/10/11 13:36:53 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/10/11 13:36:53 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/10/11 13:36:50 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/10/11 13:36:49 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/10/11 13:36:48 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/10/11 13:36:47 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/10/11 13:36:47 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/10/11 13:36:46 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/10/11 13:35:52 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/10/11 13:35:51 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/10/11 13:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/11 13:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/10/11 11:05:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\Sun
[2012/10/11 10:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/11 10:34:54 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/10/11 10:34:54 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/11 10:34:54 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/11 10:34:46 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/11 10:34:46 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/11 10:34:46 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/06 09:52:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\My Documents\My Kindle Content
[2012/10/06 09:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Start Menu\Programs\Amazon
[2012/10/06 09:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\Amazon
[2012/10/06 09:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012/09/30 22:11:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[2012/09/13 21:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/09/13 21:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/10 15:22:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Carl\Application Data\pcouffin.sys
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\Carl\My Documents\*.tmp files -> C:\Documents and Settings\Carl\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/11 21:32:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
[2012/10/11 21:21:09 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Carl\Desktop\VEW.exe
[2012/10/11 21:12:02 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/11 21:09:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/11 21:09:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/11 21:09:28 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/11 20:57:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/11 20:52:09 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1177238915-839522115-1004UA.job
[2012/10/11 20:28:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 19:49:49 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Carl\Desktop\aswMBR.exe
[2012/10/11 19:25:32 | 000,443,506 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/11 19:25:32 | 000,072,494 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/11 16:21:04 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D73A6A9A-E6EE-46BC-9EF9-0D1CECE340A1}.job
[2012/10/11 15:53:27 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Google Chrome.lnk
[2012/10/11 15:53:27 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/11 13:46:15 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/10/11 13:36:55 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/10/11 11:21:39 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/10/11 10:34:34 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/10/11 10:34:28 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/10/11 10:34:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/10/11 10:34:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/10/11 10:34:27 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/11 10:34:26 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/10/11 10:34:26 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/09 23:47:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/09 10:19:50 | 000,649,864 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Carl\Desktop\autoruns.exe
[2012/10/09 10:19:50 | 000,567,944 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Carl\Desktop\autorunsc.exe
[2012/10/09 10:19:50 | 000,049,648 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\autoruns.chm
[2012/10/06 09:52:14 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Kindle.lnk
[2012/10/04 18:01:20 | 000,002,652 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
[2012/10/04 10:14:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/02 21:52:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1177238915-839522115-1004Core.job
[2012/10/02 15:03:04 | 000,044,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/10/02 15:02:34 | 000,031,920 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2012/10/02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2012/10/02 15:02:32 | 000,208,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/09/30 22:11:41 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/09/26 14:08:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/09/13 21:59:13 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\Carl\My Documents\*.tmp files -> C:\Documents and Settings\Carl\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/11 21:21:09 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Carl\Desktop\VEW.exe
[2012/10/11 20:28:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 19:25:17 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2012/10/11 19:25:16 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/10/11 13:36:55 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/10/11 13:36:48 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/10/11 11:21:39 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/10/11 11:21:39 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/10/06 09:52:14 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\Kindle.lnk
[2012/09/30 22:11:41 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/05/30 12:59:26 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2012/05/30 12:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2012/05/30 12:59:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2012/05/22 14:28:47 | 000,194,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/04 13:59:10 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Carl\g2mdlhlpx.exe
[2012/02/15 11:15:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/07 22:44:10 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/12/07 22:44:10 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/08/16 14:14:25 | 000,076,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/24 17:41:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2011/04/24 17:41:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/04/24 17:41:49 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/04/24 17:41:48 | 001,212,416 | ---- | C] () -- C:\WINDOWS\System32\bcmwcfg.dll
[2011/04/24 17:41:48 | 000,950,272 | ---- | C] () -- C:\WINDOWS\System32\bcmacfg.dll
[2011/04/24 17:41:48 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\bcmctrls.dll
[2011/03/04 18:06:24 | 000,038,486 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\Comma Separated Values (DOS).ADR
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2011/01/10 15:35:07 | 000,611,840 | ---- | C] () -- C:\WINDOWS\System32\DVD43.dll
[2011/01/10 15:22:40 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\inst.exe
[2011/01/10 15:22:40 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\pcouffin.cat
[2011/01/10 15:22:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Carl\Application Data\pcouffin.inf
[2010/12/19 16:30:40 | 000,000,155 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2010/05/17 10:53:53 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\fusioncache.dat
[2010/05/09 12:40:59 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/04/30 14:31:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD800BEVE-00A0HT0
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: USB
Media Type: Fixed\thard disk media
Model: HTS54106 0G9AT00 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 75.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 56.00GB
Starting Offset: 32256
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[12 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[12 C:\*.tmp files -> C:\*.tmp -> ]

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/10/11 11:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Adobe
[2010/05/10 19:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\AdobeUM
[2012/01/07 14:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Apple Computer
[2011/03/08 20:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\AVS4YOU
[2012/10/06 14:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Canon
[2012/10/11 21:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Dropbox
[2011/01/10 15:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\dvdcss
[2011/08/01 22:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\ElevatedDiagnostics
[2012/08/16 14:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\foobar2000
[2011/01/10 15:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\GetRightToGo
[2011/08/24 16:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Google
[2010/05/17 10:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Help
[2010/08/05 09:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\HP
[2010/04/30 14:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Identities
[2010/06/04 20:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\InterVideo
[2012/06/27 21:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Intuit Canada
[2011/01/04 15:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Leadertech
[2010/04/30 16:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Macromedia
[2010/04/30 16:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Malwarebytes
[2012/10/11 11:49:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Carl\Application Data\Microsoft
[2010/05/10 20:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Microsoft Corporation
[2012/01/24 20:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Mozilla
[2012/10/11 19:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\OnlineArmor
[2012/08/06 21:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\PDFill
[2010/05/03 17:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\PPIMAGES
[2011/12/19 10:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Research In Motion
[2012/09/30 23:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Skype
[2012/07/26 09:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\skypePM
[2011/01/04 15:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Sonic
[2010/04/30 16:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Sun
[2012/09/30 22:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\TeamViewer
[2012/05/25 16:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\U3
[2012/06/03 12:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\uTorrent
[2011/01/10 15:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Vso
[2011/06/09 14:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\webex

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004/08/04 08:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2004/08/04 08:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 13:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 13:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/14 05:42:04 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2008/04/14 05:42:04 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
[2004/08/04 08:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004/08/04 08:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\$NtServicePackUninstall$\pnrpnsp.dll
[2008/04/14 05:42:04 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/14 05:42:04 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004/08/04 08:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
[2008/04/14 05:42:10 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/14 05:42:10 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/21 03:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/21 03:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/21 03:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/21 03:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/21 03:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/21 03:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/21 03:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/21 03:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/21 03:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/21 03:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/21 03:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/21 03:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >


OTL Extras logfile created on: 10/11/2012 9:34:27 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Carl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 395.16 Mb Available Physical Memory | 38.65% Memory free
2.40 Gb Paging File | 1.90 Gb Available in Paging File | 78.91% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.63 Gb Free Space | 22.32% Space Free | Partition Type: NTFS
Drive F: | 55.89 Gb Total Space | 3.14 Gb Free Space | 5.61% Space Free | Partition Type: NTFS

Computer Name: HOME-135978DFB9 | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:Connection Manager
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Documents and Settings\Carl\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Carl\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B93B3A-283F-411B-A648-69CABCACC986}" = Canon MF Drivers
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C3FCE48-6984-11D5-90F8-00E029591716}" = Brother MFL Pro Suite
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF Toolbox 4.7.0.0.mf04
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{59D1195A-7E64-4120-BB37-F053D9FD45FB}" = ODF Add-in for Microsoft Office
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72A28FB5-718C-41EC-8956-7A4FEB850A73}" = Top Producer Outlook Connector 2.0
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9242140C-E909-45B4-8315-2A3CC0786FB0}" = PDFill PDF Editor 4.1 with Writer and Tools (Unicode)
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97355297-21C8-40CD-96D3-48E58037A9B8}" = TI1620/1520
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1914265-0D07-48E0-A937-F20A76D0032D}" = Acronis True Image Home
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.9.1.0
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon Kindle" = Amazon Kindle
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BB_is1" = Band-in-a-Box Font Update
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Broadcom 802.11 Application" = Broadcom Wireless Utility
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = Data Fax SoftModem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"DesignerTool" = DesignerTool
"DVD43 Plug-in_is1" = DVD43 Plug-in v1.0.0.5
"DVD43_is1" = DVD43 v4.6.0
"DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.5
"FinePrint" = FinePrint
"foobar2000" = foobar2000 v1.1.13
"ie8" = Windows Internet Explorer 8
"InstallShield_{97355297-21C8-40CD-96D3-48E58037A9B8}" = PCI 1620 Cardbus Controller and Software
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSPUB4" = Microsoft Publisher 97
"OnlineArmor_is1" = Online Armor 6.0
"PDFill PDF Writer" = PDFill PDF Writer
"Quicken Deluxe 99" = Quicken Deluxe 99
"Security Task Manager" = Security Task Manager 1.8d
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"Top Producer Editor_is1" = Top Producer Editor
"uTorrent" = µTorrent
"VSC32" = Virtual Sound Canvas 3.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880

< End of report >


Ran Farbar Service Scanner. Log:

Farbar Service Scanner Version: 07-10-2012
Ran by Carl (administrator) on 11-10-2012 at 22:10:43
Running from "C:\Documents and Settings\Carl\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) aswTdi(8) Gpc(3) IPSec(5) NetBT(6) OAmon(11) Tcpip(4)
0x080000000500000003000000040000000B0000000800000006000000070000000A000000
IpSec Tag value is correct.

**** End of log ****


Ran ESETScan and got two logs, as instructed. First log:

C:\swsetup\Unlocker\unlocker1.9.0.exe Win32/Adware.ADON application

Second log:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a56d344fc293f84988087db1bb2efaad
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-12 04:05:29
# local_time=2012-10-12 12:05:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 76402198 76402198 0 0
# compatibility_mode=6401 16777214 66 100 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=86256
# found=1
# cleaned=0
# scan_time=6016
C:\swsetup\Unlocker\unlocker1.9.0.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I


Finally, ran BitDefender online scan. Log:

QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Fri Oct 12 00:20:19 2012
Machine ID: CC2BACCB



No infection found.
-------------------



Processes
---------
Acronis Scheduler 2 1440 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
Acronis Scheduler Helper 2560 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
Acronis True Image 2620 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
Acronis True Image 2488 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
ATI Desktop Component 1984 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ATI External Event Utility for WindowsN 868 C:\WINDOWS\system32\ati2evxx.exe
ATI External Event Utility for WindowsN 1940 C:\WINDOWS\system32\ati2evxx.exe
avast! Antivirus 1524 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
avast! Antivirus 456 C:\Program Files\AVAST Software\Avast\AvastUI.exe
Bonjour 428 C:\Program Files\Bonjour\mDNSResponder.exe
Broadcom 802.11 Network Adapter Wireles 3256 C:\WINDOWS\system32\bcmntray.EXE
Broadcom 802.11 Network Adapter Wireles 1300 C:\WINDOWS\system32\BCMWLTRY.EXE
Dropbox 2664 C:\Documents and Settings\Carl\Application Data\Dropbox\bin\Dropbox.exe
Emsisoft Online Armor 1308 C:\Program Files\Online Armor\oacat.exe
HP PML 2428 C:\WINDOWS\system32\HPZipm12.exe
hp Wireless Assistant 2292 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
hpqwmi Module 3564 C:\Program Files\HPQ\shared\hpqwmi.exe
iTunes 2348 C:\Program Files\iPod\bin\iPodService.exe
iTunes 3376 C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE 7 U7 2140 C:\Program Files\Java\jre7\bin\jqs.exe
Java™ Platform SE Auto Updater 2 0 3684 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows Live ID 2752 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Microsoft® Windows Live ID 3824 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
Microsoft® Windows® Operating System 1588 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 1604 C:\WINDOWS\system32\wscntfy.exe
MobileDeviceService 1916 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PaperPort 2416 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
Quick Launch Buttons 2076 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
QuickBooks Automatic Update 3308 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
Quicken 98 for Windows 3568 C:\QUICKENW\QWDLLS.EXE
QuickTime 3612 C:\Program Files\QuickTime\QTTask.exe
RIMBBLaunchAgent 3452 C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
SmartUI Application 3440 C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
Synaptics Pointing Device Driver 1076 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Virtual Sound Canvas 3.2 2684 C:\Program Files\Roland\VSC32\Vsc32Cnf.exe
Virtual Sound Canvas 3.2 3048 C:\Program Files\Roland\VSC32\vscvol.exe
WLTRYSVC.EXE 1288 C:\WINDOWS\system32\WLTRYSVC.EXE
(verified) Microsoft® Windows® Operating System 400 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 608 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 2136 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 700 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 688 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1164 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1064 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 984 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 944 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 896 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2608 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1708 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 3548 C:\WINDOWS\system32\wbem\wmiprvse.exe
(verified) Microsoft® Windows® Operating System 644 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 2944 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 2484 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3032 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process AvastSvc.exe (1524) connected on port 80 (HTTP) --> 77.234.40.54
Process iexplore.exe (2484) connected on port 80 (HTTP) --> 23.60.127.139
Process iexplore.exe (2484) connected on port 80 (HTTP) --> 74.125.226.72
Process iexplore.exe (2484) connected on port 80 (HTTP) --> 66.235.142.2
Process Dropbox.exe (2664) connected on port 80 (HTTP) --> 199.47.219.150

Process svchost.exe (944) listens on ports: 135 (RPC)
Process spoolsv.exe (1588) listens on ports: 47544
Process Dropbox.exe (2664) listens on ports: 17500


Autoruns and critical files
---------------------------
Acronis Scheduler Helper C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
Acronis True Image C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
Acronis True Image C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
ATI Desktop Component C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ATI External Event Utility for NT, W2K C:\WINDOWS\system32\Ati2evxx.dll
avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
Broadcom 802.11 Network Adapter Wireles C:\WINDOWS\system32\bcmntray.EXE
Dropbox C:\Documents and Settings\Carl\Application Data\Dropbox\bin\Dropbox.exe
DVDCheck Application C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
Emsisoft Online Armor C:\Program Files\Online Armor\oaevent.dll
Emsisoft Online Armor C:\Program Files\Online Armor\OAui.exe
hp Wireless Assistant C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
PaperPort C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
Quick Launch Buttons C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
QuickBooks Automatic Update C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
Quicken 98 for Windows C:\QUICKENW\QWDLLS.EXE
Quicken 99 for Windows C:\QUICKENW\BILLMIND.EXE
QuickTime C:\Program Files\QuickTime\QTTask.exe
RIMBBLaunchAgent C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
Sonic Update Manager C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPStart.exe
Virtual Sound Canvas 3.2 C:\Program Files\Roland\VSC32\Vsc32Cnf.exe
Virtual Sound Canvas 3.2 C:\Program Files\Roland\VSC32\vscvol.exe
新注音 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
(verified) Google Update C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Microsoft IME 2002 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
atcliun C:\WINDOWS\Downloaded Program Files\atcliun.exe
avast! Antivirus C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Download PDF Files C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe
Geac ReView ActiveX Control Module C:\WINDOWS\Downloaded Program Files\GeacRevw.ocx
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
Google Update C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
Hewlett-Packard Online Support Services C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll
HPDEXAXO C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll
Java Deployment Toolkit 7.0.70.11 C:\WINDOWS\system32\npDeployJava1.dll
Java™ Platform SE 7 U7 C:\Program Files\Java\jre7\bin\jp2ssv.dll
Java™ Platform SE 7 U7 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
Java™ Platform SE 7 U7 C:\Program Files\Java\jre7\bin\ssv.dll
LMIGuardianDll C:\WINDOWS\Downloaded Program Files\LMIGuardianDll.dll
LMIGuardianEvt C:\WINDOWS\Downloaded Program Files\LMIGuardianEvt.dll
LMIGuardianSvc C:\WINDOWS\Downloaded Program Files\LMIGuardian.exe
LMIProxyHelper.exe C:\WINDOWS\Downloaded Program Files\LMIProxyHelper.exe
LogMeIn, Inc. Remote Access Components C:\WINDOWS\Downloaded Program Files\avutil-51.dll
LogMeIn, Inc. Remote Access Components C:\WINDOWS\Downloaded Program Files\swscale-2.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows Live ID C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
NICEClient Module C:\WINDOWS\Downloaded Program Files\NICEClient.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
NPWebSLLauncher.dll C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
Quicken 99 for Windows C:\Program Files\Internet Explorer\plugins\NPIPA32S.DLL
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7.2 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
RACtrl.dll C:\WINDOWS\Downloaded Program Files\RACtrl.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
WebEx Download Module C:\WINDOWS\Downloaded Program Files\ieatgpc.dll
Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


Missing files
-------------
File not found: C:\Program Files\Unlocker\UnlockerAssistant.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"UnlockerAssistant"


Scan
----
MD5: 51464b6c373cd07e7d4a6cc9294ed67c C:\Documents and Settings\Carl\Application Data\Dropbox\bin\Dropbox.exe
MD5: 6d74290856347cf8682277a54b433d4b C:\Documents and Settings\Carl\Application Data\Dropbox\bin\DropboxExt.14.dll
MD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Documents and Settings\Carl\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
MD5: 6967bb5fe689ba4b1ddf5d3a1b089b16 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
MD5: d1f5888200266a102b3a02b68f3564f5 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
MD5: 84cbd6f6aa7ee399fbdc265b8ea64474 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: e66c464bd44819419fd06be53808b502 C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll
MD5: b3c8bd20ff23c2cf8c12df787eb3d95f C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll
MD5: 6a9834bf17482ff089c62d12bc09985f C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MD5: e66808be541b0e7b153b82864e7cc87c C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU
MD5: 4cc47e4fea86625fd5419d864e6a16d1 C:\Program Files\AVAST Software\Avast\1033\Base.dll
MD5: 6dbfcd6270bc91eaee1ccdfcb02e4378 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll
MD5: 3a2cf698443ead2c14cf528b4f2a51a0 C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MD5: c5dbd35cf4eb0cb8e72a7b6da2edea51 C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MD5: 44df3797cd24300ba70d94d61a0ddd4b C:\Program Files\AVAST Software\Avast\AhAScr.dll
MD5: 545de96d552aedcde95d1c86bdc9b95b C:\Program Files\AVAST Software\Avast\AhResBhv.dll
MD5: d7bf4e050440cf0b7b2a2596f0f370f3 C:\Program Files\AVAST Software\Avast\AhResJs.dll
MD5: 37dad7ca011038616e067c8f62029fd0 C:\Program Files\AVAST Software\Avast\AhResMai.dll
MD5: 8122ee05f327ef470670e2cddffeb929 C:\Program Files\AVAST Software\Avast\AhResMes.dll
MD5: effa04908678ef527ea32b2e2ee6ec93 C:\Program Files\AVAST Software\Avast\AhResNS.dll
MD5: a5905c582c88ae8d56834ce4a3627fd1 C:\Program Files\AVAST Software\Avast\AhResP2P.dll
MD5: 9207f1a1440eaf18be0d0c1d487e4f02 C:\Program Files\AVAST Software\Avast\AhResStd.dll
MD5: 4509d54df9276534ac433f80e8392206 C:\Program Files\AVAST Software\Avast\AhResWS.dll
MD5: 1d716eb7bcc07f5b1ef442b13a5fddfe C:\Program Files\AVAST Software\Avast\ashBase.dll
MD5: 7e118d66ecaccf3299f732ed0f3ce467 C:\Program Files\AVAST Software\Avast\ashServ.dll
MD5: c98fac19a0ffa2a65f2bd73fa2d9d693 C:\Program Files\AVAST Software\Avast\ashShell.dll
MD5: dea2847bfcd2bcce777c27db47a69eb8 C:\Program Files\AVAST Software\Avast\ashTask.dll
MD5: 2566c94919f8f46215e38f3357011ebf C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MD5: d77b93504cafe32d9051a241bdc21b33 C:\Program Files\AVAST Software\Avast\aswAra.dll
MD5: 3c1513365eff8d185c5bb2bdebbe5d3a C:\Program Files\AVAST Software\Avast\aswAux.dll
MD5: 46856447f0ebf2f7b2473660b056b419 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MD5: 061e11a56cdcab73188e216280c05d66 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MD5: 3c1ee2fffcbef877934efdf3a5c3bcb1 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MD5: a4865dd58110a6455921d9b4f2d6d991 C:\Program Files\AVAST Software\Avast\aswData.dll
MD5: 0f84219e9fc89d4fec963f78e4983e0b C:\Program Files\AVAST Software\Avast\aswDld.dll
MD5: 42a6dc8b861ef5bd6af8dc2cbd7df321 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MD5: 35bd2aabe21e86d760d4fb93225d8bb4 C:\Program Files\AVAST Software\Avast\aswIdle.dll
MD5: c97002a83722ad37a37a35cde3ff3ffa C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
MD5: 3079f9345ed39d0e9da1d5e8cc407235 C:\Program Files\AVAST Software\Avast\aswLog.dll
MD5: 662e62f776a508ca4c997f7da8007769 C:\Program Files\AVAST Software\Avast\aswProperty.dll
MD5: 1d445e0fd43be0f81c07dffbf6ab92ec C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MD5: 3b3ad17faaa838cc0368f0947b5d43db C:\Program Files\AVAST Software\Avast\aswStrm.dll
MD5: 28f9344a4adfe21d1be8d05b2529df4a C:\Program Files\AVAST Software\Avast\aswUtil.dll
MD5: 69985f4660a5e6ce99a603e492011d2f C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
MD5: b174de0de6c9aa8affd3b926653e625f C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
MD5: 04ac21e821f259845bd7367cee057290 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: bad0d303ef0a519409c625738f3e10a3 C:\Program Files\AVAST Software\Avast\AvastUI.exe
MD5: c678f64dc988a4aacecddb459fdb7a25 C:\Program Files\AVAST Software\Avast\CommonRes.dll
MD5: 839be94fd89ee545a900de8454c6e07d C:\Program Files\AVAST Software\Avast\defs\12101101\algo.dll
MD5: aa11564cf8c3a8c70d707135264703a8 C:\Program Files\AVAST Software\Avast\defs\12101101\aswCmnBS.dll
MD5: 2935740e9e6b71c6d28cda78e2ecdabd C:\Program Files\AVAST Software\Avast\defs\12101101\aswCmnIS.dll
MD5: 9ab833956eb46ba28fae9611569ab921 C:\Program Files\AVAST Software\Avast\defs\12101101\aswCmnOS.dll
MD5: 1869c1a8abb6d3e0b7fa81ee4346dc14 C:\Program Files\AVAST Software\Avast\defs\12101101\aswEngin.dll
MD5: 6f870133450801aaaf72aab95ab58f95 C:\Program Files\AVAST Software\Avast\defs\12101101\aswFiDb.dll
MD5: 9ae6fe1cbc6d3654d1be931b331176ec C:\Program Files\AVAST Software\Avast\defs\12101101\aswRep.dll
MD5: 45551558282528dd5ad76606d51e6f09 C:\Program Files\AVAST Software\Avast\defs\12101101\aswScan.dll
MD5: 695106df3c15a9ea30069cceceec2b66 C:\Program Files\AVAST Software\Avast\defs\12101101\uiExt.dll
MD5: 2b460ca1ac9a2249c92e54e39a8acf42 C:\Program Files\AVAST Software\Avast\snxhk.dll
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe
MD5: af327fd79ae84b67003cc65a2d7a9534 C:\Program Files\Common Files\Acronis\Common\rpc_client.dll
MD5: 4207ce28bfa4c6443ead3e650c938498 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
MD5: 09951dd226e17a62fed1178404846d02 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
MD5: 6cd44651413ce8f6f8a66760b027d23c C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: ba0ed7aa3c36a8da27ded1d6b3508158 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: 280d33db8697fdef8ccf2b9eef9ea5cb C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: b63e5c7807334a3a8f731062f15462cc C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 605c6370240fc79cadbcd34960a741d2 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
MD5: 35ac4b63cbb9fb6b4472913e9948b517 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: ba02f01be7ed88e8974c798acb3075f5 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: 5d76c8cc87d0efbe0b4a3bef6b67ebf0 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 67b539d844f804ebac7a1e3828fde709 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 3bde52411df2fe4252c9289f51cb0f7e C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 5e33c164dc7fa74728d8a83036c438bb C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 32d78dcabfb942275e01363d5232c77d C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 2dedc3afe3c49b5dae717d0a9bebf298 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: f5dd097058c147cde4c5aa476b2f3f2c C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll
MD5: 82ae62c028e3891a9f916a2ebcebe451 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgMgrps.dll
MD5: 5a95d6fd0d4c2f9da2409a19cf15c3cb C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBMsgRequestMgr.dll
MD5: 61d6d25088621dd783e23fcad891c756 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBUChannel.dll
MD5: 28957d38b5b769c2ed64795ff8c968ce C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
MD5: b5c7aee98577e442849b7cf1100bfa1c C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\SendError.dll
MD5: 58c48b7039f902a1d3925a94f9a93fd0 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\stlport_vc746.dll
MD5: 12916e0642e92561c98b18a2a2d01b14 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: fb4c7b747d17882f8c5e3644cf07012f C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
MD5: 5eb87ba0b93ca7e894fc8002e3ce4c2a C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
MD5: 76ca0cd601b068dfd028683b7d2ba365 C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
MD5: 58c336b8d6744f7e7b895748f3c92cea C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MD5: 22fd4e58d69969a9165721c797d54931 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
MD5: 751ee920d6811584e5b1f0b153a5a4e2 C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
MD5: 70afb763fbbd9725b753184253d323cb C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
MD5: eb064a80cc5c4d6ed9f1992830d3226b C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL
MD5: c81a184bc726ca2541c75483e40265c2 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
MD5: 16ba2e5ac0b9a71ba44dcca8e67a94f3 C:\Program Files\HPQ\Quick Launch Buttons\HPQPRES.DLL
MD5: 61556fa814f907bced618b64da66212a C:\Program Files\HPQ\shared\hpqwmi.exe
MD5: 028fd0e10b2248c75f07e2fec2562e2e C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 75abd8046a91ddf6c4bba9ec552e13f4 C:\Program Files\Internet Explorer\plugins\NPIPA32S.DLL
MD5: 0a7b01235b1cbfa387b04a91e2f2b7d0 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: c0ed6e0f33ac13dccd339a1480a308f3 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: c0ed6e0f33ac13dccd339a1480a308f3 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: c0ed6e0f33ac13dccd339a1480a308f3 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: c0ed6e0f33ac13dccd339a1480a308f3 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: c0ed6e0f33ac13dccd339a1480a308f3 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: c0ed6e0f33ac13dccd339a1480a308f3 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: c0ed6e0f33ac13dccd339a1480a308f3 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: bc95b80d8699f3ecccc467bff97fd9a4 C:\Program Files\Internet Explorer\xpshims.dll
MD5: 54339984fd1de5495563d751ecf350a9 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
MD5: 178fe38b7740f598391eb2f51ae4ccac C:\Program Files\iPod\bin\iPodService.exe
MD5: 7732270d44bb0f8c3111848f9e1a0b53 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
MD5: b8a7305083996a333089119e63c29d51 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
MD5: bbf53397690ba8931c21352d246c744c C:\Program Files\iTunes\iTunesHelper.dll
MD5: 444eb38a256be60f2013488c49d2ab3f C:\Program Files\iTunes\iTunesHelper.exe
MD5: f70af9eb44cc52c2da23ba23a69ae977 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: ca4674baeb26baee4e54ae588c2c74fb C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: 87e063f1e676c99b6c1c047794deb115 C:\Program Files\Java\jre7\bin\jp2ssv.dll
MD5: a12175f063302cd68f8fc6d572d7e5fd C:\Program Files\Java\jre7\bin\jqs.exe
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Java\jre7\bin\MSVCR100.dll
MD5: 632f5b29e8c27631e7ac76e330fe2980 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
MD5: a8ea3f37f4f31e620383f40526e723fe C:\Program Files\Java\jre7\bin\ssv.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 9013599b12923a45c029c34e8d2211ac c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
MD5: 1a008cbb313f7a6644b883ae1829393b C:\Program Files\Online Armor\oacat.exe
MD5: e43911a8c5fe61cf9cf17faff404a17a C:\Program Files\Online Armor\oaevent.dll
MD5: a54b4fbc24c4ede34beb5f8d8974752a C:\Program Files\Online Armor\oasrv.exe
MD5: 0aefdadcda44d8ce3c57bb32b7a3ced5 C:\Program Files\Online Armor\OAui.exe
MD5: b96bec4b15f353ea25b173120662ea61 C:\Program Files\Online Armor\OAwatch.dll
MD5: aac11c63106b5d92631d5892315c975b C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe
MD5: 916a2c4eb028604783fd5ea169236c1d C:\Program Files\QuickTime\QTTask.exe
MD5: 939e091564a2d1df9fc185909e0e0592 C:\Program Files\Roland\VSC32\Vsc32Cnf.exe
MD5: bb15e7ac61895a9d9aa107a3be5f1612 C:\Program Files\Roland\VSC32\vscvol.exe
MD5: 1bf96a5ed033719387c50008b70d0d80 C:\Program Files\Scansoft\PaperPort\blicectr.dll
MD5: ccdc00f353963e9e7dd839817b89d593 C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
MD5: 80f90a0f0b293c276a5235ce334088a7 C:\Program Files\Scansoft\PaperPort\SmartUI\psom.dll
MD5: 7893e209a13b52651560fab999614ff2 C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
MD5: f07af60b152221472fbdb2fecec4896d C:\Program Files\Skype\Updater\Updater.exe
MD5: cf76682825ba63d4527de57da469d325 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: ab349998e551de1c0dcc5ad63ce41d31 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
MD5: a3418e4d4a5ee636d44922dc2567fa18 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
MD5: c7160fe5db910734b5c525b771b2fa0f C:\QUICKENW\BILLMIND.EXE
MD5: f9f23f028fe0bb26a71cfaf98117fcf8 C:\QUICKENW\INET\COMMON\SYSTEM\excite.dll
MD5: 45fc28ade3ea135d2138b3ca6617df27 C:\QUICKENW\LFCMP70N.DLL
MD5: 13787615e10a4757f555c37326ad0e9f C:\QUICKENW\LTFIL70N.DLL
MD5: 46f06ce18b280b88f84cc9fd06e784ad C:\QUICKENW\LTKRN70N.dll
MD5: 0f68d1e8d4e93e9c83e97470c7b1d30b C:\QUICKENW\ONLNCALL.dll
MD5: 0c9af60868fc373604c2cf4b1ed1355e C:\QUICKENW\QACCES32.DLL
MD5: bfa6de8cd999894c0d98d33e41032d98 C:\QUICKENW\QDB.dll
MD5: 1886576897947393425ce5f268c171c1 C:\QUICKENW\qdbbase.dll
MD5: 4cf0340064bdf2ebf08e6fe86e88f422 C:\QUICKENW\QVERSION.dll
MD5: 50303f9068f231fcf1983f9ef6bcdcb7 C:\QUICKENW\QWDLLS.EXE
MD5: 08ce4262c7c386062593a662fae2a5a8 C:\QUICKENW\QWENC.dll
MD5: 87fdd3ba711c8dde7bcdc1bcbb6761f0 C:\QUICKENW\QWRMND.DLL
MD5: 24016cabfc21b462130db0983fbc0ae0 C:\QUICKENW\QWUTIL7.dll
MD5: 96221a7c40996e0d2ff1f43d82040216 C:\QUICKENW\QWWIN.DLL
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 77e6673a112c98f99ef44776f4de2e4d C:\WINDOWS\AppPatch\AcLayers.DLL
MD5: 1b773bc7fb903eb95dfb51943079491d C:\WINDOWS\Downloaded Program Files\atcliun.exe
MD5: 09561c776803b43bc3ea65241dad578a C:\WINDOWS\Downloaded Program Files\avutil-51.dll
MD5: 1c68d0ba06a143bbad9da8cc460caa95 C:\WINDOWS\Downloaded Program Files\GeacRevw.ocx
MD5: cde357cd3fc047f5c7d8b8345b6a42bf C:\WINDOWS\Downloaded Program Files\HPDEXAXO.dll
MD5: 50c0949e6219214df11d7519e5052c3b C:\WINDOWS\Downloaded Program Files\HPISDataManager.dll
MD5: 88171510eeb371cd063de0879fabb84f C:\WINDOWS\Downloaded Program Files\ieatgpc.dll
MD5: 8ddb1dc9b41b152e2c01e6cc6b26e684 C:\WINDOWS\Downloaded Program Files\LMIGuardian.exe
MD5: a02a4fde3191f652857d9c087c6c12a9 C:\WINDOWS\Downloaded Program Files\LMIGuardianDll.dll
MD5: 990ed734254b1d43884bd4a856e75b2e C:\WINDOWS\Downloaded Program Files\LMIGuardianEvt.dll
MD5: 2715012b6615d3bbd3eb45cb6aeb57f3 C:\WINDOWS\Downloaded Program Files\NICEClient.dll
MD5: 56940b50ab0e5923822f47b0e4463885 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: da90c98f231e25fd87d7984a6831f8ae C:\WINDOWS\Downloaded Program Files\RACtrl.dll
MD5: 190040d02e6b16047d63e3bebb2e174c C:\WINDOWS\Downloaded Program Files\swscale-2.dll
MD5: 219af0f9a54ebeeb3e7e20025d801034 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll
MD5: ea3af33a9341b88d23fdc20d6ec826fe c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll
MD5: 1c88cf5977c016a37bfac1178daa7822 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 36ba8022693af7e967359ff3f97531d7 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll
MD5: 327de7a9766cc9aa302c8d7f3925c8ce c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 82519dcb6f4f0c346f393911cf892e16 C:\WINDOWS\System32\AegisE5.dll
MD5: 8bcd3a1aff14feafe8466aaec7fc900c C:\WINDOWS\system32\Ati2edxx.dll
MD5: 7fb0a47ea30dd0c4d614accf9e87c0d0 C:\WINDOWS\system32\Ati2evxx.dll
MD5: abc57a6f6070baf9786c318f59f29f0b C:\WINDOWS\system32\ati2evxx.exe
MD5: 5a4557451d70524f78200d63d7bb0f6b C:\WINDOWS\system32\bcmntray.EXE
MD5: 2f6688ad4d722af6b40761fc8fc8f63c C:\WINDOWS\system32\BCMWLTRY.EXE
MD5: cfd4e51402da9838b5a04ae680af54a0 c:\windows\system32\browser.dll
MD5: 7f264ba2145c56eeb7b81ea8badd3d4f C:\WINDOWS\system32\CNARLMNT.DLL
MD5: 4fc7917656395df2f171a99dfb141a16 C:\WINDOWS\system32\CNCF2Lm.DLL
MD5: aa584a3112d129fe7ed2356efbb28a8f C:\WINDOWS\system32\CNMLMA7.DLL
MD5: 8adc2947ff8ef5a7b7d0409702069273 C:\WINDOWS\system32\CNMNPPM.DLL
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: 6bee5d4eff0a0341bcc4a462d81ccfc1 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: d5f2ea37664ea5a75bff95246861beee C:\WINDOWS\system32\custmon2k.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: b1762156256b0238c21baa4c06cef727 C:\WINDOWS\system32\DEVMGR.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: aa0507f0516a4dff1b1279ab4a2abb37 C:\WINDOWS\system32\DINPUT8.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 062373995eae5f0eac9eaa9192136bfb C:\WINDOWS\system32\dnssd.dll
MD5: 2c5c22990156a1063e19ad162191dc1d C:\WINDOWS\system32\DRIVERS\AegisP.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: a2d5f093f9cb160c183c77015704f156 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
MD5: 03621f7f968ff63713943405deb777f9 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: 37f385a93c620cbe0f89c17e45f697a1 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
MD5: 4ba311473e0d8557827e6f2fe33a8095 C:\WINDOWS\System32\Drivers\Brfilt.sys
MD5: 8e06cd96e00472c03770a697d04031c0 C:\WINDOWS\System32\Drivers\BrSerWdm.sys
MD5: 37e2d0b12ddf536cd64af6eb3b580ef8 C:\WINDOWS\System32\Drivers\BrUsbMdm.sys
MD5: 1c5f014048e5b2748c1a8ad297c50b6f C:\WINDOWS\System32\Drivers\BrUsbScn.sys
MD5: 23913c28ac89875bbfa03bccdc3a41e5 C:\WINDOWS\system32\drivers\camc6aud.sys
MD5: e6edb12a44dafcef05dbddf3ed652388 C:\WINDOWS\system32\drivers\camc6hal.sys
MD5: 1fc1eed3ea0c3a0ecf8a95b97e1b4831 C:\WINDOWS\System32\DRIVERS\dvd43llh.sys
MD5: 81b7808d3b5892388f33273119c2dc31 C:\WINDOWS\system32\drivers\EABFiltr.sys
MD5: 1ba14da377b66278335d4b9e8824cd42 C:\WINDOWS\system32\drivers\eabusb.sys
MD5: 30ca91e657cede2f95359d6ef186f650 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
MD5: efd31afa752aa7c7bbb57bcbe2b01c78 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
MD5: 7ac43c38ca8fd7ed0b0a4466f753e06e C:\WINDOWS\system32\DRIVERS\HPZius12.sys
MD5: 473ee64c368ce2eed110376c11960259 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
MD5: dfa8f86c0dbca7db948043aa3be6793b C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
MD5: 13d4b70bf2f9bc550e9079da864d3ec1 C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
MD5: 3c318b9cd391371bed62126581ee9961 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
MD5: a7da20ab18a1bdae28b0f349e57da0d1 C:\WINDOWS\system32\DRIVERS\mf.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: c0ba927c3a1a62f2bf664f242d91c082 C:\WINDOWS\system32\drivers\OADriver.sys
MD5: c968369e2bc5f6a8426c1e7d78e33f1b C:\WINDOWS\system32\drivers\oahlp32.sys
MD5: 04e7e92cd91e61e0cc1bdf849032ad81 C:\WINDOWS\system32\drivers\OAmon.sys
MD5: f3250d94bee44a0d00939f10830b3563 C:\WINDOWS\system32\drivers\OAnet.sys
MD5: 30cbae0a34359f1cd19d1576245149ed C:\WINDOWS\System32\Drivers\PxHelp20.sys
MD5: 3a5633ad615e2b15291bd0b1b97ccd8a C:\WINDOWS\system32\DRIVERS\RimSerial.sys
MD5: 4f4a4c09cc5be58a76cac1c337e004e6 C:\WINDOWS\System32\Drivers\RimUsb.sys
MD5: 3529828ec571fb2f64f6b142f9109993 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
MD5: 5052dbafc8f4e4507e6ad0d467dd3529 C:\WINDOWS\system32\DRIVERS\snapman.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 0f332c0ba9b968ebc8cbb906416f8597 C:\WINDOWS\system32\DRIVERS\SynTP.sys
MD5: e4c85c291ddb3dc5e4a2f227ca465ba6 C:\WINDOWS\system32\drivers\tifm21.sys
MD5: b84b82c0cbeb1b0d7eb7a946bade5830 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
MD5: 74711884439bdf9ccf446c79cb05fac0 C:\WINDOWS\system32\DRIVERS\timntr.sys
MD5: f7035815c23df5dad8a686c1cda20f3e C:\WINDOWS\system32\DRIVERS\vsc.sys
MD5: 56242d5be3bfc8f2a212e6d1f9a16697 C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: 06f6ee9bb3e128f5b686d9f1a2d649b7 C:\WINDOWS\system32\fpmon5.dll
MD5: 985f5979a3737bfaeb97a7d5858fa4d5 C:\WINDOWS\system32\fpres532.dll
MD5: adbb61bf0b9c97de818090738ec71e57 C:\WINDOWS\system32\hptcpmib.dll
MD5: 4e460240cb29778f5f8c1feb38806679 C:\WINDOWS\system32\HpTcpMon.dll
MD5: e2a611081dc6d6a13ad3a9dd2f291f30 C:\WINDOWS\system32\HPTcpMUI.dll
MD5: fdb859f93c8491f961c3b9168fa90f51 C:\WINDOWS\system32\hpz3l054.dll
MD5: d31f88c5f19eefa366a415d6bc5f2abc C:\WINDOWS\system32\HPZipm12.exe
MD5: ee142789631138c42112b5b757dde6a9 C:\WINDOWS\system32\hpzjrd01.dll
MD5: d573deb87cb2df4e5116d2a4e284eab4 C:\WINDOWS\system32\ieframe.dll
MD5: ff5dc0e7b0fb876523751bc39b0ffc9f C:\WINDOWS\system32\iepeers.dll
MD5: 0579cc3b95edd1ce664a35e016f3dd58 C:\WINDOWS\system32\iertutil.dll
MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
MD5: 7ef7d22a23d5e8a20f2361ecaa77a26e C:\WINDOWS\system32\InetClnt.dll
MD5: e4ce951351eec584c177418776b24224 C:\WINDOWS\system32\IPROF32.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: 5677dfe438ec1f009273fc84feed6b10 C:\WINDOWS\system32\localspl.dll
MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: c7d41058eeb57f425fbd1585f9de71c4 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_265.ocx
MD5: de3745a51b7ac7fedc356a83f76c8023 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\System32\MFC42.DLL
MD5: f6f2bfc17069eb335acceef7595f9302 C:\WINDOWS\System32\mfc42u.dll
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\MFC71.DLL
MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll
MD5: c5648be5409e0aabda8c9047bac8f603 C:\WINDOWS\system32\msadp32.acm
MD5: 7473fecbcc12090389df7c60191ec09f C:\WINDOWS\system32\msfeeds.dll
MD5: df3c3ca94cbc9de07ac3eb49440a8d45 C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: 29bd913d8fd1feb6728dc9b43b55c1d2 C:\WINDOWS\system32\MSRATING.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: acfee2392503dd5e457363a0510b8bcb C:\WINDOWS\system32\msxml3.dll
MD5: cac752bf84db4666ed3ce0948e6ea937 C:\WINDOWS\system32\NETAPI32.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll
MD5: ab87c54ca19675880b0cae65b8af140c C:\WINDOWS\system32\npDeployJava1.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: 0c22278be781620b0aa2f0c85c981773 C:\WINDOWS\system32\Q_ENCLIB.DLL
MD5: 88edfc806322a1707f7aa4ae950daa5e C:\WINDOWS\system32\Q_ENCUTL.DLL
MD5: 87b45e02b60b09fd420b82e9aad06a5b C:\WINDOWS\system32\relog_ap.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS\system32\schannel.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: c5a288e4ceef5a26d105117baa3763ab C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
MD5: c5f00d15aa15cb7f55a027ff75e44bb7 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
MD5: 4b410e9dbc93846d2e6c9ebde8304845 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp054.dll
MD5: 091baf6a902261f235b734defe0473ec C:\WINDOWS\System32\spool\PRTPROCS\W32X86\ppbipr.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll
MD5: d9dc6bf7dfc07bd4b76c34412c550f16 C:\WINDOWS\system32\SynCOM.dll
MD5: a895c257ddcc405c2f89117b65ce1251 C:\WINDOWS\system32\SynTPAPI.dll
MD5: 5c4adb808b54126c1ed2fba0eae06c63 C:\WINDOWS\system32\upnpui.dll
MD5: 9371862d37e8f0af21e4dea95e867c39 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: eb2f1cd6c50b6f9f7048f556fd367e9d C:\WINDOWS\system32\vscapi.dll
MD5: 960f6d3cd9a1ba6435d7aadd102b297f C:\WINDOWS\system32\wbem\wmiprov.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll
MD5: ff1c14bca1a797ce45dd359fa2c9eda8 C:\WINDOWS\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll
MD5: d458b738b4c2ce33174cfb2ce12412db C:\WINDOWS\system32\WINTRUST.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 5185047fa6fc614f4770b5eacceaa8d8 C:\WINDOWS\System32\wltrynt.dll
MD5: 05457d93e41ebbfb47bcb1b897836855 C:\WINDOWS\system32\WLTRYSVC.EXE
MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe
MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll
MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\MFC90ENU.DLL
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 1.32 KB recvd
Scanned 750 files and modules - 71 seconds

==============================================================================
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
File not found (No name found) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found

:files
C:\1754 rabinowitz\swsetup\MusicMatch Jukebox\mmsetup_10002058b_CNET.exe
C:\swsetup\KB934428\WindowsXP-KB934428-v3-x86-ENU.exe
C:\WINDOWS\SoftwareDistribution\Download\b8bbc23bc34bb0dbd64afcad0544484e
    
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Not sure what happened with aswMBR and CombofFix. Perhaps Avast tried to put them in the sandbox.


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Then run try to run them again.
  • 0

#5
Home Bass

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Ron,

I know I was up late last night and, unless you're in a different time zone than I am here in Ontario, Canada, it looks like you were, too.

Ran OTL, as specified, but the log files do not appear to have been created for some reason so I cannot attach anything.

Ran aswMBR, log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-12 10:23:54
-----------------------------
10:23:54.875 OS Version: Windows 5.1.2600 Service Pack 3
10:23:54.875 Number of processors: 1 586 0xF00
10:23:54.875 ComputerName: HOME-135978DFB9 UserName: Carl
10:23:55.218 Initialize success
10:23:56.265 AVAST engine defs: 12101200
10:24:22.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:24:22.531 Disk 0 Vendor: WDC_WD800BEVE-00A0HT0 11.01A11 Size: 76319MB BusType: 3
10:24:22.562 Disk 0 MBR read successfully
10:24:22.578 Disk 0 MBR scan
10:24:22.578 Disk 0 Windows XP default MBR code
10:24:22.593 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
10:24:22.609 Disk 0 scanning sectors +156280320
10:24:22.703 Disk 0 scanning C:\WINDOWS\system32\drivers
10:24:37.593 Service scanning
10:24:57.078 Modules scanning
10:25:05.546 AVAST engine scan C:\WINDOWS
10:25:25.703 AVAST engine scan C:\WINDOWS\system32
10:28:36.281 AVAST engine scan C:\WINDOWS\system32\drivers
10:28:55.328 AVAST engine scan C:\Documents and Settings\Carl
10:54:12.531 AVAST engine scan C:\Documents and Settings\All Users
10:55:37.718 Scan finished successfully
10:56:10.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Carl\Desktop\MBR.dat"
10:56:10.453 The log file has been saved successfully to "C:\Documents and Settings\Carl\Desktop\aswMBR.txt"


And ran ComboFix, log:

ComboFix 12-10-12.01 - Carl 10/12/2012 11:03:13.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.518 [GMT -4:00]
Running from: c:\documents and settings\Carl\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Carl\Application Data\inst.exe
c:\documents and settings\Carl\g2mdlhlpx.exe
c:\documents and settings\Carl\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Carl\My Documents\~WRD0828.tmp
c:\documents and settings\Carl\WINDOWS
C:\Install.exe
C:\VDM16.tmp
C:\VDM17.tmp
C:\VDM1A.tmp
C:\VDM1B.tmp
C:\VDM1E.tmp
C:\VDM1F.tmp
C:\VDM6.tmp
C:\VDM7.tmp
C:\VDMA.tmp
C:\VDMB.tmp
C:\VDME.tmp
C:\VDMF.tmp
c:\windows\system32\bszip.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\SET1B3.tmp
c:\windows\system32\SET1B5.tmp
c:\windows\system32\SET1C4.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-12 14:09 . 2012-10-12 14:09 -------- d-----w- C:\_OTL
2012-10-12 04:20 . 2012-10-12 04:22 -------- d-----w- c:\documents and settings\Carl\Application Data\QuickScan
2012-10-12 02:15 . 2012-10-12 02:15 -------- d-----w- c:\program files\ESET
2012-10-12 00:28 . 2012-10-12 00:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-12 00:28 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-11 23:25 . 2012-10-11 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2012-10-11 23:25 . 2012-10-11 23:25 -------- d-----w- c:\documents and settings\Carl\Application Data\OnlineArmor
2012-10-11 23:25 . 2012-10-02 19:03 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2012-10-11 23:25 . 2012-10-02 19:02 31920 ----a-w- c:\windows\system32\drivers\OAnet.sys
2012-10-11 23:25 . 2012-10-02 19:02 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys
2012-10-11 23:25 . 2012-10-02 19:02 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys
2012-10-11 23:25 . 2012-10-12 00:09 -------- d-----w- c:\program files\Online Armor
2012-10-11 17:36 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-11 17:36 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-11 17:36 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-11 17:36 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-11 17:36 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-11 17:36 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-11 17:36 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-11 17:36 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-11 17:35 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-11 17:35 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-11 17:35 . 2012-10-11 17:35 -------- d-----w- c:\program files\AVAST Software
2012-10-11 17:35 . 2012-10-11 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-10-11 15:05 . 2012-10-11 15:05 -------- d-----w- c:\documents and settings\Carl\Local Settings\Application Data\Sun
2012-10-11 14:36 . 2012-10-11 14:36 -------- d-----w- c:\program files\Common Files\Java
2012-10-11 14:34 . 2012-10-11 14:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-11 14:34 . 2012-10-11 14:34 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-11 14:34 . 2012-10-11 14:34 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-06 13:52 . 2012-10-06 13:52 -------- d-----w- c:\documents and settings\Carl\Local Settings\Application Data\Amazon
2012-10-06 13:51 . 2012-10-06 13:52 -------- d-----w- c:\program files\Amazon
2012-09-14 01:59 . 2012-09-14 01:59 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 14:34 . 2010-04-30 20:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-30 00:42 . 2010-04-30 17:54 90112 ----a-w- c:\windows\DUMP6929.tmp
2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 02:36 . 2012-04-04 14:15 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 02:36 . 2011-06-03 13:53 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-22 21:04 . 2009-08-18 15:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2012-08-22 21:04 . 2009-08-18 15:24 19720 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-21 13:29 . 2004-08-04 12:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-21 07:24 . 2012-01-25 00:36 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Carl\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Carl\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Carl\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Carl\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-22 344064]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2004-12-08 184320]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-11-30 1115317]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-11-30 135168]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-12-01 1852329]
"vsc32cnf.exe"="c:\program files\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\program files\Roland\VSC32\vscvol.exe" [2000-02-09 36864]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-10-02 2415104]
.
c:\documents and settings\Carl\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Carl\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2010-4-30 30208]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2010-4-30 184320]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2010-4-30 27136]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2002-8-12 1568768]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-10-02 366440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=vscapi.dll
"WAVE1"=vscapi.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Carl\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/11/2012 1:36 PM 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/11/2012 1:36 PM 355632]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [10/11/2012 7:25 PM 208320]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [10/11/2012 7:25 PM 27648]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [10/11/2012 7:25 PM 31920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/11/2012 1:36 PM 21256]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [10/11/2012 7:25 PM 216072]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [4/30/2010 2:25 PM 200192]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/10/2011 3:22 PM 47360]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [5/30/2010 10:13 PM 951284]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [10/11/2012 7:25 PM 44992]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/16/2010 7:58 PM 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [10/11/2012 7:25 PM 4463864]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [5/3/2010 5:27 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [5/3/2010 5:27 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [5/3/2010 5:27 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [5/3/2010 5:27 PM 10368]
S3 cpuz134;cpuz134;c:\swsetup\PCWizard\pc-wizard_2010.1.961\pcwiz_x32.sys [7/9/2010 1:18 PM 20328]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/16/2010 7:58 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-10-12 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-11 09:12]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-16 23:58]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-16 23:58]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1177238915-839522115-1004Core.job
- c:\documents and settings\Carl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-26 02:13]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1177238915-839522115-1004UA.job
- c:\documents and settings\Carl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-26 02:13]
.
2012-10-12 c:\windows\Tasks\User_Feed_Synchronization-{D73A6A9A-E6EE-46BC-9EF9-0D1CECE340A1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://barrie.fusionmls.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: mlxchange.com\barrie
TCP: DhcpNameServer = 64.71.255.198
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://barrie.mlxchange.com/5.5.09.25190/Control/IRCSharc.cab
FF - ProfilePath - c:\documents and settings\Carl\Application Data\Mozilla\Firefox\Profiles\12cgt0l3.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-12 11:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\relog_ap.dll
.
Completion time: 2012-10-12 11:16:18
ComboFix-quarantined-files.txt 2012-10-12 15:16
.
Pre-Run: 17,495,650,304 bytes free
Post-Run: 19,319,754,752 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D45D2173B9EB927B7344B1922ACCD4FE


So how does everything look to you now?

Carl
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
I would have been up much later than you since I live in the Pacific time zone but I also live on an island and the power went off last night at 11 PM.

I think it's clean.

Don't see anything in the logs.

We can clean up now:

We need to clean up System Restore.

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT. Currently there have been bug reports that it makes the system unbootable.

Just delete it and its folder C:\_OTL.

To hide hidden files again (If you see a desktop.ini file on your desktop the hidden files are visible):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.



Special note on Java. Currently there is an exploit out that works on all Java Version 7 software so we are recommending that if you do not visit websites that absolutely require Java that you turn it off in your browser per the instructions in http://www.geekstogo...ur-web-browser/
If you use websites that require Java and you trust them then we recommend that you use either Firefox with the NoScript add-on or Chrome with the ScriptNo add-on and avoid IE. NoScript/ScriptNo will turn off Java and Javascript on all websites you visit except for those that you specifically approve. More info on the exploit is here: http://krebsonsecuri...y-java-exploit/
A new Java 7 Version 7 was released on an emergency basis to fix the exploit but apparently still has major security flaws.

Make sure you have Windows update working and preferably on Automatic download and install. There was a September 21 update to Internet Explorer which is very important as it fixes a big security hole. KB2744842. See: http://www.microsoft...201209_oob.aspx


Ron
  • 0

#7
Home Bass

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Ron,

Thanks a million! I cleaned up, updated, turned off Java script in Acrobat Reader and installed Update Checker and Simple Adblock. I also took your advice and secured my wireless with WPA-PSK AES. I'd never done that before because I turned off broadcast for my SSID and enabled MAC address filtering so only someone who knew my network's name and had a MAC address on my approved list could get in. I've enabled encryption now but I'm wondering what you think of my previous security. Would the steps I'd taken previously result in decent security or was I deluding myself before?

I believe my Microsoft Update is working but I'll check that to make sure I'm getting all the updates without fail.

I guess that should do it then. Thanks again. Enjoy your island paradise! With or without power!

Carl
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Locking the mac address would keep people out but they could still intercept your traffic and read your passwords and such so encryption is better.

The power came back on a half an hour later but we had already gotten ready for bed so just reset the clocks and hopped into bed.
  • 0

#9
Home Bass

Home Bass

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi Ron,

I suspected that might be the case and am thankful I've never had an incident. So now I've got the unbroadcasted SSID, MAC address filtering and WPA-PSK AES encryption with all three computers on my LAN able to connect. Should be pretty secure at this point.

Microsoft Update is doing its thing as I write this and Update Checker has a bit of work cut out for me as well. Almost a friggin' full time job!

Thanks again, Ron. All the best!

Carl
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP