Trojan.Agent.DL and WindowsLiveUpdate.exe infection

[catroy]

Hi,

Another computer infected with the Trojan.Agent.DL and WindowsLiveUpdate.exe virus, this virus is resistant to cleaning, after deleting from MBAM it pops right back up on restart.

Also, saw another poster below with the same exact problem, especially the WindowsLiveUpdate.exe file is involved, hoping some experts can help me cut through the long cleaning process and get to the problem without installing too many programs. Thanks in advance for any help.

dds.txt

attach.txt

MBAM-log-2013-02-14 (14-06-14).txt

[Maurice Naggar]

Hello catroy and welcome to MalwareBytes forum.

Going forward, do NOT attach logs. Always Copy & Paste all contents directly into main-body of reply. T.I.A.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 6

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Click on Scan.
  
• Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

[catroy]

Thanks Maurice, the next few posts are all the requested reports:

info.txt logfile of random's system information tool 1.09 2013-02-14 16:52:37

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

Adobe Digital Editions 2.0-->"C:\Program Files\Adobe\Adobe Digital Editions 2.0\uninstall.exe"

Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -maintain plugin

Adobe Reader X (10.1.5)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Apple Application Support-->MsiExec.exe /I{122ADF8C-DDA1-480C-9936-C88F2825B265}

Apple Mobile Device Support-->MsiExec.exe /I{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

avast! Internet Security-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup

Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

BursaStation-->"C:\Program Files\BursaStation\BursaStation\unins000.exe"

Canon Auto Update Service-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\Auto Update Service\Uninst.ini"

Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"

Canon DIGITAL CAMERA Solution Disk Software Guide-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\Software Guide\Uninst.ini"

Canon MOV Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Decoder\CanonMOVDecoderUnInstall.ini"

Canon MOV Encoder-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"

Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"

Canon PowerShot S100 Camera User Guide-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\CameraUserGuide-PSS100\Uninst.ini"

Canon Utilities CameraWindow DC 8-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC8\Uninst.ini"

Canon Utilities CameraWindow Launcher-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"

Canon Utilities Digital Photo Professional 3.11-->"C:\Program Files\Common Files\Canon\UIW\UninstallWrapper.exe" "DPP"

Canon Utilities Map Utility-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\MapUtility\Uninst.ini"

Canon Utilities Movie Uploader for YouTube-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\Movie Uploader for YouTube\Uninst.ini"

Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"

Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"

Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"

Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.11.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}

Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Document Express DjVu Plug-in-->MsiExec.exe /I{4D8E1ADE-CEA6-4A35-8D73-963F16C40FD3}

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

eSignal 10.6-->msiexec.exe /i {BE334994-2F01-4103-9A96-B027B54DE41B}

eSignal-->MsiExec.exe /I{BE334994-2F01-4103-9A96-B027B54DE41B}

FMS-->C:\Program Files\FMS\Uninstall.exe

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2756822)-->"C:\WINDOWS\$NtUninstallKB2756822$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2779562)-->"C:\WINDOWS\$NtUninstallKB2779562$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB958655-v2)-->"C:\WINDOWS\$NtUninstallKB958655-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

Intel PROSet Wireless-->Intel PROSet Wireless

Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

iTunes-->MsiExec.exe /I{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}

JavaFX 2.1.1-->MsiExec.exe /X{1111706F-666A-4037-7777-211328764D10}

JTrader S2I version 9.4.6-->"C:\Program Files\JTrader-S2I\unins000.exe"

Malwarebytes Anti-Malware version 1.70.0.1100-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended

Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe

Microsoft Help Viewer 1.0-->MsiExec.exe /X{47C39E4A-28F2-33B1-B9B7-97F24E52D917}

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2008 R2 Management Objects-->MsiExec.exe /I{4E968D9C-21A7-4915-B698-F7AEB913541D}

Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}

Microsoft SQL Server System CLR Types-->MsiExec.exe /I{2A2F3AE8-246A-4252-BB26-1BEB45627074}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C# 2010 Express - ENU-->c:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C# 2010 Express - ENU\setup.exe

Microsoft Visual C# 2010 Express - ENU-->MsiExec.exe /X{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411-->MsiExec.exe /X{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools-->MsiExec.exe /X{14DD7530-CCD2-3798-B37D-3839ED6A441C}

Motorola SM56 Data Fax Modem-->rundll32.exe sm56co76.dll,SM56UnInstaller

Mozilla Firefox 18.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}

MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}

NinjaTrader 7-->MsiExec.exe /I{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}

Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}

Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_APAC.exe

Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}

OpenOffice.org 3.4-->MsiExec.exe /I{51071D66-D034-4239-94E0-723FCA10B6FE}

PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FCBF8C05-F031-381A-8B7F-45403B55ADF5} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B7C20E16-9A3A-3F05-A6B5-E15AA09200E0} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {42A3562E-8B4E-39A4-B82D-CC12F82889E3} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {FCBF8C05-F031-381A-8B7F-45403B55ADF5} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Extended

Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)-->c:\WINDOWS\system32\msiexec.exe /package {59F24743-2EA1-3A45-B8C2-6E0E1E078FA8} /uninstall {F606AC5F-4A30-3D7F-BC43-1200864BD9E5} /qb+ REBOOTPROMPT=""

Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2744842)-->"C:\WINDOWS\ie8updates\KB2744842-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2761465)-->"C:\WINDOWS\ie8updates\KB2761465-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2792100)-->"C:\WINDOWS\ie8updates\KB2792100-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2797052)-->"C:\WINDOWS\ie8updates\KB2797052-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2799329)-->"C:\WINDOWS\ie8updates\KB2799329-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9L$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2510581)-->"C:\WINDOWS\$NtUninstallKB2510581$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2530548)-->"C:\WINDOWS\$NtUninstallKB2530548$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544521)-->"C:\WINDOWS\$NtUninstallKB2544521$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2559049)-->"C:\WINDOWS\$NtUninstallKB2559049$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2586448)-->"C:\WINDOWS\$NtUninstallKB2586448$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2618444)-->"C:\WINDOWS\$NtUninstallKB2618444$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2647516)-->"C:\WINDOWS\$NtUninstallKB2647516$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2655992)-->"C:\WINDOWS\$NtUninstallKB2655992$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2675157)-->"C:\WINDOWS\$NtUninstallKB2675157$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2685939)-->"C:\WINDOWS\$NtUninstallKB2685939$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2691442)-->"C:\WINDOWS\$NtUninstallKB2691442$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2695962)-->"C:\WINDOWS\$NtUninstallKB2695962$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2698365)-->"C:\WINDOWS\$NtUninstallKB2698365$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2699988)-->"C:\WINDOWS\$NtUninstallKB2699988$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2705219)-->"C:\WINDOWS\$NtUninstallKB2705219$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2707511)-->"C:\WINDOWS\$NtUninstallKB2707511$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2709162)-->"C:\WINDOWS\$NtUninstallKB2709162$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2712808)-->"C:\WINDOWS\$NtUninstallKB2712808$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2718523)-->"C:\WINDOWS\$NtUninstallKB2718523$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2719985)-->"C:\WINDOWS\$NtUninstallKB2719985$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2722913)-->"C:\WINDOWS\$NtUninstallKB2722913$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2723135)-->"C:\WINDOWS\$NtUninstallKB2723135$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2724197)-->"C:\WINDOWS\$NtUninstallKB2724197$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2727528)-->"C:\WINDOWS\$NtUninstallKB2727528$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2731847)-->"C:\WINDOWS\$NtUninstallKB2731847$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2744842)-->"C:\WINDOWS\$NtUninstallKB2744842$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2753842)-->"C:\WINDOWS\$NtUninstallKB2753842$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2753842-v2)-->"C:\WINDOWS\$NtUninstallKB2753842-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2757638)-->"C:\WINDOWS\$NtUninstallKB2757638$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2758857)-->"C:\WINDOWS\$NtUninstallKB2758857$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2761226)-->"C:\WINDOWS\$NtUninstallKB2761226$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2770660)-->"C:\WINDOWS\$NtUninstallKB2770660$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2778344)-->"C:\WINDOWS\$NtUninstallKB2778344$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2779030)-->"C:\WINDOWS\$NtUninstallKB2779030$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2780091)-->"C:\WINDOWS\$NtUninstallKB2780091$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2799494)-->"C:\WINDOWS\$NtUninstallKB2799494$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2802968)-->"C:\WINDOWS\$NtUninstallKB2802968$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Skype™ 6.1-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}

System Requirements Lab for Intel-->MsiExec.exe /I{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}

Trading Blox-->"C:\TradingBlox\uninstall.exe"

Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"

Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"

Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"

Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe"

Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"

Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"

Update for Windows XP (KB2661254-v2)-->"C:\WINDOWS\$NtUninstallKB2661254-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB2718704)-->"C:\WINDOWS\$NtUninstallKB2718704$\spuninst\spuninst.exe"

Update for Windows XP (KB2736233)-->"C:\WINDOWS\$NtUninstallKB2736233$\spuninst\spuninst.exe"

Update for Windows XP (KB2749655)-->"C:\WINDOWS\$NtUninstallKB2749655$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /X{112C23F2-C036-4D40-BED4-0CB47BF5555C}

VLC media player 2.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe

WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}

Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf

Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf

Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf

Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR 4.01 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

Xvid Video Codec-->C:\Program Files\Xvid\uninstall.exe

======Security center information======

AV: avast! Internet Security

FW: avast! Internet Security

======System event log======

Computer Name: JOE-6D21435FB75

Event Code: 4226

Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 41574

Source Name: Tcpip

Time Written: 20130123085618.000000+480

Event Type: warning

User:

Computer Name: JOE-6D21435FB75

Event Code: 36

Message: The time service has not been able to synchronize the system time

for 49152 seconds because none of the time providers has been able to

provide a usable time stamp. The system clock is unsynchronized.

Record Number: 41508

Source Name: W32Time

Time Written: 20130121212625.000000+480

Event Type: warning

User:

Computer Name: JOE-6D21435FB75

Event Code: 36

Message: The time service has not been able to synchronize the system time

for 49152 seconds because none of the time providers has been able to

provide a usable time stamp. The system clock is unsynchronized.

Record Number: 41436

Source Name: W32Time

Time Written: 20130120231957.000000+480

Event Type: warning

User:

Computer Name: JOE-6D21435FB75

Event Code: 4226

Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 41402

Source Name: Tcpip

Time Written: 20130120120422.000000+480

Event Type: warning

User:

Computer Name: JOE-6D21435FB75

Event Code: 4226

Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 41398

Source Name: Tcpip

Time Written: 20130120114755.000000+480

Event Type: warning

User:

=====Application event log=====

Computer Name: JOE-6D21435FB75

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledEvent 2390

Record Number: 7439

Source Name: Bonjour Service

Time Written: 20120930183914.000000+480

Event Type: error

User:

Computer Name: JOE-6D21435FB75

Event Code: 100

Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 7438

Source Name: Bonjour Service

Time Written: 20120930183914.000000+480

Event Type: error

User:

Computer Name: JOE-6D21435FB75

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledSPRetry 2094

Record Number: 7437

Source Name: Bonjour Service

Time Written: 20120930183430.000000+480

Event Type: error

User:

Computer Name: JOE-6D21435FB75

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledEvent 2094

Record Number: 7436

Source Name: Bonjour Service

Time Written: 20120930183430.000000+480

Event Type: error

User:

Computer Name: JOE-6D21435FB75

Event Code: 100

Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 7435

Source Name: Bonjour Service

Time Written: 20120930183430.000000+480

Event Type: error

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\eSignal\;C:\Program Files\Intel\WiFi\bin\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"asl.log"=Destination=file

-----------------EOF-----------------

[catroy]

Logfile of random's system information tool 1.09 (written by random/random)

Run by Joe at 2013-02-14 16:52:25

Microsoft Windows XP Professional Service Pack 3

System drive C: has 65 GB (56%) free of 114 GB

Total RAM: 3062 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:52:35 PM, on 2/14/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Wireless Select Switch\WLSS.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Joe\Desktop\RSIT.exe

C:\Program Files\trend micro\Joe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Blog This in Windows Live - {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} - mscoree.dll (file missing)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1309166495959

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343815654687

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--

End of file - 9763 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\avast! Emergency Update.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\t9dtwaeb.default

prefs.js - "browser.startup.homepage" - "http://www.yahoo.com/"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

"hotfix@mozilla.org"=C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.5.502.149 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\

npdeploytk.dll

npdjvu.dll

nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d2a2}]

Blog This in Windows Live - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-31 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-10-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-10-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-31 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-28 16862720]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-01-25 53248]

"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-11-12 671744]

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

"WLSS"=C:\Program Files\Wireless Select Switch\WLSS.exe [2007-08-10 189736]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-09-25 1323008]

"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2010-01-13 134656]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2010-01-13 166912]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2010-01-13 135680]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-05-30 59280]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-06-07 421776]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2012-10-09 149280]

"IntelZeroConfig"=C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [2012-04-24 1407248]

"IntelWireless"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2012-04-24 1210640]

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-31 4297136]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Xvid"=C:\Program Files\Xvid\CheckUpdate.exe [2011-01-18 8192]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2010-01-13 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveTypeAutoRun"=28

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe"="C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application"

"C:\Program Files\eSignal\winros.exe"="C:\Program Files\eSignal\winros.exe:*:Enabled:eSignal Data Manager"

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Documents and Settings\Joe\Desktop\AA_v3.exe"="C:\Documents and Settings\Joe\Desktop\AA_v3.exe:*:Enabled:Ammyy Admin"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=l3codecp.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"vidc.XVID"=xvidvfw.dll

======List of files/folders created in the last 1 month======

2013-02-14 16:52:25 ----D---- C:\rsit

2013-02-14 16:52:25 ----D---- C:\Program Files\trend micro

2013-02-14 16:47:59 ----D---- C:\Program Files\ERUNT

2013-02-13 10:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2778344$

2013-02-13 10:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2799494$

2013-02-13 10:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2802968$

2013-02-13 10:58:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2780091$

2013-02-13 10:58:45 ----A---- C:\WINDOWS\imsins.BAK

2013-02-12 11:01:26 ----A---- C:\WINDOWS\system32\drivers\aswFW.sys

2013-02-12 11:01:19 ----A---- C:\WINDOWS\system32\drivers\aswNdis2.sys

2013-02-12 11:01:19 ----A---- C:\WINDOWS\system32\drivers\aswKbd.sys

2013-02-12 11:01:13 ----A---- C:\WINDOWS\system32\drivers\aswNdis.sys

2013-01-25 11:52:07 ----RD---- C:\Program Files\Skype

2013-01-25 11:52:07 ----D---- C:\Program Files\Common Files\Skype

2013-01-19 19:56:16 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys

2013-01-19 19:56:16 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2013-01-19 19:56:15 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys

2013-01-19 19:56:15 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys

2013-01-19 19:56:14 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys

2013-01-19 19:56:14 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys

2013-01-19 19:56:14 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys

2013-01-19 19:56:14 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys

2013-01-19 19:55:47 ----A---- C:\WINDOWS\avastSS.scr

2013-01-19 19:55:46 ----A---- C:\WINDOWS\system32\aswBoot.exe

2013-01-19 19:39:53 ----D---- C:\Program Files\CCleaner

2013-01-19 17:51:20 ----A---- C:\WINDOWS\winDecrypt.INI

2013-01-19 17:50:47 ----D---- C:\Program Files\PDF Password Remover v3.1

2013-01-19 17:37:34 ----D---- C:\Program Files\Simpo PDF Password Remover

2013-01-19 17:27:21 ----D---- C:\Documents and Settings\Joe\Application Data\WinLive

2013-01-19 17:27:20 ----D---- C:\Documents and Settings\Joe\Application Data\MCommon

2013-01-19 17:17:43 ----D---- C:\Program Files\SecurityXploded

2013-01-19 16:40:27 ----D---- C:\Documents and Settings\Joe\Application Data\PerformerSoft

2013-01-19 16:40:23 ----D---- C:\Program Files\File Scout

2013-01-19 16:40:23 ----A---- C:\WINDOWS\system32\roboot.exe

2013-01-19 12:09:51 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2013-02-14 16:52:35 ----D---- C:\WINDOWS\Prefetch

2013-02-14 16:52:25 ----RD---- C:\Program Files

2013-02-14 16:10:18 ----D---- C:\WINDOWS\Temp

2013-02-14 15:08:06 ----A---- C:\WINDOWS\SchedLgU.Txt

2013-02-14 14:37:34 ----D---- C:\WINDOWS\system32\drivers

2013-02-13 12:07:31 ----D---- C:\WINDOWS\Microsoft.NET

2013-02-13 12:07:30 ----RSD---- C:\WINDOWS\assembly

2013-02-13 11:06:40 ----D---- C:\WINDOWS

2013-02-13 11:04:40 ----D---- C:\WINDOWS\system32

2013-02-13 11:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$

2013-02-13 11:02:44 ----D---- C:\WINDOWS\system32\CatRoot2

2013-02-13 11:00:01 ----D---- C:\WINDOWS\Debug

2013-02-13 10:59:49 ----A---- C:\WINDOWS\system32\MRT.exe

2013-02-13 10:59:39 ----HD---- C:\WINDOWS\inf

2013-02-13 10:59:38 ----RSHDC---- C:\WINDOWS\system32\dllcache

2013-02-13 10:59:35 ----D---- C:\WINDOWS\ie8updates

2013-02-13 10:59:32 ----HD---- C:\WINDOWS\$hf_mig$

2013-02-13 10:58:36 ----D---- C:\Program Files\Internet Explorer

2013-02-13 10:58:07 ----SHD---- C:\WINDOWS\Installer

2013-02-13 10:58:07 ----D---- C:\Config.Msi

2013-02-13 10:56:32 ----D---- C:\WINDOWS\WinSxS

2013-02-13 10:56:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2013-02-12 11:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$

2013-02-12 11:01:19 ----SD---- C:\WINDOWS\Tasks

2013-02-11 09:34:43 ----D---- C:\ua

2013-02-09 17:14:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$

2013-02-09 00:50:34 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2013-01-27 13:28:52 ----D---- C:\Documents and Settings\Joe\Application Data\Skype

2013-01-26 11:55:44 ----A---- C:\WINDOWS\system32\oleaut32.dll

2013-01-25 11:52:12 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

2013-01-25 11:52:07 ----D---- C:\Program Files\Common Files

2013-01-24 17:18:15 ----D---- C:\WINDOWS\Connection Wizard

2013-01-19 19:55:17 ----D---- C:\Program Files\AVAST Software

2013-01-19 19:55:17 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software

2013-01-19 19:42:51 ----D---- C:\Documents and Settings\Joe\Application Data\uTorrent

2013-01-19 19:41:59 ----D---- C:\WINDOWS\Minidump

2013-01-19 19:41:59 ----D---- C:\WINDOWS\Logs

2013-01-19 17:27:06 ----D---- C:\Program Files\Mozilla Maintenance Service

2013-01-18 10:13:38 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\aswNdis.sys [2012-09-21 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service; C:\WINDOWS\system32\drivers\aswNdis2.sys [2012-10-31 199320]

R0 EMSC;COMPAL Embedded System Control; C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-04-19 9856]

R0 iastor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-07-13 305176]

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-10-31 25256]

R1 aswFW;avast! TDI Firewall driver; C:\WINDOWS\system32\drivers\aswFW.sys [2012-10-31 106560]

R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2012-10-31 20624]

R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-10-31 35928]

R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-10-31 738504]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-10-31 361032]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-10-31 54232]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-10-31 21256]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-10-31 97608]

R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2010-05-19 13952]

R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]

R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-06-29 878520]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-01-13 1730272]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-06-02 4752384]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETwLx32.sys [2010-10-07 6609920]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]

R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-09-18 44032]

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-11-12 1021056]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-09-25 231456]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]

S0 cercsr6;cercsr6; C:\WINDOWS\system32\drivers\cercsr6.sys [2004-12-14 39904]

S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-06-29 539160]

S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-06-29 156392]

S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]

S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-03-23 37280]

S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]

S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []

S3 mbr;mbr; \??\C:\DOCUME~1\Joe\LOCALS~1\Temp\mbr.sys []

S3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-08-08 2211456]

S3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-08-28 3632384]

S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]

S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]

S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]

S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-31 44808]

R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-10-31 133912]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-07-10 260704]

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2009-09-08 96334]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2012-04-24 870672]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-10-09 153376]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2012-04-24 481552]

R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2012-04-24 919824]

R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [2012-04-24 375056]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 821648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-09 251248]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-19 115608]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[catroy]

Results of screen317's Security Check version 0.99.57

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Internet Security

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

CCleaner

JavaFX 2.1.1

Java 6 Update 17

Java version out of Date!

Adobe Flash Player 11.5.502.149

Adobe Reader 10.1.5 Adobe Reader out of Date!

Mozilla Firefox (18.0.1)

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast afwServ.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 5%

````````````````````End of Log``````````````````````

[catroy]

QuickScan 32-bit v0.9.9.118

---------------------------

Scan date: Thu Feb 14 17:00:06 2013

Machine ID: 90A77377

No infection found.

-------------------

Processes

---------

avast! Antivirus 1032 C:\Program Files\AVAST Software\Avast\afwServ.exe

avast! Antivirus 1296 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

avast! Antivirus 2232 C:\Program Files\AVAST Software\Avast\AvastUI.exe

Bluetooth Software 1956 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

Bluetooth Software 2692 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

Bonjour 2784 C:\Program Files\Bonjour\mDNSResponder.exe

Canon Camera Access Library 8 2240 C:\Program Files\Canon\CAL\CALMAIN.exe

Intel® Common User Interface 820 C:\WINDOWS\system32\hkcmd.exe

Intel® Common User Interface 840 C:\WINDOWS\system32\igfxpers.exe

Intel® Common User Interface 1080 C:\WINDOWS\system32\igfxsrvc.exe

Intel® Common User Interface 772 C:\WINDOWS\system32\igfxtray.exe

Intel® PROSet/Wireless 2192 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

Intel® PROSet/Wireless 3408 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

Intel® PROSet/Wireless 228 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

Intel® PROSet/Wireless 268 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

Intel® PROSet/Wireless 392 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe

Intel® PROSet/Wireless 2160 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

iTunes 3756 C:\Program Files\iPod\bin\iPodService.exe

iTunes 884 C:\Program Files\iTunes\iTunesHelper.exe

Microsoft® Windows® Operating System 136 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 156 C:\WINDOWS\system32\wbem\unsecapp.exe

Microsoft® Windows® Operating System 1160 C:\WINDOWS\system32\wbem\unsecapp.exe

MobileDeviceService 2636 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

Realtek HD Audio Sound Effect Manager 1972 C:\WINDOWS\RTHDCPL.exe

SM56 Helper Win32 Utility 620 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

Synaptics Pointing Device Driver 708 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Wlss Application 700 C:\Program Files\Wireless Select Switch\WLSS.exe

(verified) Java Platform SE 6 U17 3288 C:\Program Files\Java\jre6\bin\jqs.exe

(verified) Microsoft® Windows® Operating System 1192 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 208 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 1396 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 2500 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 1476 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 1464 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 1328 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 1652 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1736 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 2336 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 736 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1932 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 540 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 3788 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 532 C:\WINDOWS\system32\wbem\wmiprvse.exe

(verified) Microsoft® Windows® Operating System 1420 C:\WINDOWS\system32\winlogon.exe

(verified) Windows® Internet Explorer 2440 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 2868 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process AvastSvc.exe (1296) connected on port 80 (HTTP) --> 77.234.43.56

Process iexplore.exe (2868) connected on port 80 (HTTP) --> 173.194.38.164

Process iexplore.exe (2868) connected on port 80 (HTTP) --> 58.27.22.57

Process iexplore.exe (2868) connected on port 80 (HTTP) --> 173.194.38.164

Process iexplore.exe (2868) connected on port 80 (HTTP) --> 58.27.22.9

Process iexplore.exe (2868) connected on port 80 (HTTP) --> 23.48.111.139

Process svchost.exe (1736) listens on ports: 135 (RPC)

Autoruns and critical files

---------------------------

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe

CheckUpdate.exe C:\Program Files\Xvid\CheckUpdate.exe

ImScInst.exe C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe

Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll

Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe

Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe

Intel® PROSet/Wireless C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

Intel® PROSet/Wireless C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

iTunes C:\Program Files\iTunes\iTunesHelper.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\dumprep.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

PC Suite C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

Realtek Azalia Mixer Selector C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.exe

SM56 Helper Win32 Utility C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Wlss Application C:\Program Files\Wireless Select Switch\WLSS.exe

新注音 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

(verified) Java Platform SE 6 U17 C:\Program Files\Java\jre6\bin\jusched.exe

(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll

(verified) Microsoft IME 2002 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

(verified) Realtek AC97 Audio - Event Monitor C:\WINDOWS\ALCMTR.EXE

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

avast! Antivirus C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

DjVu Plugin Viewer C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

Java Deployment Toolkit 7.0.70.10 C:\WINDOWS\system32\npDeployJava1.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft® Windows® Operating System C:\WINDOWS\System32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

NPSWF32_11_5_502_149.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

(verified) Java Deployment Toolkit 6.0.170.4 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

(verified) Java Platform SE 6 U17 c:\program files\java\jre6\bin\jp2ssv.dll

(verified) Java Platform SE 6 U17 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Missing files

-------------

File not found: mscoree.dll

--> HKLM\Software\Classes\CLSID\{2adefb8e-b923-35e6-86e2-2b7841f5d2a2}\InprocServer32\"(default)"

Scan

----

MD5: 69505f9c479c4ff95621c3e1a7b6e5ce C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

MD5: b316906b4a04dd39985350d29de31068 C:\Program Files\AVAST Software\Avast\1033\Base.dll

MD5: ab6e3df509c6bd59062f685a40395c23 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll

MD5: 6f367a9b88cfdd46f42c1d11e5cb7964 C:\Program Files\AVAST Software\Avast\Aavm4h.dll

MD5: c2434dea392826c1687d9bd7fa4845bc C:\Program Files\AVAST Software\Avast\AavmRpch.dll

MD5: cf2abd2ac91850bc2832078f4eee95c2 C:\Program Files\AVAST Software\Avast\afwCore.dll

MD5: e491a3812a4aee8c2a5fbd1265bbf701 C:\Program Files\AVAST Software\Avast\afwCoreClient.dll

MD5: d7b3de60620d5ada3d75428a845a0f67 C:\Program Files\AVAST Software\Avast\afwCoreServ.dll

MD5: 90c081738668ac4118b0f397159c7848 C:\Program Files\AVAST Software\Avast\afwGeoIP.dll

MD5: e959c3e026b7c0d0a3890f99b6274536 C:\Program Files\AVAST Software\Avast\afwRpc.dll

MD5: bc0e07a768a0a14c48e3ce1875f2c377 C:\Program Files\AVAST Software\Avast\afwServ.exe

MD5: f7d4a7047bcb7d3cc70b0dc23e928022 C:\Program Files\AVAST Software\Avast\AhAScr.dll

MD5: 9c09af87ac7351985ab5ffba3fc52575 C:\Program Files\AVAST Software\Avast\AhResBhv.dll

MD5: e844c96552989fa1eca95778583a904c C:\Program Files\AVAST Software\Avast\AhResJs.dll

MD5: 17f5861a03516864a5f4cc04c7324278 C:\Program Files\AVAST Software\Avast\AhResMai.dll

MD5: 8bec10c53e927cd5e442fe332804f1ac C:\Program Files\AVAST Software\Avast\AhResMes.dll

MD5: 9b2f20ecf609edf54fec43e792028261 C:\Program Files\AVAST Software\Avast\AhResNS.dll

MD5: 857661f2e5a677cfb6d3b2cf6e428227 C:\Program Files\AVAST Software\Avast\AhResP2P.dll

MD5: 4187264e696698ce1fb7081eddf9a6f2 C:\Program Files\AVAST Software\Avast\AhResSPM.dll

MD5: 2466ed58b8efb3320bca73acf8179d24 C:\Program Files\AVAST Software\Avast\AhResStd.dll

MD5: 5d9550e02d981b92b133e5f8f7bdf8d2 C:\Program Files\AVAST Software\Avast\AhResWS.dll

MD5: 55afa63f5f2a6ced0c09e2afe57eca8d C:\Program Files\AVAST Software\Avast\ashBase.dll

MD5: 977c54291bfa6fee7ff865630e51757b C:\Program Files\AVAST Software\Avast\ashServ.dll

MD5: 4d153bde01aa3fd33414199052051549 C:\Program Files\AVAST Software\Avast\ashShell.dll

MD5: 16ce3ed063923253905341c9af850fe7 C:\Program Files\AVAST Software\Avast\ashTask.dll

MD5: 4ff19ac422b7709d786de58b385c9647 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll

MD5: 13790c4fb6311ece6d6763a7ec2313fb C:\Program Files\AVAST Software\Avast\aswAra.dll

MD5: 045ee3dc56b12b404dc07848d8597c66 C:\Program Files\AVAST Software\Avast\aswAux.dll

MD5: eb398ded91cff2f425610eaa2ccf2a23 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll

MD5: babe99a18a382a5e2f99b48e0bc3e0d4 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll

MD5: 178b51198b7b46cd3c5e744474459a63 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll

MD5: f0e7dec6f7a3610949bded0ca8ccb3ea C:\Program Files\AVAST Software\Avast\aswData.dll

MD5: 264b5d8f4c70a26749ff2cedde06ba30 C:\Program Files\AVAST Software\Avast\aswDld.dll

MD5: c515caec6b3c6970007954c0250a124c C:\Program Files\AVAST Software\Avast\aswEngLdr.dll

MD5: 902f670f58193a2bc30aa342b11b2c7b C:\Program Files\AVAST Software\Avast\aswIdle.dll

MD5: 124715cd10c62a78404f1a3b1048d062 C:\Program Files\AVAST Software\Avast\aswJsFlt.dll

MD5: fca9cc8611654b790dd6242bf862b7f5 C:\Program Files\AVAST Software\Avast\aswLog.dll

MD5: 12b9869e74f9e698f550f04f8989c591 C:\Program Files\AVAST Software\Avast\aswProperty.dll

MD5: f186897e0a3b9d0784041221d0265069 C:\Program Files\AVAST Software\Avast\aswSqLt.dll

MD5: 273fd83fc8c4e12f8c55381674f92a44 C:\Program Files\AVAST Software\Avast\aswStrm.dll

MD5: 179eed57fed3c7422a559633641032ba C:\Program Files\AVAST Software\Avast\aswUtil.dll

MD5: dfce15e59b8ac862b8e3ca6e43fe33f8 C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

MD5: 7f19838ac317c34fced020be529af71e C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

MD5: 8fa553e9ae69808d99c164733a0f9590 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

MD5: 083649ef692a066880c9326020915afe C:\Program Files\AVAST Software\Avast\AvastUI.exe

MD5: ab04c6ce5df23819b914f822e9aa0edf C:\Program Files\AVAST Software\Avast\CommonRes.dll

MD5: dee1c6f7726901ec9f9ab0a128f9e6e7 C:\Program Files\AVAST Software\Avast\defs\13021304\algo.dll

MD5: 8685ecaffbcd99e16b1d8f8003c456d7 C:\Program Files\AVAST Software\Avast\defs\13021304\aswCmnBS.dll

MD5: 3ae814769fd59498e9af30a1b86417df C:\Program Files\AVAST Software\Avast\defs\13021304\aswCmnIS.dll

MD5: b0387e7cfcbb41317ac94708204b19d5 C:\Program Files\AVAST Software\Avast\defs\13021304\aswCmnOS.dll

MD5: 196cbfaaf7caaa5c5de14fd2959869e4 C:\Program Files\AVAST Software\Avast\defs\13021304\aswEngin.dll

MD5: c1f048b33a1bd8f5b05af76469252f55 C:\Program Files\AVAST Software\Avast\defs\13021304\aswFiDb.dll

MD5: c25001b470b1456bb32b20002c4db9bb C:\Program Files\AVAST Software\Avast\defs\13021304\aswRep.dll

MD5: f8b1e88b480ca34664286a019a19fc08 C:\Program Files\AVAST Software\Avast\defs\13021304\aswScan.dll

MD5: 4ad7832278dd2bdc503335c86b357a57 C:\Program Files\AVAST Software\Avast\defs\13021304\fwAux.dll

MD5: 9d362539cb97e842e04b0fda04870530 C:\Program Files\AVAST Software\Avast\defs\13021304\uiExt.dll

MD5: d79d3eabd4730970770efa530d094e0f C:\Program Files\AVAST Software\Avast\snxhk.dll

MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll

MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe

MD5: 359e5a91d26d0439933bef1c29cedef7 C:\Program Files\Canon\CAL\CALMAIN.exe

MD5: 569a07c4395ab391d0d0e437654d871a C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 40986a81053401e5379154818fa8733c C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: 8f08f3d3a15c6a82f70ddc04554ca808 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

MD5: 3cb07566302bceeb898de270a0bec175 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: d7016846dbd0d73e6fbf5e68e0ea370e C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll

MD5: b45f2c4076acfd9714037b7c69d90167 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

MD5: ba02f01be7ed88e8974c798acb3075f5 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

MD5: af54247f97ccf3539de7505c09972ff9 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll

MD5: d3259d0dfc6a69af54240a59a86f07bd C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 43a0a24cd12b110dc93462d6b035c961 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll

MD5: 3bde52411df2fe4252c9289f51cb0f7e C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: 9abb7cdac0914579c86990048771b1b4 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll

MD5: d47913f993a0e3a0c9f1e88fd02e98c6 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll

MD5: 25f0095ba5a30a31ca538698d6fe234c C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MD5: 32d78dcabfb942275e01363d5232c77d C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll

MD5: 62169bdd927a67c360a35f4526429b01 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll

MD5: 8a1cbae63fc06edaedcce1b23e9c9267 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll

MD5: 53a6ffb9fff5c3e64b64e9b68c31d4e5 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll

MD5: 58b61578d5704e9fc8b8a9861a85069d C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MD5: f401929ee0cc92bfe7f15161ca535383 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: 3b7d8eae5e44cbda4cd772720594f116 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: d5369247b6c11eae2c0650d8303e23b4 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: b0bf87f9e247bb0621bce59eb8cd113f C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll

MD5: 73867092d061f748abcb05e5d5ca25d2 C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\ConnMgr.dll

MD5: 06752a42fd92f1b4942ccbcbc44f756a C:\Program Files\Common Files\Intel\WirelessCommon\FrameworkPlugins\WiWiTray.dll

MD5: d12ae469b64dc4e89bf9a5bceeb11652 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

MD5: c56ee8c650cbb70a20a3b2e3df3fe996 C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll

MD5: d6de683a7b723a31ee0e3e618c356ab8 C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll

MD5: 69c66820c92367812948488b0236639e C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

MD5: b777b406d89fe2fd55d17cfcd260174a C:\Program Files\Common Files\Intel\WirelessCommon\TraceApi.dll

MD5: 2133b82cd52f1b62cdea633769819a60 C:\Program Files\Common Files\System\ado\msado15.dll

MD5: 142cedecae89e372ee347681c3fbb257 C:\Program Files\Common Files\System\msadc\msadce.dll

MD5: 81e9041dac0983aace5c8920af73d64e C:\Program Files\Common Files\System\msadc\msadcer.dll

MD5: 1ed4c96ec76c3ddfcabd7644da23f4b6 C:\Program Files\Common Files\System\Ole DB\msdasql.dll

MD5: 8985fcece06a74017e23ddd093e34d4e C:\Program Files\Common Files\System\Ole DB\MSDASQLR.DLL

MD5: 73baffa0b02320690cdc606241078ce4 C:\Program Files\Common Files\System\Ole DB\MSDATL3.dll

MD5: 2b79427b69a5fe97d45e226fdf56760a C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll

MD5: 2d1e04958b821525bf51a4d5f129a4dc C:\Program Files\Intel\WiFi\bin\DbEngine.dll

MD5: b5dec98e17e2a70a0a0be542ed36f279 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

MD5: 1923187e4fd7009c6eb0f089825b9902 C:\Program Files\Intel\WiFi\bin\IntStngs.dll

MD5: 5ac0033042a349e8bdd8b501a5724630 C:\Program Files\Intel\WiFi\bin\IWMSPROV.DLL

MD5: 51949f74bd25afb3d8470edda23ca296 C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\SupplicantPlugin.dll

MD5: 1741c1ddcb048ddaa18255c96eb646fd C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\WSCPlugin.dll

MD5: c00bb93cd57f0b224538f8a9134a358b C:\Program Files\Intel\WiFi\bin\MurocApi.dll

MD5: 5792fb458256aae84396390141784389 C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll

MD5: b16668a68aa08023ba3e04f63cedc27b C:\Program Files\Intel\WiFi\bin\PfQOSMgr.dll

MD5: f29f36df6ee5908a3d87d1ee6850260e C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

MD5: 238467303a6c322435f5bb2102e5ce35 C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll

MD5: 6db59b5628dc30c05189f76367e1496e C:\Program Files\Intel\WiFi\bin\supplicant.dll

MD5: 9cac8ec258396c3ed6843085143b3f61 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe

MD5: a602816057221cd8e2fe214b1487c324 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

MD5: 739591be466b2246144308825ce7d2ef C:\Program Files\Internet Explorer\ieproxy.dll

MD5: d1cc5365f151777df447242e476796ba C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: 35355bedaef1e12912dfc8f07a6e7dc7 C:\Program Files\Internet Explorer\xpshims.dll

MD5: e6be7a41a28d8f2db174957454d32448 C:\Program Files\iPod\bin\iPodService.exe

MD5: ce4b444bd0cdcd45d57d17c206159bed C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL

MD5: edc992a51a19205c619c48261dd53655 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL

MD5: b1ca4aa760ff0ddfa1c38e95d19cfefb C:\Program Files\iTunes\iTunesHelper.dll

MD5: 34086f1dbb4065047ea3671cb70505cc C:\Program Files\iTunes\iTunesHelper.exe

MD5: e7fe89f69c3cc65cad3d1adc5d6a9f41 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 0654195051d1024c005e7be135a6fee7 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: d28ad1cb902ac6d228532812d3850c7d C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: 9013599b12923a45c029c34e8d2211ac c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

MD5: 6e87d4708c7beeb167afee95d5002894 C:\Program Files\Motorola\SMSERIAL\sm56ara.dll

MD5: 00f928bb02a2fe57c83fa21ae4401d14 C:\Program Files\Motorola\SMSERIAL\sm56brz.dll

MD5: f015b6f6cac858b0083322e350153a07 C:\Program Files\Motorola\SMSERIAL\sm56chs.dll

MD5: 031f0cc565511292fdf69e6246908af8 C:\Program Files\Motorola\SMSERIAL\sm56cht.dll

MD5: 58dcdacf207dd05cbe10f0bbdf3b2760 C:\Program Files\Motorola\SMSERIAL\sm56cro.dll

MD5: c2fd88e4af23536dcb762f3edea75a29 C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll

MD5: fccc8ece50414a68f21d17320507ad54 C:\Program Files\Motorola\SMSERIAL\sm56eng.dll

MD5: 69ba7841290a6db2732ddb7e05fc47a9 C:\Program Files\Motorola\SMSERIAL\sm56esp.dll

MD5: ee644837c9069b4e6f3a893f8c58fb8c C:\Program Files\Motorola\SMSERIAL\sm56fra.dll

MD5: ccbeadf47caaafa11e65a933f9837ba4 C:\Program Files\Motorola\SMSERIAL\sm56ger.dll

MD5: 63b9789dc921bb76e5add424dc99f913 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

MD5: 53574db0216bfd86f87cdd4695ce0086 C:\Program Files\Motorola\SMSERIAL\sm56ita.dll

MD5: 13736c6e76b34291f4806f4b10efb370 C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll

MD5: c61b410c9fd66c3dc51e667cbc3f3b87 C:\Program Files\Motorola\SMSERIAL\sm56kor.dll

MD5: 17140f063bd2cb569417e06753ca5f33 C:\Program Files\Motorola\SMSERIAL\sm56pol.dll

MD5: c9ccaea8ab6c09dea23253dbcfffcb80 C:\Program Files\Motorola\SMSERIAL\sm56rus.dll

MD5: 80165c9fa175d2bb462edc6670ac5ce3 C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

MD5: 0a7b01235b1cbfa387b04a91e2f2b7d0 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

MD5: 9c3758018ded02f4ae53cca1c5f084a2 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

MD5: ede2d48baed2ff4f5a80b55b8af76ea3 C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr

MD5: bc41ef142d76f423cf1cf261201d5623 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

MD5: 0e51263ea765f9ab45aa8f04cadb22b9 C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll

MD5: 600d719d720715b28c3234c624e95bab C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

MD5: b058e4e76a4524dc13fc44b7829fee5f C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

MD5: 38444a8e6d8e0267326297df7ce0d5b4 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

MD5: 019ab047b932ad277a4da2673e5cc19c C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

MD5: eaf4ee7c73fb0784f2c128029c1ace1c C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe

MD5: 8c4f0dcc6a5100d48f9b2f950cdd220f C:\Program Files\Skype\Updater\Updater.exe

MD5: f3afaa98f4e11b78f135706d500835d2 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

MD5: a4a625d281803e90d776912b5c612ec6 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

MD5: 8380ba6fdba9995f43ce224619d3b9c2 C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll

MD5: d831db213ae80f076090eb1d0f8a8f5a C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

MD5: 94575412f78f62d85b6f411dd01fc6dc C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

MD5: 721651cf384654e2e2717506c856fc1d C:\Program Files\Wireless Select Switch\WLSS.exe

MD5: 6d9e1356a9c1b5f36698faff9205e34a C:\Program Files\Xvid\CheckUpdate.exe

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 09523afbc5937d7cc786fc9c74d2d516 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll

MD5: 56940b50ab0e5923822f47b0e4463885 C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: fb53a700132d9a97d1e10e9f80bd6174 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: 0ba263f7d6de41d3f3c5efec535e70d0 C:\WINDOWS\RTHDCPL.exe

MD5: cfd4e51402da9838b5a04ae680af54a0 c:\windows\system32\browser.dll

MD5: 1d4e4dc79155f745f09458b9eb095861 C:\WINDOWS\system32\BROWSEUI.dll

MD5: 1065657c25e92da75afc7c5b927253c9 C:\WINDOWS\system32\bthcrp.dll

MD5: 246be284da1d0ebf17683a0b970884fd C:\WINDOWS\system32\btmmhook.dll

MD5: 1c52df934e47b10deef2d05321885be8 C:\WINDOWS\system32\btncopy.dll

MD5: 0df191193a9f04b1be79eb041be4d698 C:\WINDOWS\system32\btosif.dll

MD5: af8f990f6600de2d51e4b284643a5c89 C:\WINDOWS\system32\btrez.dll

MD5: 90e50113cf6a8ce0c67c9f961e08e95e C:\WINDOWS\system32\btwhidcs.DLL

MD5: 539d5f17f034322698e7b174a54ee255 C:\WINDOWS\system32\btwicons.dll

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: 6bee5d4eff0a0341bcc4a462d81ccfc1 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\System32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll

MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll

MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 062373995eae5f0eac9eaa9192136bfb C:\WINDOWS\system32\dnssd.dll

MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys

MD5: bd8b1c0212366bdc50a42e8537ec1424 C:\WINDOWS\system32\drivers\btaudio.sys

MD5: be56146ba416dd6ab7f0e791776f404d C:\WINDOWS\system32\DRIVERS\btkrnl.sys

MD5: 58a49bd10e08d3d4333a60dedcb1ced8 C:\WINDOWS\system32\DRIVERS\btport.sys

MD5: 80f61de965c116051614ac2f04222ff7 C:\WINDOWS\system32\DRIVERS\btwdndis.sys

MD5: e48668b4a6a5cf68b33aecad18ee8e1e C:\WINDOWS\system32\DRIVERS\btwhid.sys

MD5: 8bcd7bfe9c70a8ff7444263435b18aa1 C:\WINDOWS\system32\DRIVERS\btwmodem.sys

MD5: 57e91e9925976bbc98984eebaaf1d84c C:\WINDOWS\System32\Drivers\btwusb.sys

MD5: 553cff6cf3622de0d7fefdebe72a6395 C:\WINDOWS\system32\DRIVERS\EMSC.SYS

MD5: 2358c53f30cb9dcd1d3843c4e2f299b2 C:\WINDOWS\system32\DRIVERS\iaStor.sys

MD5: c5db546f9028cd00e64335091860d8f3 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys

MD5: b5ab1108b377b5f3d37409fabda01453 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

MD5: aa88346ab7849a1cb34bd3424febfece C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

MD5: 72062b53186e4a3f5fcbc41ebb62b905 C:\WINDOWS\system32\DRIVERS\NETwLx32.sys

MD5: 696b37ea78f9d9767a2f18ba0304a51a C:\WINDOWS\system32\drivers\nmwcd.sys

MD5: bbb6010fc01d9239d88fcdf133e03ff0 C:\WINDOWS\system32\drivers\nmwcdc.sys

MD5: 4c3726467d67483f054c88f058e9c153 C:\WINDOWS\system32\drivers\nmwcdcj.sys

MD5: 4c3726467d67483f054c88f058e9c153 C:\WINDOWS\system32\drivers\nmwcdcm.sys

MD5: d6d12db43b80a2745e42ede226e38cb5 C:\WINDOWS\system32\drivers\RtkHDAud.sys

MD5: 362cb1d7498216f7b2686fdc5bbba58c C:\WINDOWS\system32\drivers\RTSTOR.SYS

MD5: 27fc71da659305e260acbda15a318399 C:\WINDOWS\system32\DRIVERS\s24trans.sys

MD5: b681223f5c6e7c36b3e65b4cab8db024 C:\WINDOWS\system32\DRIVERS\smserial.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: 2d97ad2db26e36046dae677bfae487d5 C:\WINDOWS\system32\DRIVERS\SynTP.sys

MD5: 4322c32ced8c4772e039616dcbf01d3f C:\WINDOWS\system32\DRIVERS\yk51x86.sys

MD5: 8e16bf5600797e678ea97051cf93e6bf C:\WINDOWS\system32\dumprep.exe

MD5: 6f363653c4fe0c15e847dd4c5e675590 C:\WINDOWS\system32\EMSC.dll

MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll

MD5: 5ce0f3d165c24bfb0e46258c40e20fe9 C:\WINDOWS\system32\hccutils.DLL

MD5: 8ea6e15586b1063ab1190b082db0995d C:\WINDOWS\system32\hkcmd.exe

MD5: 53249b2147ddc8212b290acf80570290 C:\WINDOWS\system32\ieframe.dll

MD5: 8368b315de37a3006afe271123e4280b C:\WINDOWS\system32\iepeers.dll

MD5: d1b3d1e05bedc8f9b0bbbc03d6033f82 C:\WINDOWS\system32\iertutil.dll

MD5: 52befbd6988057e329e14cee7dc2ac4a C:\WINDOWS\system32\igfxdev.dll

MD5: 187b4e045ddb3b3fad5c714a65420c1d C:\WINDOWS\system32\igfxpers.exe

MD5: 249d9a79f4bd714c15175eb2de787e97 C:\WINDOWS\system32\igfxrENU.lrc

MD5: 868afa6b394737f6237662702fbf992a C:\WINDOWS\system32\igfxress.dll

MD5: 779742930b92a99f941804495172bfd8 C:\WINDOWS\system32\igfxsrvc.dll

MD5: 496db4918fa5f915885d7b599409d463 C:\WINDOWS\system32\igfxsrvc.exe

MD5: 8eaf53527d3e8439dd82b1ca43443936 C:\WINDOWS\system32\igfxtray.exe

MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll

MD5: 1b17e09c1223f6d17336d2dd7a1af4f4 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: 6fe42512ab1b89f32a7407f261b1d2d0 C:\WINDOWS\system32\kernel32.dll

MD5: 5677dfe438ec1f009273fc84feed6b10 C:\WINDOWS\system32\localspl.dll

MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: ec807244904fa170c299ab06d87fbdbe C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

MD5: f733c59712465b0bd2130bb7c1a6d6e3 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll

MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL

MD5: 727c9e97cb26879c17a30484c2c76e98 C:\WINDOWS\system32\mshtml.dll

MD5: 9e70016c950b1f8fdeaa6f067e2e25a8 C:\WINDOWS\system32\msjet40.dll

MD5: 7e2b58ce8c4013287371667880b1080d C:\WINDOWS\system32\MSJINT40.DLL

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\System32\mswsock.dll

MD5: afdc647d16b285b9ae6140335b3b3255 C:\WINDOWS\system32\mswstr10.dll

MD5: acfee2392503dd5e457363a0510b8bcb C:\WINDOWS\system32\msxml3.dll

MD5: 2b8b64aa14f817bdf3e3204fb041a61d C:\WINDOWS\System32\mtxoci.dll

MD5: cac752bf84db4666ed3ce0948e6ea937 C:\WINDOWS\system32\netapi32.dll

MD5: af71930ec177ad42281ab13a3d21e7b1 C:\WINDOWS\system32\netprovcredman.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll

MD5: 96c406ec877eb23bb753e59b776c6bc7 C:\WINDOWS\system32\npDeployJava1.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 2c288aa87e4723ac9ff4d76a192ec3f8 C:\WINDOWS\system32\odbccp32.dll

MD5: 5ce275cdc5ffb77b1ec29dbdfe4b6689 C:\WINDOWS\system32\odbcji32.dll

MD5: 1b05dcc75fbb903a17e3e0ddaea8d508 C:\WINDOWS\system32\odbcjt32.dll

MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll

MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll

MD5: eff03460e542eea6b0abdec6bf19c897 C:\WINDOWS\system32\OLEAUT32.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS\system32\schannel.dll

MD5: 43d875d915a076f36bdf2c8ef50e0ffa C:\WINDOWS\system32\SHDOCVW.dll

MD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll

MD5: 32e4c243933f0373afe137cad3940fc2 C:\WINDOWS\system32\SynCOM.dll

MD5: 5ee950089e7a099065f9950edbb86cbb C:\WINDOWS\system32\SynTPAPI.dll

MD5: 84a5c7b9b1b82f94a8245781fd44d8ba C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: c7000f2db2a5515c64c257478769a481 C:\WINDOWS\system32\wbem\unsecapp.exe

MD5: 960f6d3cd9a1ba6435d7aadd102b297f C:\WINDOWS\system32\wbem\wmiprov.dll

MD5: 662461bdb5edfa63b7efb389a3ba75ad C:\WINDOWS\system32\wbtapi.dll

MD5: 6b87ad39e950f603e2075c1044662233 C:\WINDOWS\system32\WidcommSdk.dll

MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll

MD5: d175f91a4c98b8848818c9b5089f88a2 C:\WINDOWS\system32\WININET.dll

MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll

MD5: d458b738b4c2ce33174cfb2ce12412db C:\WINDOWS\system32\WINTRUST.dll

MD5: 9eefe69139fdbb4a3c327630f8eb993a C:\WINDOWS\system32\wlanapi.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll

MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll

MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\MFC90ENU.DLL

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll

No file uploaded.

Scan finished - communication took 3 sec

Total traffic - 0.01 MB sent, 1.04 KB recvd

Scanned 692 files and modules - 64 seconds

==============================================================================

[catroy]

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Joe [Admin rights]

Mode : Scan -- Date : 02/14/2013 17:06:19

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1246GSX +++++

--- User ---

[MBR] 5f344a6226a99f72f84566f5115c0e91

[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02142013_02d1706.txt >>

RKreport[1]_S_02142013_02d1706.txt

[Maurice Naggar]

Your logs showed some peer-to-peer filesharing apps: µTorrent I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

On your next reply, confirm that you have removed /uninstalled µTorrent.

Also Uninstall Java 6 Update 17. Older versions of Java pose a security risk.

And if you do not need Java for the programs that you use, keep Java off your system .

How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse

Also see No, Seriously, Just Disable Java in Your Browser Right Now

See also Corrine's Security Blog post http://securitygarden.blogspot.com/2013/02/accelerated-java-critical-update.html

If you do need Java on your system, see Oracle releases new Java update to close security holes

NEXT:

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• IF prompted to Reboot, reply "Yes".

NEXT:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

NEXT:

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

On the following screen:

uncheck trace disk IO calls at the bottom left

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

[catroy]

Thanks for the assistance Maurice, I have since uninstall utorrent. Below is the scan reports requested:

15:49:40.0250 0624 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

15:49:41.0015 0624 ============================================================

15:49:41.0031 0624 Current date / time: 2013/02/15 15:49:41.0015

15:49:41.0031 0624 SystemInfo:

15:49:41.0031 0624

15:49:41.0031 0624 OS Version: 5.1.2600 ServicePack: 3.0

15:49:41.0031 0624 Product type: Workstation

15:49:41.0031 0624 ComputerName: JOE-6D21435FB75

15:49:41.0031 0624 UserName: Joe

15:49:41.0031 0624 Windows directory: C:\WINDOWS

15:49:41.0031 0624 System windows directory: C:\WINDOWS

15:49:41.0031 0624 Processor architecture: Intel x86

15:49:41.0031 0624 Number of processors: 2

15:49:41.0031 0624 Page size: 0x1000

15:49:41.0031 0624 Boot type: Normal boot

15:49:41.0031 0624 ============================================================

15:49:41.0812 0624 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:49:41.0843 0624 ============================================================

15:49:41.0843 0624 \Device\Harddisk0\DR0:

15:49:41.0843 0624 MBR partitions:

15:49:41.0843 0624 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1

15:49:41.0843 0624 ============================================================

15:49:41.0859 0624 C: <-> \Device\Harddisk0\DR0\Partition1

15:49:41.0875 0624 ============================================================

15:49:41.0875 0624 Initialize success

15:49:41.0875 0624 ============================================================

15:49:56.0468 1920 ============================================================

15:49:56.0468 1920 Scan started

15:49:56.0468 1920 Mode: Manual;

15:49:56.0468 1920 ============================================================

15:49:56.0625 1920 ================ Scan system memory ========================

15:50:00.0062 1920 System memory - ok

15:50:00.0062 1920 ================ Scan services =============================

15:50:00.0203 1920 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys

15:50:00.0203 1920 Aavmker4 - ok

15:50:00.0203 1920 Abiosdsk - ok

15:50:00.0218 1920 abp480n5 - ok

15:50:00.0250 1920 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:50:00.0250 1920 ACPI - ok

15:50:00.0281 1920 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

15:50:00.0296 1920 ACPIEC - ok

15:50:00.0328 1920 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

15:50:00.0328 1920 AdobeFlashPlayerUpdateSvc - ok

15:50:00.0343 1920 adpu160m - ok

15:50:00.0359 1920 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

15:50:00.0359 1920 aec - ok

15:50:00.0406 1920 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

15:50:00.0406 1920 AFD - ok

15:50:00.0406 1920 Aha154x - ok

15:50:00.0421 1920 aic78u2 - ok

15:50:00.0421 1920 aic78xx - ok

15:50:00.0484 1920 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

15:50:00.0484 1920 Alerter - ok

15:50:00.0500 1920 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

15:50:00.0500 1920 ALG - ok

15:50:00.0515 1920 AliIde - ok

15:50:00.0515 1920 amsint - ok

15:50:00.0625 1920 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:50:00.0625 1920 Apple Mobile Device - ok

15:50:00.0671 1920 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

15:50:00.0671 1920 AppMgmt - ok

15:50:00.0687 1920 asc - ok

15:50:00.0687 1920 asc3350p - ok

15:50:00.0703 1920 asc3550 - ok

15:50:00.0828 1920 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

15:50:00.0828 1920 aspnet_state - ok

15:50:00.0859 1920 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys

15:50:00.0859 1920 aswFsBlk - ok

15:50:00.0906 1920 [ CCAFDA4AB7F3738142B3BA7DA311FFB0 ] aswFW C:\WINDOWS\system32\drivers\aswFW.sys

15:50:00.0906 1920 aswFW - ok

15:50:00.0937 1920 [ E2FEE0486D68BF85355D3EDA1A24FF68 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys

15:50:00.0937 1920 aswKbd - ok

15:50:00.0968 1920 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys

15:50:00.0968 1920 aswMon2 - ok

15:50:00.0984 1920 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\WINDOWS\system32\DRIVERS\aswNdis.sys

15:50:00.0984 1920 aswNdis - ok

15:50:01.0031 1920 [ DCF8B68A3A6217F87CA7FA95F535B47E ] aswNdis2 C:\WINDOWS\system32\drivers\aswNdis2.sys

15:50:01.0031 1920 aswNdis2 - ok

15:50:01.0062 1920 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys

15:50:01.0062 1920 AswRdr - ok

15:50:01.0109 1920 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys

15:50:01.0125 1920 aswSnx - ok

15:50:01.0171 1920 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys

15:50:01.0171 1920 aswSP - ok

15:50:01.0203 1920 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys

15:50:01.0203 1920 aswTdi - ok

15:50:01.0234 1920 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:50:01.0234 1920 AsyncMac - ok

15:50:01.0250 1920 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

15:50:01.0250 1920 atapi - ok

15:50:01.0250 1920 Atdisk - ok

15:50:01.0281 1920 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:50:01.0281 1920 Atmarpc - ok

15:50:01.0343 1920 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

15:50:01.0343 1920 AudioSrv - ok

15:50:01.0390 1920 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

15:50:01.0390 1920 audstub - ok

15:50:01.0453 1920 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

15:50:01.0453 1920 avast! Antivirus - ok

15:50:01.0515 1920 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe

15:50:01.0515 1920 avast! Firewall - ok

15:50:01.0546 1920 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

15:50:01.0546 1920 Beep - ok

15:50:01.0593 1920 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

15:50:01.0609 1920 BITS - ok

15:50:01.0687 1920 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

15:50:01.0703 1920 Bonjour Service - ok

15:50:01.0734 1920 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

15:50:01.0734 1920 Browser - ok

15:50:01.0796 1920 [ BD8B1C0212366BDC50A42E8537EC1424 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys

15:50:01.0796 1920 btaudio - ok

15:50:01.0828 1920 [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys

15:50:01.0828 1920 BTDriver - ok

15:50:01.0890 1920 [ BE56146BA416DD6AB7F0E791776F404D ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys

15:50:01.0890 1920 BTKRNL - ok

15:50:01.0984 1920 [ A4A625D281803E90D776912B5C612EC6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

15:50:01.0984 1920 btwdins - ok

15:50:02.0000 1920 [ 80F61DE965C116051614AC2F04222FF7 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys

15:50:02.0015 1920 BTWDNDIS - ok

15:50:02.0015 1920 [ E48668B4A6A5CF68B33AECAD18EE8E1E ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys

15:50:02.0031 1920 btwhid - ok

15:50:02.0062 1920 [ 8BCD7BFE9C70A8FF7444263435B18AA1 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys

15:50:02.0062 1920 btwmodem - ok

15:50:02.0062 1920 [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys

15:50:02.0062 1920 BTWUSB - ok

15:50:02.0109 1920 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

15:50:02.0109 1920 cbidf2k - ok

15:50:02.0156 1920 [ 359E5A91D26D0439933BEF1C29CEDEF7 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe

15:50:02.0156 1920 CCALib8 - ok

15:50:02.0171 1920 cd20xrnt - ok

15:50:02.0203 1920 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

15:50:02.0203 1920 Cdaudio - ok

15:50:02.0250 1920 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

15:50:02.0250 1920 Cdfs - ok

15:50:02.0265 1920 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:50:02.0265 1920 Cdrom - ok

15:50:02.0296 1920 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys

15:50:02.0296 1920 cercsr6 - ok

15:50:02.0296 1920 Changer - ok

15:50:02.0359 1920 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

15:50:02.0359 1920 CiSvc - ok

15:50:02.0375 1920 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

15:50:02.0375 1920 ClipSrv - ok

15:50:02.0406 1920 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:50:02.0421 1920 clr_optimization_v2.0.50727_32 - ok

15:50:02.0453 1920 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:50:02.0515 1920 clr_optimization_v4.0.30319_32 - ok

15:50:02.0546 1920 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

15:50:02.0546 1920 CmBatt - ok

15:50:02.0546 1920 CmdIde - ok

15:50:02.0562 1920 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

15:50:02.0562 1920 Compbatt - ok

15:50:02.0578 1920 COMSysApp - ok

15:50:02.0593 1920 Cpqarray - ok

15:50:02.0671 1920 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys

15:50:02.0671 1920 cpudrv - ok

15:50:02.0703 1920 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

15:50:02.0718 1920 CryptSvc - ok

15:50:02.0718 1920 dac2w2k - ok

15:50:02.0734 1920 dac960nt - ok

15:50:02.0781 1920 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

15:50:02.0796 1920 DcomLaunch - ok

15:50:02.0828 1920 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

15:50:02.0843 1920 Dhcp - ok

15:50:02.0843 1920 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

15:50:02.0843 1920 Disk - ok

15:50:02.0859 1920 dmadmin - ok

15:50:02.0890 1920 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

15:50:02.0906 1920 dmboot - ok

15:50:02.0937 1920 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

15:50:02.0937 1920 dmio - ok

15:50:02.0968 1920 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

15:50:02.0968 1920 dmload - ok

15:50:03.0000 1920 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

15:50:03.0015 1920 dmserver - ok

15:50:03.0031 1920 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

15:50:03.0031 1920 DMusic - ok

15:50:03.0062 1920 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

15:50:03.0062 1920 Dnscache - ok

15:50:03.0125 1920 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

15:50:03.0140 1920 Dot3svc - ok

15:50:03.0140 1920 dpti2o - ok

15:50:03.0156 1920 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

15:50:03.0156 1920 drmkaud - ok

15:50:03.0187 1920 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

15:50:03.0187 1920 EapHost - ok

15:50:03.0234 1920 [ 553CFF6CF3622DE0D7FEFDEBE72A6395 ] EMSC C:\WINDOWS\system32\DRIVERS\EMSC.SYS

15:50:03.0234 1920 EMSC - ok

15:50:03.0265 1920 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

15:50:03.0265 1920 ERSvc - ok

15:50:03.0312 1920 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

15:50:03.0328 1920 Eventlog - ok

15:50:03.0375 1920 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

15:50:03.0375 1920 EventSystem - ok

15:50:03.0453 1920 [ B5DEC98E17E2A70A0A0BE542ED36F279 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

15:50:03.0468 1920 EvtEng - ok

15:50:03.0515 1920 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

15:50:03.0515 1920 Fastfat - ok

15:50:03.0546 1920 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

15:50:03.0562 1920 FastUserSwitchingCompatibility - ok

15:50:03.0578 1920 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

15:50:03.0578 1920 Fdc - ok

15:50:03.0593 1920 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

15:50:03.0593 1920 Fips - ok

15:50:03.0593 1920 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

15:50:03.0609 1920 Flpydisk - ok

15:50:03.0656 1920 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

15:50:03.0656 1920 FltMgr - ok

15:50:03.0750 1920 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:50:03.0750 1920 FontCache3.0.0.0 - ok

15:50:03.0765 1920 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:50:03.0765 1920 Fs_Rec - ok

15:50:03.0796 1920 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:50:03.0796 1920 Ftdisk - ok

15:50:03.0843 1920 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

15:50:03.0843 1920 GEARAspiWDM - ok

15:50:03.0890 1920 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:50:03.0890 1920 Gpc - ok

15:50:03.0921 1920 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

15:50:03.0937 1920 HDAudBus - ok

15:50:04.0000 1920 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:50:04.0000 1920 helpsvc - ok

15:50:04.0015 1920 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

15:50:04.0031 1920 HidServ - ok

15:50:04.0046 1920 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:50:04.0046 1920 hidusb - ok

15:50:04.0078 1920 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

15:50:04.0078 1920 hkmsvc - ok

15:50:04.0093 1920 hpn - ok

15:50:04.0125 1920 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

15:50:04.0140 1920 HTTP - ok

15:50:04.0156 1920 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

15:50:04.0171 1920 HTTPFilter - ok

15:50:04.0187 1920 i2omgmt - ok

15:50:04.0187 1920 i2omp - ok

15:50:04.0234 1920 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:50:04.0234 1920 i8042prt - ok

15:50:04.0328 1920 [ C5DB546F9028CD00E64335091860D8F3 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

15:50:04.0359 1920 ialm - ok

15:50:04.0390 1920 [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iastor C:\WINDOWS\system32\DRIVERS\iaStor.sys

15:50:04.0390 1920 iastor - ok

15:50:04.0453 1920 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

15:50:04.0453 1920 IDriverT - ok

15:50:04.0531 1920 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:50:04.0546 1920 idsvc - ok

15:50:04.0578 1920 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

15:50:04.0578 1920 Imapi - ok

15:50:04.0625 1920 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

15:50:04.0625 1920 ImapiService - ok

15:50:04.0640 1920 ini910u - ok

15:50:04.0828 1920 [ D6D12DB43B80A2745E42EDE226E38CB5 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

15:50:04.0875 1920 IntcAzAudAddService - ok

15:50:04.0890 1920 IntelIde - ok

15:50:04.0921 1920 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:50:04.0921 1920 intelppm - ok

15:50:04.0937 1920 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

15:50:04.0937 1920 Ip6Fw - ok

15:50:04.0968 1920 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:50:04.0984 1920 IpFilterDriver - ok

15:50:05.0000 1920 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:50:05.0000 1920 IpInIp - ok

15:50:05.0031 1920 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:50:05.0031 1920 IpNat - ok

15:50:05.0093 1920 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

15:50:05.0109 1920 iPod Service - ok

15:50:05.0140 1920 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:50:05.0140 1920 IPSec - ok

15:50:05.0156 1920 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

15:50:05.0156 1920 IRENUM - ok

15:50:05.0187 1920 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:50:05.0203 1920 isapnp - ok

15:50:05.0281 1920 [ 39133291CB607BDD87CFC565A4A1E7A5 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

15:50:05.0281 1920 JavaQuickStarterService - ok

15:50:05.0296 1920 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:50:05.0296 1920 Kbdclass - ok

15:50:05.0328 1920 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

15:50:05.0328 1920 kmixer - ok

15:50:05.0343 1920 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

15:50:05.0343 1920 KSecDD - ok

15:50:05.0375 1920 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

15:50:05.0390 1920 lanmanserver - ok

15:50:05.0406 1920 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

15:50:05.0421 1920 lanmanworkstation - ok

15:50:05.0437 1920 lbrtfdc - ok

15:50:05.0484 1920 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

15:50:05.0484 1920 LmHosts - ok

15:50:05.0500 1920 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

15:50:05.0515 1920 Messenger - ok

15:50:05.0546 1920 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

15:50:05.0546 1920 mnmdd - ok

15:50:05.0578 1920 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

15:50:05.0593 1920 mnmsrvc - ok

15:50:05.0609 1920 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

15:50:05.0609 1920 Modem - ok

15:50:05.0671 1920 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:50:05.0671 1920 Mouclass - ok

15:50:05.0687 1920 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:50:05.0687 1920 mouhid - ok

15:50:05.0718 1920 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

15:50:05.0718 1920 MountMgr - ok

15:50:05.0765 1920 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

15:50:05.0781 1920 MozillaMaintenance - ok

15:50:05.0781 1920 mraid35x - ok

15:50:05.0812 1920 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:50:05.0812 1920 MRxDAV - ok

15:50:05.0859 1920 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:50:05.0875 1920 MRxSmb - ok

15:50:05.0906 1920 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

15:50:05.0921 1920 MSDTC - ok

15:50:05.0937 1920 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

15:50:05.0937 1920 Msfs - ok

15:50:05.0937 1920 MSIServer - ok

15:50:05.0968 1920 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:50:05.0968 1920 MSKSSRV - ok

15:50:06.0031 1920 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:50:06.0031 1920 MSPCLOCK - ok

15:50:06.0062 1920 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

15:50:06.0078 1920 MSPQM - ok

15:50:06.0093 1920 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:50:06.0093 1920 mssmbios - ok

15:50:06.0125 1920 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

15:50:06.0125 1920 Mup - ok

15:50:06.0171 1920 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

15:50:06.0187 1920 napagent - ok

15:50:06.0203 1920 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

15:50:06.0218 1920 NDIS - ok

15:50:06.0250 1920 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:50:06.0250 1920 NdisTapi - ok

15:50:06.0281 1920 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:50:06.0281 1920 Ndisuio - ok

15:50:06.0281 1920 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:50:06.0296 1920 NdisWan - ok

15:50:06.0328 1920 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

15:50:06.0328 1920 NDProxy - ok

15:50:06.0328 1920 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

15:50:06.0343 1920 NetBIOS - ok

15:50:06.0359 1920 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

15:50:06.0359 1920 NetBT - ok

15:50:06.0390 1920 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

15:50:06.0406 1920 NetDDE - ok

15:50:06.0406 1920 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

15:50:06.0421 1920 NetDDEdsdm - ok

15:50:06.0453 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

15:50:06.0468 1920 Netlogon - ok

15:50:06.0484 1920 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

15:50:06.0500 1920 Netman - ok

15:50:06.0531 1920 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

15:50:06.0546 1920 NetTcpPortSharing - ok

15:50:06.0640 1920 [ B5AB1108B377B5F3D37409FABDA01453 ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

15:50:06.0687 1920 NETw4x32 - ok

15:50:06.0859 1920 [ AA88346AB7849A1CB34BD3424FEBFECE ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

15:50:06.0968 1920 NETw5x32 - ok

15:50:07.0203 1920 [ 72062B53186E4A3F5FCBC41EBB62B905 ] NETwLx32 C:\WINDOWS\system32\DRIVERS\NETwLx32.sys

15:50:07.0375 1920 NETwLx32 - ok

15:50:07.0406 1920 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

15:50:07.0421 1920 Nla - ok

15:50:07.0453 1920 [ 696B37EA78F9D9767A2F18BA0304A51A ] nmwcd C:\WINDOWS\system32\drivers\nmwcd.sys

15:50:07.0453 1920 nmwcd - ok

15:50:07.0468 1920 [ BBB6010FC01D9239D88FCDF133E03FF0 ] nmwcdc C:\WINDOWS\system32\drivers\nmwcdc.sys

15:50:07.0484 1920 nmwcdc - ok

15:50:07.0500 1920 [ 4C3726467D67483F054C88F058E9C153 ] nmwcdcj C:\WINDOWS\system32\drivers\nmwcdcj.sys

15:50:07.0500 1920 nmwcdcj - ok

15:50:07.0515 1920 [ 4C3726467D67483F054C88F058E9C153 ] nmwcdcm C:\WINDOWS\system32\drivers\nmwcdcm.sys

15:50:07.0515 1920 nmwcdcm - ok

15:50:07.0546 1920 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

15:50:07.0546 1920 Npfs - ok

15:50:07.0578 1920 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

15:50:07.0593 1920 Ntfs - ok

15:50:07.0609 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

15:50:07.0609 1920 NtLmSsp - ok

15:50:07.0687 1920 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

15:50:07.0703 1920 NtmsSvc - ok

15:50:07.0718 1920 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

15:50:07.0718 1920 Null - ok

15:50:07.0765 1920 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:50:07.0765 1920 NwlnkFlt - ok

15:50:07.0796 1920 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:50:07.0796 1920 NwlnkFwd - ok

15:50:07.0828 1920 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys

15:50:07.0828 1920 Parport - ok

15:50:07.0875 1920 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

15:50:07.0890 1920 PartMgr - ok

15:50:07.0921 1920 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

15:50:07.0921 1920 ParVdm - ok

15:50:07.0937 1920 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

15:50:07.0937 1920 PCI - ok

15:50:07.0937 1920 PCIDump - ok

15:50:07.0968 1920 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

15:50:07.0968 1920 PCIIde - ok

15:50:07.0984 1920 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

15:50:08.0000 1920 Pcmcia - ok

15:50:08.0000 1920 PDCOMP - ok

15:50:08.0015 1920 PDFRAME - ok

15:50:08.0015 1920 PDRELI - ok

15:50:08.0031 1920 PDRFRAME - ok

15:50:08.0031 1920 perc2 - ok

15:50:08.0046 1920 perc2hib - ok

15:50:08.0093 1920 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

15:50:08.0093 1920 PlugPlay - ok

15:50:08.0109 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

15:50:08.0109 1920 PolicyAgent - ok

15:50:08.0125 1920 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:50:08.0125 1920 PptpMiniport - ok

15:50:08.0140 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

15:50:08.0140 1920 ProtectedStorage - ok

15:50:08.0156 1920 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

15:50:08.0156 1920 PSched - ok

15:50:08.0156 1920 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:50:08.0171 1920 Ptilink - ok

15:50:08.0171 1920 ql1080 - ok

15:50:08.0171 1920 Ql10wnt - ok

15:50:08.0187 1920 ql12160 - ok

15:50:08.0203 1920 ql1240 - ok

15:50:08.0203 1920 ql1280 - ok

15:50:08.0218 1920 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:50:08.0218 1920 RasAcd - ok

15:50:08.0250 1920 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

15:50:08.0265 1920 RasAuto - ok

15:50:08.0281 1920 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:50:08.0281 1920 Rasl2tp - ok

15:50:08.0312 1920 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

15:50:08.0328 1920 RasMan - ok

15:50:08.0328 1920 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:50:08.0328 1920 RasPppoe - ok

15:50:08.0328 1920 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

15:50:08.0343 1920 Raspti - ok

15:50:08.0359 1920 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:50:08.0359 1920 Rdbss - ok

15:50:08.0359 1920 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:50:08.0375 1920 RDPCDD - ok

15:50:08.0390 1920 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:50:08.0390 1920 rdpdr - ok

15:50:08.0437 1920 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

15:50:08.0437 1920 RDPWD - ok

15:50:08.0453 1920 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

15:50:08.0468 1920 RDSessMgr - ok

15:50:08.0500 1920 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

15:50:08.0500 1920 redbook - ok

15:50:08.0562 1920 [ 69C66820C92367812948488B0236639E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

15:50:08.0562 1920 RegSrvc - ok

15:50:08.0609 1920 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

15:50:08.0609 1920 RemoteAccess - ok

15:50:08.0671 1920 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

15:50:08.0687 1920 RemoteRegistry - ok

15:50:08.0718 1920 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys

15:50:08.0718 1920 ROOTMODEM - ok

15:50:08.0750 1920 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

15:50:08.0765 1920 RpcLocator - ok

15:50:08.0796 1920 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

15:50:08.0812 1920 RpcSs - ok

15:50:08.0843 1920 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

15:50:08.0859 1920 RSVP - ok

15:50:08.0906 1920 [ 362CB1D7498216F7B2686FDC5BBBA58C ] RTSTOR C:\WINDOWS\system32\drivers\RTSTOR.SYS

15:50:08.0906 1920 RTSTOR - ok

15:50:08.0984 1920 [ F29F36DF6EE5908A3D87D1EE6850260E ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

15:50:09.0000 1920 S24EventMonitor - ok

15:50:09.0031 1920 [ 27FC71DA659305E260ACBDA15A318399 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys

15:50:09.0031 1920 s24trans - ok

15:50:09.0046 1920 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

15:50:09.0062 1920 SamSs - ok

15:50:09.0093 1920 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

15:50:09.0109 1920 SCardSvr - ok

15:50:09.0140 1920 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

15:50:09.0156 1920 Schedule - ok

15:50:09.0187 1920 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:50:09.0203 1920 Secdrv - ok

15:50:09.0218 1920 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

15:50:09.0234 1920 seclogon - ok

15:50:09.0234 1920 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

15:50:09.0250 1920 SENS - ok

15:50:09.0281 1920 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

15:50:09.0281 1920 Serial - ok

15:50:09.0328 1920 [ 019AB047B932AD277A4DA2673E5CC19C ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

15:50:09.0343 1920 ServiceLayer - ok

15:50:09.0390 1920 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

15:50:09.0390 1920 Sfloppy - ok

15:50:09.0437 1920 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

15:50:09.0437 1920 SharedAccess - ok

15:50:09.0468 1920 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

15:50:09.0484 1920 ShellHWDetection - ok

15:50:09.0484 1920 Simbad - ok

15:50:09.0515 1920 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

15:50:09.0531 1920 SkypeUpdate - ok

15:50:09.0593 1920 [ B681223F5C6E7C36B3E65B4CAB8DB024 ] smserial C:\WINDOWS\system32\DRIVERS\smserial.sys

15:50:09.0625 1920 smserial - ok

15:50:09.0625 1920 Sparrow - ok

15:50:09.0656 1920 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

15:50:09.0656 1920 splitter - ok

15:50:09.0703 1920 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

15:50:09.0718 1920 Spooler - ok

15:50:09.0750 1920 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

15:50:09.0750 1920 sr - ok

15:50:09.0796 1920 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

15:50:09.0812 1920 srservice - ok

15:50:09.0843 1920 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

15:50:09.0859 1920 Srv - ok

15:50:09.0875 1920 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

15:50:09.0890 1920 SSDPSRV - ok

15:50:09.0937 1920 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

15:50:09.0953 1920 stisvc - ok

15:50:09.0968 1920 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

15:50:09.0968 1920 swenum - ok

15:50:10.0000 1920 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

15:50:10.0015 1920 swmidi - ok

15:50:10.0015 1920 SwPrv - ok

15:50:10.0031 1920 symc810 - ok

15:50:10.0046 1920 symc8xx - ok

15:50:10.0046 1920 sym_hi - ok

15:50:10.0062 1920 sym_u3 - ok

15:50:10.0109 1920 [ 2D97AD2DB26E36046DAE677BFAE487D5 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys

15:50:10.0109 1920 SynTP - ok

15:50:10.0125 1920 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

15:50:10.0125 1920 sysaudio - ok

15:50:10.0156 1920 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

15:50:10.0171 1920 SysmonLog - ok

15:50:10.0203 1920 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

15:50:10.0218 1920 TapiSrv - ok

15:50:10.0265 1920 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:50:10.0281 1920 Tcpip - ok

15:50:10.0312 1920 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

15:50:10.0312 1920 TDPIPE - ok

15:50:10.0328 1920 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

15:50:10.0328 1920 TDTCP - ok

15:50:10.0359 1920 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

15:50:10.0359 1920 TermDD - ok

15:50:10.0390 1920 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

15:50:10.0406 1920 TermService - ok

15:50:10.0437 1920 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

15:50:10.0453 1920 Themes - ok

15:50:10.0484 1920 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

15:50:10.0500 1920 TlntSvr - ok

15:50:10.0500 1920 TosIde - ok

15:50:10.0531 1920 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

15:50:10.0546 1920 TrkWks - ok

15:50:10.0578 1920 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

15:50:10.0578 1920 Udfs - ok

15:50:10.0578 1920 ultra - ok

15:50:10.0625 1920 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

15:50:10.0640 1920 Update - ok

15:50:10.0703 1920 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

15:50:10.0718 1920 upnphost - ok

15:50:10.0734 1920 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

15:50:10.0750 1920 UPS - ok

15:50:10.0781 1920 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:50:10.0781 1920 usbehci - ok

15:50:10.0812 1920 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:50:10.0812 1920 usbhub - ok

15:50:10.0843 1920 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:50:10.0843 1920 usbscan - ok

15:50:10.0859 1920 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:50:10.0859 1920 usbstor - ok

15:50:10.0890 1920 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:50:10.0890 1920 usbuhci - ok

15:50:10.0906 1920 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

15:50:10.0921 1920 VgaSave - ok

15:50:10.0921 1920 ViaIde - ok

15:50:10.0937 1920 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

15:50:10.0937 1920 VolSnap - ok

15:50:10.0984 1920 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

15:50:11.0000 1920 VSS - ok

15:50:11.0015 1920 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

15:50:11.0031 1920 W32Time - ok

15:50:11.0062 1920 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:50:11.0062 1920 Wanarp - ok

15:50:11.0109 1920 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

15:50:11.0125 1920 Wdf01000 - ok

15:50:11.0125 1920 WDICA - ok

15:50:11.0140 1920 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

15:50:11.0156 1920 wdmaud - ok

15:50:11.0171 1920 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

15:50:11.0187 1920 WebClient - ok

15:50:11.0250 1920 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

15:50:11.0250 1920 winmgmt - ok

15:50:11.0296 1920 [ 9CAC8EC258396C3ED6843085143B3F61 ] WLANKEEPER C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

15:50:11.0312 1920 WLANKEEPER - ok

15:50:11.0343 1920 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

15:50:11.0343 1920 WmdmPmSN - ok

15:50:11.0390 1920 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

15:50:11.0390 1920 Wmi - ok

15:50:11.0421 1920 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

15:50:11.0453 1920 WmiApSrv - ok

15:50:11.0515 1920 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

15:50:11.0531 1920 WMPNetworkSvc - ok

15:50:11.0609 1920 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

15:50:11.0640 1920 WPFFontCache_v0400 - ok

15:50:11.0718 1920 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

15:50:11.0734 1920 wscsvc - ok

15:50:11.0750 1920 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

15:50:11.0765 1920 wuauserv - ok

15:50:11.0796 1920 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:50:11.0812 1920 WudfPf - ok

15:50:11.0828 1920 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:50:11.0828 1920 WudfRd - ok

15:50:11.0875 1920 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

15:50:11.0921 1920 WudfSvc - ok

15:50:11.0984 1920 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

15:50:12.0015 1920 WZCSVC - ok

15:50:12.0062 1920 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

15:50:12.0078 1920 xmlprov - ok

15:50:12.0125 1920 [ 4322C32CED8C4772E039616DCBF01D3F ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys

15:50:12.0125 1920 yukonwxp - ok

15:50:12.0140 1920 ================ Scan global ===============================

15:50:12.0187 1920 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

15:50:12.0218 1920 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

15:50:12.0234 1920 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

15:50:12.0281 1920 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

15:50:12.0296 1920 [Global] - ok

15:50:12.0296 1920 ================ Scan MBR ==================================

15:50:12.0312 1920 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

15:50:12.0562 1920 \Device\Harddisk0\DR0 - ok

15:50:12.0562 1920 ================ Scan VBR ==================================

15:50:12.0562 1920 [ 6F54CCB64B66F058B479722FF299212A ] \Device\Harddisk0\DR0\Partition1

15:50:12.0578 1920 \Device\Harddisk0\DR0\Partition1 - ok

15:50:12.0578 1920 ============================================================

15:50:12.0578 1920 Scan finished

15:50:12.0578 1920 ============================================================

15:50:12.0593 2500 Detected object count: 0

15:50:12.0593 2500 Actual detected object count: 0

[catroy]

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-15 15:56:02

-----------------------------

15:56:02.328 OS Version: Windows 5.1.2600 Service Pack 3

15:56:02.328 Number of processors: 2 586 0xF0D

15:56:02.328 ComputerName: JOE-6D21435FB75 UserName: Joe

15:56:03.406 Initialize success

15:56:03.625 AVAST engine defs: 13021402

15:57:08.484 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

15:57:08.500 Disk 0 Vendor: TOSHIBA_ LB21 Size: 114473MB BusType: 3

15:57:08.546 Disk 0 MBR read successfully

15:57:08.546 Disk 0 MBR scan

15:57:08.562 Disk 0 Windows XP default MBR code

15:57:08.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63

15:57:08.593 Disk 0 scanning sectors +234420480

15:57:08.687 Disk 0 scanning C:\WINDOWS\system32\drivers

15:57:16.859 Service scanning

15:57:32.000 Modules scanning

15:57:38.421 AVAST engine scan C:\WINDOWS

15:57:45.328 AVAST engine scan C:\WINDOWS\system32

15:59:50.546 AVAST engine scan C:\WINDOWS\system32\drivers

16:00:03.218 AVAST engine scan C:\Documents and Settings\Joe

20:09:20.774 AVAST engine scan C:\Documents and Settings\All Users

20:09:58.024 Scan finished successfully

22:16:02.633 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Joe\Desktop\MBR.dat"

22:16:02.649 The log file has been saved successfully to "C:\Documents and Settings\Joe\Desktop\aswMBR.txt"

[catroy]

Forgot to mention the FIX button is not enabled in aswMBR.

[Maurice Naggar]

Good results on the last 2 tools.

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Add-or-Remove Programs, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Step 2

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Step 3

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

• Turn OFF your antivirus program.
  Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK
  Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted
  
• Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  
• If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.
  
• Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.
  
• You will see a screen similar to this:
  
  Click the checkbox to participate, and then click on Continue button.
  
• Next
  
  Click on Select onjects for scanning
  
• Next
  
  Put a checkmark by clicking on the boxes as shown.
  Do not select Temporary files or System Restore points.
  Then click on Start scanning button
  
• The scan in progress will be shown like this
  
  
• IF something is detected, you will see a screen similar to this
  
  For each item "detected", click on the Action column down arrow, like this
  
  Your options will be Cure or Ignore
  IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
  Typically, you will keep the Cute default.
  Then click on the Neutralize button.
  
• When the actions are completed, you will see this
  
  
• Click on the green Open Report line. It will pop-up the report in NOTEPAD.
  Save the report to your desktop. The report will be called Cureit.log
  
• While in NOTEPAD, do a CTRL+A to Copy all to clipboard.
  
• You should be able to get back to your forum topic, start a new reply,
  click 1 time in the box
  and do a CTRL+V (Paste}
  into reply.
  
• Close Dr.Web Cureit.
  
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Cureit.log you saved previously in your next reply.
  ONLY if the log is too large, then you may "attach" it.
  

Re-Enable your antivirus program when all done.

And tell me, How is your system now

[catroy]

Scanned and deleted the same virus with MBAM. Upon opening a new webpage on Firefox, noticed a webshield alert from Avast pointing to a virulent website, details copied from Avast online log:

15.02.2013 08:38 WebShield http://ytimg.biz/MUp...ates&browser=FF FileRepMalware

Also, am saving the DrCureit log as a note file with about 40mb of log list (trading data scanned and cleared with "ok") deleted, since it is too large to paste on this post, I guess this wouldn't stop your analysis as they were of the same data you see on 95% of the log report, appreciate your continued help.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.16.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Joe :: JOE-6D21435FB75 [administrator]

2/16/2013 11:45:00 AM

mbam-log-2013-02-16 (11-45-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 206271

Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\Joe\Application Data\MCommon\WindowsLiveUpdate.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

(end)

cureit.log

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Catroy only. If you are a casual viewer, do NOT try this on your system!

If you are not Catroy and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

For the Firefox browser: To Reset Firefox to its default state:

Start Firefox

in the address bar, type in

about:support

Click on the Reset Firefox button at top right of screen.

Also see http://support.mozilla.org/en-US/kb/reset-preferences-fix-problems?s=reset+search+options&r=2&as=s

Still in Firefox, on main menu, choose Tools >>> Options

click the General tab

Under the Downloads block

IF the SAVE files to is selected, then Click on (to select) Always ask me where to save files

Then press OK button.

go to Help >> About >> and check for updates and apply. That should get the latest version. Allow the restart of Firefox to finish updates.

Exit/close Firefox

Step 2

Logoff and Restart the system fresh.

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on Combo-Fix.exe accept the EULA & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now ?

RE-Enable your AntiVirus and AntiSpyware applications.

[catroy]

Hi Maurice,

Followed your advice to update Firefox and Adobe Reader to latest version. Below is ComboFix log:

ComboFix 13-02-15.01 - Joe 02/17/2013 12:18:11.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2496 [GMT 8:00]

Running from: c:\documents and settings\Joe\Desktop\Combo-Fix.exe

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\AMMYY

c:\documents and settings\All Users\Application Data\AMMYY\hr

c:\documents and settings\All Users\Application Data\AMMYY\hr3

c:\documents and settings\All Users\Application Data\AMMYY\settings3.bin

c:\documents and settings\Joe\GoToAssistDownloadHelper.exe

C:\Install.exe

c:\windows\system32\CddbCdda.dll

c:\windows\system32\roboot.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-01-17 to 2013-02-17 )))))))))))))))))))))))))))))))

.

.

2013-02-16 04:01 . 2013-02-16 04:01 -------- d-----w- c:\documents and settings\Joe\Doctor Web

2013-02-14 09:00 . 2013-02-14 09:00 -------- d-----w- c:\documents and settings\Joe\Application Data\QuickScan

2013-02-14 08:52 . 2013-02-14 08:52 -------- d-----w- C:\rsit

2013-02-14 08:52 . 2013-02-14 08:52 -------- d-----w- c:\program files\trend micro

2013-02-14 08:47 . 2013-02-14 08:48 -------- d-----w- c:\program files\ERUNT

2013-02-12 03:01 . 2012-10-30 22:51 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-02-12 03:01 . 2012-10-30 22:51 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-02-12 03:01 . 2012-10-30 22:51 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-02-12 03:01 . 2012-09-21 08:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2013-01-25 03:52 . 2013-01-25 03:52 -------- d-----w- c:\program files\Common Files\Skype

2013-01-25 03:52 . 2013-01-25 03:52 -------- d-----r- c:\program files\Skype

2013-01-19 11:56 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-01-19 11:56 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-01-19 11:56 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-01-19 11:56 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2013-01-19 11:56 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-01-19 11:56 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2013-01-19 11:56 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys

2013-01-19 11:56 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2013-01-19 11:55 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2013-01-19 11:55 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe

2013-01-19 11:39 . 2013-01-19 11:39 -------- d-----w- c:\program files\CCleaner

2013-01-19 09:50 . 2013-01-19 09:51 -------- d-----w- c:\program files\PDF Password Remover v3.1

2013-01-19 09:37 . 2013-01-19 09:52 -------- d-----w- c:\program files\Simpo PDF Password Remover

2013-01-19 09:27 . 2013-01-19 12:18 -------- d-----w- c:\documents and settings\Joe\Application Data\WinLive

2013-01-19 09:27 . 2013-02-16 08:21 -------- d-----w- c:\documents and settings\Joe\Application Data\MCommon

2013-01-19 09:17 . 2013-01-19 09:31 -------- d-----w- c:\program files\SecurityXploded

2013-01-19 08:40 . 2013-01-19 08:45 -------- d-----w- c:\documents and settings\Joe\Application Data\PerformerSoft

2013-01-19 08:40 . 2013-01-19 08:40 -------- d-----w- c:\program files\File Scout

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-08 16:50 . 2012-05-13 13:47 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-08 16:50 . 2012-05-13 13:47 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-26 03:55 . 2004-08-04 10:00 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:19 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:37 . 2005-03-30 01:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20 . 2004-08-04 10:00 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49 . 2004-08-04 10:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49 . 2004-08-04 10:00 1292288 ----a-w- c:\windows\system32\quartz.dll

2012-12-26 20:16 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2012-12-26 20:16 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-12-26 20:16 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-12-24 06:40 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec

2012-12-16 12:23 . 2004-08-04 10:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 08:49 . 2012-06-17 10:04 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-16 15:22 . 2013-02-16 15:22 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-28 16862720]

"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-01-25 53248]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-12 671744]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"WLSS"="c:\program files\Wireless Select Switch\WLSS.exe" [2007-08-10 189736]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-25 1323008]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-10-09 149280]

"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-04-24 1407248]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-04-24 1210640]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-10 572008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\NinjaTrader 7\\bin\\NinjaTrader.exe"=

"c:\\Program Files\\eSignal\\winros.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2/12/2013 11:01 AM 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2/12/2013 11:01 AM 199320]

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [7/4/2011 8:49 PM 9856]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2/12/2013 11:01 AM 106560]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/12/2013 11:01 AM 20624]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/19/2013 7:56 PM 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/19/2013 7:56 PM 361032]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/19/2013 7:56 PM 21256]

R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2/12/2013 11:01 AM 133912]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [10/29/2012 11:17 PM 6609920]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 16:50]

.

2013-02-17 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-19 22:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.my/

uInternet Settings,ProxyOverride = *.local

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\56ew6dwn.default-1361073193734\

FF - ExtSQL: 2013-01-19 19:56; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2013-02-17 11:53; hotfix@mozilla.org; c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix

FF - ExtSQL: !HIDDEN! 2013-02-17 11:53; hotfix@mozilla.org; c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-17 12:23

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1420)

c:\windows\system32\netprovcredman.dll

.

Completion time: 2013-02-17 12:27:06

ComboFix-quarantined-files.txt 2013-02-17 04:27

.

Pre-Run: 68,393,713,664 bytes free

Post-Run: 68,477,579,264 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - EF0915A146C0F4CD5D823B1F2867940A

[Maurice Naggar]

Allright, so far, so good. I'd like to have you do a Full scan with MalwareBytes' MBAM and then have you advise on how things are.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

[catroy]

No joy, trojan still resides in system after a full scan by MBAM, log follows:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.18.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Joe :: JOE-6D21435FB75 [administrator]

2/18/2013 9:08:13 AM

mbam-log-2013-02-18 (09-08-13).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 536827

Time elapsed: 2 hour(s), 7 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 11

C:\Documents and Settings\Joe\Application Data\MCommon\WindowsLiveUpdate.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C3AEFB08-2A0E-4151-A2D4-B9857324069E}\RP614\A0049979.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C3AEFB08-2A0E-4151-A2D4-B9857324069E}\RP616\A0050105.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C3AEFB08-2A0E-4151-A2D4-B9857324069E}\RP617\A0050177.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C3AEFB08-2A0E-4151-A2D4-B9857324069E}\RP617\A0050231.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C3AEFB08-2A0E-4151-A2D4-B9857324069E}\RP619\A0050390.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C3AEFB08-2A0E-4151-A2D4-B9857324069E}\RP621\A0050489.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C3AEFB08-2A0E-4151-A2D4-B9857324069E}\RP622\A0050639.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C3AEFB08-2A0E-4151-A2D4-B9857324069E}\RP623\A0050733.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C3AEFB08-2A0E-4151-A2D4-B9857324069E}\RP626\A0050961.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C3AEFB08-2A0E-4151-A2D4-B9857324069E}\RP630\A0051734.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

(end)

[Maurice Naggar]

The last 10 ones found in "system volume info" are not active and do not count as active threats.

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for Catroy only. If you are a casual viewer, do NOT try this on your system!

If you are not Catroy and have a similar problem, do NOT post here; start your own topic

The procedures in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

Do as much as possible of the following.

Step 1

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a new reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 2

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here & Save the file to ARK folder

========================================================

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

========================================================

On WIN XP, double-click the EXE to start it.

On Vista/WIN 7/8 do a Right-click and select Run As Administrator to launch the program.

(If you get an immediate message about rootkit activity, ignore and proceed with instructions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in a new reply.

Step 3

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.

Then copy/paste the following into your post (in order):

• the contents of OTL.txt;
  
• the contents of Extras.txt
  

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Step 4

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Dirlook::
C:\Documents and Settings\Joe\Application Data\MCommon

Quit::

Save this as CFScript.txt, in the same location as Combo-Fix.exe

3. Close any (all) open browsers.

4:

Refering to the picture above, drag CFScript into ComboFix.exe {{ red-lion icon }}

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require info a new reply.

Your hope to "cut down" the time to cure did not pan out. This "infection" is a bit more "persistent".

Do have lots of patience.

The OTL logs should provide me a more complete picture.

There will be more to follow. Often fixes are not a simple 1, 2, 3, done.

[catroy]

Hi Maurice,

Indeed this clean up process is taking longer than I had anticipated, was thinking with so many trojan infection cleaning experience in this forum, things may move a little faster. At any rate, a big thanks to you for your continued help, the process may be long but it's worth every minute if I can preserve the system without doing a reformat!.

I encountered some problem at step 2, GMER program would hang and crash whenever it scanned the file "\device\00000077" and Windows will pop the message "v3iyx1yi.exe has encountered a problem and needs to close". Thus was unable to complete this scan.

Following are the reports from varous logs:

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/19/2013 11:05:38 AM in x86 mode.

Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [incorrect ImagePath]

Searching for Missing Digital Signatures:

* C:\WINDOWS\System32\drivers\mqac.sys [NoSig]

+-> C:\WINDOWS\$hf_mig$\KB971032\SP2QFE\mqac.sys : 91,776 : 06/22/2009 07:30 PM : 9229e191fe206628be17d1e67a5faed9 [Pos Repl]

+-> C:\WINDOWS\$NtUninstallKB971032$\mqac.sys : 72,960 : 08/04/2004 06:00 PM : db07b0088cdfd20c2a22e675120ede34 [Pos Repl]

+-> C:\WINDOWS\ServicePackFiles\i386\mqac.sys : 92,544 : 04/14/2008 00:39 AM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]

+-> C:\WINDOWS\system32\dllcache\mqac.sys : 91,776 : 06/22/2009 07:48 PM : eee50bf24caeedb515a8f3b22756d3bb [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/19/2013 11:06:27 AM

Execution time: 0 hours(s), 0 minute(s), and 48 seconds(s)

[catroy]

OTL logfile created on: 2/19/2013 11:44:53 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Joe\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 82.04% Memory free

4.83 Gb Paging File | 4.47 Gb Available in Paging File | 92.55% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.78 Gb Total Space | 63.29 Gb Free Space | 56.62% Space Free | Partition Type: NTFS

Computer Name: JOE-6D21435FB75 | User Name: Joe | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/19 11:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe

PRC - [2012/10/31 06:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/10/31 06:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/10/31 06:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe

PRC - [2012/04/24 20:58:18 | 001,407,248 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

PRC - [2012/04/24 20:58:14 | 000,375,056 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe

PRC - [2012/04/24 20:58:08 | 000,919,824 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2012/04/24 19:55:46 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2012/04/24 19:35:58 | 001,210,640 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

PRC - [2012/04/24 19:32:50 | 000,481,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/11/12 14:22:56 | 000,671,744 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

PRC - [2007/08/10 16:32:40 | 000,189,736 | ---- | M] (Compal Electronics, Inc.) -- C:\Program Files\Wireless Select Switch\WLSS.exe

PRC - [2007/07/10 16:25:40 | 000,572,008 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/18 16:13:01 | 002,060,288 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13021800\algo.dll

MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2007/07/10 16:24:06 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll

MOD - [2007/07/10 16:21:38 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

MOD - [2007/04/19 15:21:14 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\EMSC.DLL

========== Services (SafeList) ==========

SRV - [2013/02/16 23:22:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/02/09 00:50:34 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/10/31 06:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/10/31 06:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)

SRV - [2012/04/24 20:58:14 | 000,375,056 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)

SRV - [2012/04/24 20:58:08 | 000,919,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)

SRV - [2012/04/24 19:55:46 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2012/04/24 19:32:50 | 000,481,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2009/09/08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2007/06/15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Joe\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Joe\LOCALS~1\Temp\awgyrkoc.sys -- (awgyrkoc)

DRV - [2012/10/31 06:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/31 06:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/31 06:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)

DRV - [2012/10/31 06:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/31 06:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012/10/31 06:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/10/31 06:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)

DRV - [2012/10/31 06:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012/10/31 06:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/10/31 06:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)

DRV - [2012/09/21 16:26:08 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)

DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - [2010/10/07 04:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32)

DRV - [2010/05/19 22:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2008/08/28 23:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)

DRV - [2008/06/02 18:10:18 | 004,752,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2007/11/12 14:27:50 | 001,021,056 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

DRV - [2007/08/08 08:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)

DRV - [2007/06/29 12:38:34 | 000,878,520 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2007/06/29 12:38:32 | 000,539,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2007/06/29 12:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2007/04/19 15:21:14 | 000,009,856 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EMSC.sys -- (EMSC)

DRV - [2007/03/31 13:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2007/03/23 10:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2007/03/23 10:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)

DRV - [2007/03/23 10:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2007/02/22 11:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)

DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)

DRV - [2007/02/22 11:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)

DRV - [2007/02/22 11:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledAddons: openbookmarkintab%40piro.sakura.ne.jp:0.1.2012122901

FF - prefs.js..extensions.enabledAddons: %7Ba0faa0a4-f1a7-4098-9a74-21efc3a92372%7D:10.0.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\hotfix@mozilla.org: C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2013/01/19 19:36:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/19 19:55:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/16 23:22:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/16 23:22:06 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix [2013/01/19 19:36:25 | 000,000,000 | ---D | M]

[2012/07/21 13:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Extensions

[2013/01/19 17:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Extensions

[2013/01/19 19:36:25 | 000,000,000 | ---D | M] (Mozilla hotfix) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix

[2013/02/17 18:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\56ew6dwn.default-1361073193734\extensions

[2013/02/17 18:20:18 | 000,005,946 | ---- | M] () (No name found) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\56ew6dwn.default-1361073193734\extensions\openbookmarkintab@piro.sakura.ne.jp.xpi

[2013/02/17 18:28:11 | 000,052,880 | ---- | M] () (No name found) -- C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\56ew6dwn.default-1361073193734\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}.xpi

[2013/02/16 23:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/02/16 23:22:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/23 23:49:22 | 001,826,192 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

[2012/10/05 07:40:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/10/13 15:57:56 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/17 12:23:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [WLSS] C:\Program Files\Wireless Select Switch\WLSS.exe (Compal Electronics, Inc.)

O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1309166495959 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343815654687 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73AE5ED5-ACDE-49F9-8C6C-B3CF2BD3460A}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/06/27 17:01:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/19 11:43:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe

[2013/02/19 11:12:42 | 000,000,000 | ---D | C] -- C:\ARK

[2013/02/19 11:00:26 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Joe\Desktop\rkill.com

[2013/02/17 15:36:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2013/02/17 12:13:50 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/02/17 12:11:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/02/17 12:11:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/02/17 12:11:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/02/17 12:11:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/02/17 12:11:11 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/02/17 12:10:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/02/17 12:08:37 | 005,033,715 | R--- | C] (Swearware) -- C:\Documents and Settings\Joe\Desktop\Combo-Fix.exe

[2013/02/17 11:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\Old Firefox Data

[2013/02/16 23:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/02/16 12:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Doctor Web

[2013/02/15 15:53:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Joe\Desktop\aswMBR.exe

[2013/02/15 15:48:07 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Joe\Desktop\tdsskiller.exe

[2013/02/15 15:42:06 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\TFC.exe

[2013/02/14 17:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\RK_Quarantine

[2013/02/14 17:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\QuickScan

[2013/02/14 16:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2013/02/14 16:52:25 | 000,000,000 | ---D | C] -- C:\rsit

[2013/02/14 16:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\2-14-2013

[2013/02/14 16:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2013/02/14 16:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

[2013/02/14 16:44:59 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Joe\Desktop\erunt-setup.exe

[2013/02/14 14:46:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Joe\Desktop\dds.scr

[2013/02/12 11:01:26 | 000,106,560 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys

[2013/02/12 11:01:19 | 000,199,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys

[2013/02/12 11:01:19 | 000,020,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys

[2013/02/12 11:01:13 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys

[2013/02/12 10:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security

[2013/01/26 15:19:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe\Recent

[2013/01/25 11:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2013/01/25 11:52:07 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2013/01/25 11:52:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2013/02/19 11:50:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/02/19 11:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe

[2013/02/19 11:34:50 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2013/02/19 11:34:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/02/19 11:34:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/02/19 11:05:15 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Joe\jtrader.ini

[2013/02/19 11:00:33 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Joe\Desktop\rkill.com

[2013/02/19 10:13:16 | 000,002,345 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NinjaTrader 7.lnk

[2013/02/19 00:19:31 | 000,111,759 | ---- | M] () -- C:\Station 6.5.0 Build 712.dmp

[2013/02/17 12:23:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/02/17 12:13:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2013/02/17 12:10:46 | 005,033,715 | R--- | M] (Swearware) -- C:\Documents and Settings\Joe\Desktop\Combo-Fix.exe

[2013/02/16 12:01:36 | 111,390,048 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\drweb-cureit.exe

[2013/02/16 11:36:06 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

[2013/02/15 22:16:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\MBR.dat

[2013/02/15 15:54:48 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Joe\Desktop\aswMBR.exe

[2013/02/15 15:48:20 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Joe\Desktop\tdsskiller.exe

[2013/02/15 15:42:06 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\TFC.exe

[2013/02/14 17:03:59 | 000,798,208 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\RogueKiller.exe

[2013/02/14 16:54:25 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\SecurityCheck.exe

[2013/02/14 16:51:47 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\RSIT.exe

[2013/02/14 16:48:00 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\NTREGOPT.lnk

[2013/02/14 16:48:00 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\ERUNT.lnk

[2013/02/14 16:45:02 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Joe\Desktop\erunt-setup.exe

[2013/02/14 14:46:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Joe\Desktop\dds.scr

[2013/02/13 11:04:41 | 000,127,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/02/13 10:59:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/02/13 10:56:28 | 000,524,668 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/02/13 10:56:28 | 000,097,174 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/02/12 14:35:43 | 000,068,085 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\wifi.PNG

[2013/02/12 11:01:19 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2013/02/12 10:58:18 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk

[2013/02/09 00:50:34 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/02/09 00:50:34 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/02/08 00:30:18 | 000,110,831 | ---- | M] () -- C:\Station 6.5.0 Build 711.dmp

[2013/01/26 11:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll

[2013/01/24 13:38:37 | 000,109,915 | ---- | M] () -- C:\Station 6.4.0 Build 704.dmp

========== Files Created - No Company Name ==========

[2013/02/17 12:13:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2013/02/17 12:13:50 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/02/17 12:11:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/02/17 12:11:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/02/17 12:11:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/02/17 12:11:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/02/17 12:11:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/02/16 11:54:37 | 111,390,048 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\drweb-cureit.exe

[2013/02/16 11:36:05 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

[2013/02/16 11:36:05 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk

[2013/02/15 22:16:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\MBR.dat

[2013/02/14 17:03:55 | 000,798,208 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\RogueKiller.exe

[2013/02/14 16:54:22 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\SecurityCheck.exe

[2013/02/14 16:51:45 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\RSIT.exe

[2013/02/14 16:48:00 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\NTREGOPT.lnk

[2013/02/14 16:48:00 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\ERUNT.lnk

[2013/02/13 10:58:45 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2013/02/12 13:38:41 | 000,068,085 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\wifi.PNG

[2013/02/12 10:58:18 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk

[2013/02/09 20:26:26 | 000,111,759 | ---- | C] () -- C:\Station 6.5.0 Build 712.dmp

[2013/01/29 23:58:33 | 000,110,831 | ---- | C] () -- C:\Station 6.5.0 Build 711.dmp

[2013/01/19 17:51:20 | 000,000,040 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI

[2013/01/15 00:32:13 | 000,082,576 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012/09/12 07:40:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll

[2012/05/29 15:13:57 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\WebpageIcons.db

[2012/05/11 09:32:07 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin

[2012/03/26 00:23:18 | 000,490,985 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-308236825-725345543-1003-0.dat

[2012/03/26 00:23:16 | 000,109,398 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012/02/15 08:36:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/12/09 16:45:45 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2011/11/07 21:54:58 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/11/07 21:54:58 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/10/11 09:44:26 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/20 15:56:45 | 000,101,734 | ---- | C] () -- C:\Documents and Settings\Joe\bursa station payment

[2011/07/04 20:49:16 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL

[2011/07/04 20:49:16 | 000,009,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\EMSC.sys

[2011/06/29 20:51:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\ua.ini

[2011/06/28 14:28:06 | 000,002,936 | ---- | C] () -- C:\WINDOWS\WinRos.ini

[2011/06/28 14:28:06 | 000,000,885 | ---- | C] () -- C:\WINDOWS\WinSig.ini

[2011/06/28 13:20:56 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc

[2011/06/28 10:37:30 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Joe\jtrader.ini

[2011/06/28 00:54:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/06/28 00:53:06 | 000,127,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/06/27 18:18:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/06/27 17:17:09 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011/06/27 17:16:18 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat

[2011/06/27 17:13:33 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2011/06/27 17:13:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll

[2011/06/27 17:13:33 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll

[2011/06/27 17:03:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/06/27 16:58:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2011/06/28 10:40:32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/31 04:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/19 19:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2012/05/20 16:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon_Inc_IC

[2011/07/05 12:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2011/06/28 14:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSignal

[2011/08/14 17:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2012/06/11 14:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NaturalSoft Co. Ltd

[2011/08/14 17:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2012/07/14 16:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2011/07/04 20:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32

[2011/07/04 20:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64

[2011/07/04 20:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP32

[2012/06/13 14:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2011/12/26 11:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\BursaStation

[2012/05/20 17:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Canon

[2011/06/28 14:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\eSignal

[2012/02/14 18:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\EurekaLog

[2013/02/18 11:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\MCommon

[2011/08/14 17:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Nokia

[2012/06/12 23:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Nokia Multimedia Player

[2012/08/09 13:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\OpenOffice.org

[2012/07/21 11:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Oracle

[2011/08/15 13:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\PC Suite

[2013/01/19 16:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\PerformerSoft

[2013/02/14 17:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\QuickScan

[2012/05/11 09:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\SystemRequirementsLab

[2011/12/04 15:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\TeamViewer

[2011/06/27 17:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\TMP

[2011/12/21 21:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\Transcend

[2013/01/19 20:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\WinLive

========== Purity Check ==========

< End of report >

[catroy]

OTL Extras logfile created on: 2/19/2013 11:44:53 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Joe\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 82.04% Memory free

4.83 Gb Paging File | 4.47 Gb Available in Paging File | 92.55% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 111.78 Gb Total Space | 63.29 Gb Free Space | 56.62% Space Free | Partition Type: NTFS

Computer Name: JOE-6D21435FB75 | User Name: Joe | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe" = C:\Program Files\NinjaTrader 7\bin\NinjaTrader.exe:*:Enabled:NinjaTrader application -- (NinjaTrader LLC, http://www.ninjatrader.com)

"C:\Program Files\eSignal\winros.exe" = C:\Program Files\eSignal\winros.exe:*:Enabled:eSignal Data Manager -- (eSignal)

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{065A7AFE-195D-4DFB-A4B2-A83842C0F79F}" = Wireless Select Switch

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0

"{4D8E1ADE-CEA6-4A35-8D73-963F16C40FD3}" = Document Express DjVu Plug-in

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects

"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4

"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel

"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7AD5EA39-06F0-4D29-915D-3D908B6AA2AF}" = Intel® PROSet/Wireless WiFi Software

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)

"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{B8279471-30D7-4514-9712-1F7EC46B0874}_is1" = JTrader S2I version 9.4.6

"{BB2338E5-3156-49D3-B539-7E6EF5BC3ECF}" = NinjaTrader 7

"{BE334994-2F01-4103-9A96-B027B54DE41B}" = eSignal

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DCB82C14-C0C2-43B3-B65D-4AA0A098DEE4}" = CSI Unfair Advantage 2.10.7 Build 118

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC

"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)

"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Auto Update Service" = Canon Auto Update Service

"avast" = avast! Internet Security

"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)

"BursaStation_is1" = BursaStation

"CAL" = Canon Camera Access Library

"CameraUserGuide-PSS100" = Canon PowerShot S100 Camera User Guide

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"CCleaner" = CCleaner

"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)

"DPP" = Canon Utilities Digital Photo Professional 3.11

"ERUNT_is1" = ERUNT 1.1j

"eSignal" = eSignal 10.6

"FMS" = FMS

"HDMI" = Intel® Graphics Media Accelerator Driver

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"MapUtility" = Canon Utilities Map Utility

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube

"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MyCamera" = Canon Utilities MyCamera

"Nokia PC Suite" = Nokia PC Suite

"PhotoStitch" = Canon Utilities PhotoStitch

"ProInst" = Intel PROSet Wireless

"SMSERIAL" = Motorola SM56 Data Fax Modem

"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide

"SynTPDeinstKey" = Dell Touchpad

"Trading Blox" = Trading Blox

"VLC media player" = VLC media player 2.0.1

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"Xvid Video Codec 1.3.2" = Xvid Video Codec

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/21/2012 9:21:00 PM | Computer Name = JOE-6D21435FB75 | Source = Application Hang | ID = 1002

Description = Hanging application JTrader.exe, version 6.0.170.4, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 1/5/2013 10:50:17 PM | Computer Name = JOE-6D21435FB75 | Source = JavaQuickStarterService | ID = 1

Description =

Error - 1/9/2013 9:01:06 PM | Computer Name = JOE-6D21435FB75 | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Tried to start a service that wasn't the latest version of CLR Optimization service.

Will shutdown

Error - 1/19/2013 5:38:24 AM | Computer Name = JOE-6D21435FB75 | Source = Application Error | ID = 1000

Description = Faulting application acrord32.exe, version 10.1.5.33, faulting module

acrord32.dll, version 10.1.5.33, fault address 0x00021b72.

Error - 2/11/2013 12:55:53 AM | Computer Name = JOE-6D21435FB75 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/11/2013 12:55:53 AM | Computer Name = JOE-6D21435FB75 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3313

Error - 2/11/2013 12:55:53 AM | Computer Name = JOE-6D21435FB75 | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3313

Error - 2/18/2013 11:17:08 PM | Computer Name = JOE-6D21435FB75 | Source = Application Error | ID = 1000

Description = Faulting application v3iyx1yi.exe, version 2.1.18952.0, faulting module

v3iyx1yi.exe, version 2.1.18952.0, fault address 0x00012278.

Error - 2/18/2013 11:32:29 PM | Computer Name = JOE-6D21435FB75 | Source = Application Error | ID = 1000

Description = Faulting application v3iyx1yi.exe, version 2.1.18952.0, faulting module

v3iyx1yi.exe, version 2.1.18952.0, fault address 0x00012278.

Error - 2/18/2013 11:37:55 PM | Computer Name = JOE-6D21435FB75 | Source = Application Error | ID = 1000

Description = Faulting application v3iyx1yi.exe, version 2.1.18952.0, faulting module

v3iyx1yi.exe, version 2.1.18952.0, fault address 0x00012278.

[ System Events ]

Error - 2/15/2013 3:43:08 AM | Computer Name = JOE-6D21435FB75 | Source = Service Control Manager | ID = 7034

Description = The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 2/15/2013 3:43:09 AM | Computer Name = JOE-6D21435FB75 | Source = Service Control Manager | ID = 7034

Description = The Bonjour Service service terminated unexpectedly. It has done

this 1 time(s).

Error - 2/15/2013 3:43:09 AM | Computer Name = JOE-6D21435FB75 | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 2/15/2013 3:43:09 AM | Computer Name = JOE-6D21435FB75 | Source = Service Control Manager | ID = 7034

Description = The Java Quick Starter service terminated unexpectedly. It has done

this 1 time(s).

Error - 2/15/2013 3:43:09 AM | Computer Name = JOE-6D21435FB75 | Source = Service Control Manager | ID = 7034

Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 2/15/2013 3:43:09 AM | Computer Name = JOE-6D21435FB75 | Source = Service Control Manager | ID = 7034

Description = The Canon Camera Access Library 8 service terminated unexpectedly.

It has done this 1 time(s).

Error - 2/15/2013 3:43:09 AM | Computer Name = JOE-6D21435FB75 | Source = Service Control Manager | ID = 7034

Description = The iPod Service service terminated unexpectedly. It has done this

1 time(s).

Error - 2/15/2013 11:51:58 PM | Computer Name = JOE-6D21435FB75 | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring

the volume.

Error - 2/17/2013 12:34:13 AM | Computer Name = JOE-6D21435FB75 | Source = Service Control Manager | ID = 7017

Description = Detected circular dependencies demand starting Remote Access Connection

Manager.

Error - 2/17/2013 11:18:15 PM | Computer Name = JOE-6D21435FB75 | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring

the volume.

< End of report >

[catroy]

ComboFix 13-02-18.02 - Joe 02/19/2013 12:16:37.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2268 [GMT 8:00]

Running from: c:\documents and settings\Joe\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Joe\Desktop\CFScript.txt

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2013-01-19 to 2013-02-19 )))))))))))))))))))))))))))))))

.

.

2013-02-19 03:12 . 2013-02-19 03:13 -------- d-----w- C:\ARK

2013-02-16 04:01 . 2013-02-16 04:01 -------- d-----w- c:\documents and settings\Joe\Doctor Web

2013-02-14 09:00 . 2013-02-14 09:00 -------- d-----w- c:\documents and settings\Joe\Application Data\QuickScan

2013-02-14 08:52 . 2013-02-14 08:52 -------- d-----w- C:\rsit

2013-02-14 08:52 . 2013-02-14 08:52 -------- d-----w- c:\program files\trend micro

2013-02-14 08:47 . 2013-02-14 08:48 -------- d-----w- c:\program files\ERUNT

2013-02-12 03:01 . 2012-10-30 22:51 106560 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-02-12 03:01 . 2012-10-30 22:51 199320 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-02-12 03:01 . 2012-10-30 22:51 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-02-12 03:01 . 2012-09-21 08:26 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2013-01-25 03:52 . 2013-01-25 03:52 -------- d-----w- c:\program files\Common Files\Skype

2013-01-25 03:52 . 2013-01-25 03:52 -------- d-----r- c:\program files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-08 16:50 . 2012-05-13 13:47 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-08 16:50 . 2012-05-13 13:47 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-26 03:55 . 2004-08-04 10:00 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:19 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:37 . 2005-03-30 01:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20 . 2004-08-04 10:00 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49 . 2004-08-04 10:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49 . 2004-08-04 10:00 1292288 ----a-w- c:\windows\system32\quartz.dll

2012-12-26 20:16 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2012-12-26 20:16 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-12-26 20:16 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-12-24 06:40 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec

2012-12-16 12:23 . 2004-08-04 10:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 08:49 . 2012-06-17 10:04 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-16 15:22 . 2013-02-16 15:22 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\documents and settings\Joe\Application Data\MCommon ----

.

2013-01-19 09:34 . 2013-02-16 08:21 21 ----a-w- c:\documents and settings\Joe\Application Data\MCommon\uinfo.dat

2013-01-19 09:27 . 2013-01-19 09:27 36 ----a-w- c:\documents and settings\Joe\Application Data\MCommon\uid.dat

2013-01-19 09:27 . 2013-01-19 09:27 49 ----a-w- c:\documents and settings\Joe\Application Data\MCommon\config.dat

2013-01-19 09:27 . 2013-01-19 09:27 23 ----a-w- c:\documents and settings\Joe\Application Data\MCommon\vinfo.dat

2013-01-19 09:27 . 2013-01-19 09:27 8968 ----a-w- c:\documents and settings\Joe\Application Data\MCommon\sites.dat

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-28 16862720]

"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-01-25 53248]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-12 671744]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"WLSS"="c:\program files\Wireless Select Switch\WLSS.exe" [2007-08-10 189736]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-09-25 1323008]

"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-10-09 149280]

"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-04-24 1407248]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-04-24 1210640]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-10 572008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\NinjaTrader 7\\bin\\NinjaTrader.exe"=

"c:\\Program Files\\eSignal\\winros.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2/12/2013 11:01 AM 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2/12/2013 11:01 AM 199320]

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [7/4/2011 8:49 PM 9856]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2/12/2013 11:01 AM 106560]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2/12/2013 11:01 AM 20624]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/19/2013 7:56 PM 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/19/2013 7:56 PM 361032]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/19/2013 7:56 PM 21256]

R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2/12/2013 11:01 AM 133912]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [10/29/2012 11:17 PM 6609920]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 11:08 AM 11336]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - awgyrkoc

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 16:50]

.

2013-02-19 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-19 22:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.my/

uInternet Settings,ProxyOverride = *.local

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\56ew6dwn.default-1361073193734\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - ExtSQL: 2013-01-19 19:56; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF

FF - ExtSQL: 2013-02-17 11:53; hotfix@mozilla.org; c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix

FF - ExtSQL: 2013-02-17 18:20; openbookmarkintab@piro.sakura.ne.jp; c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\56ew6dwn.default-1361073193734\extensions\openbookmarkintab@piro.sakura.ne.jp.xpi

FF - ExtSQL: 2013-02-17 18:28; {a0faa0a4-f1a7-4098-9a74-21efc3a92372}; c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\56ew6dwn.default-1361073193734\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}.xpi

FF - ExtSQL: !HIDDEN! 2013-02-17 11:53; hotfix@mozilla.org; c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Extensions\MozillaHotfix

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-19 12:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1420)

c:\windows\system32\netprovcredman.dll

.

- - - - - - - > 'explorer.exe'(2128)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2013-02-19 12:22:01

ComboFix-quarantined-files.txt 2013-02-19 04:21

ComboFix2.txt 2013-02-17 04:27

.

Pre-Run: 67,930,025,984 bytes free

Post-Run: 67,919,265,792 bytes free

.

- - End Of File - - 9A63D7CF24D93735394398FC436A4A31

[Maurice Naggar]

Comments & remarks:

Indeed this clean up process is taking longer than I had anticipated, was thinking with so many trojan infection cleaning experience in this forum, things may move a little faster.

Some cases are much more involved. Some infections are multi-faceted and more involved than most. So there's no "average".

As to GMER, my best gues is that AVAST interfered. AVAST is one of those products that is hard to completely turn OFF.

I expect that all traces of the "trojan.agent" should be all gone.

Some housekeeping: Go to Control Panel >> Add-or-Remove Programs

IF you find Java 6 Update 17 .... then Uninstall (remove) it

Step 2

Download & SAVE to your Desktop this file --> http://download.bleepingcomputer.com/win-services/xp/RpcSs.reg

Then do a Right-click on it and select MERGE & allow it to merge to the registry.

Click OK if prompted

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Catroy only. If you are a casual viewer, do NOT try this on your system!

If you are not Catroy and have a similar problem, do NOT post here; start your own topic

• Temporarily disable your antivirus program and close any programs that you started.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Download the attached file Catfix.txt and SAVE to your DESKTOP
  
• Start NOTEPAD
  Start NOTEPAD. Check and make sure "word wrap" is off.
  From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
  IF it -is- checkmarked, click that one time so that it is un-checked.
  
• Open the Catfix.txt that you saved
  
• Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
• Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  
• Right click in the window (under the aqua-blue bar) and choose Paste.
  
• Close any browser(s) windows that may be open.
  
• Using your mouse, click on the red-lettered button .
  
• Once you see a message box "Fix complete! Click OK to open the fix log."
  Click the OK button
  
• The log will open in Notepad (your default text editor).
  
• Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 4

Do one more MBAM scan to do a final check.

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

[catroy]

MBAM scan turns up well, no infection this time. Is the computer healed? As an added bonus, my system seems to be running faster after going through the various cleaning programs. Below I attached the scan logs:

All processes killed

========== PROCESSES ==========

========== FILES ==========

c:\documents and settings\Joe\Application Data\MCommon\uinfo.dat moved successfully.

c:\documents and settings\Joe\Application Data\MCommon\uid.dat moved successfully.

c:\documents and settings\Joe\Application Data\MCommon\config.dat moved successfully.

c:\documents and settings\Joe\Application Data\MCommon\vinfo.dat moved successfully.

c:\documents and settings\Joe\Application Data\MCommon\sites.dat moved successfully.

c:\documents and settings\Joe\Application Data\MCommon folder moved successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: Joe

->Flash cache emptied: 4580 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: Joe

->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Joe

->Temp folder emptied: 1051714 bytes

->Temporary Internet Files folder emptied: 376858 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 375955258 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 117568 bytes

Total Files Cleaned = 360.00 mb

Error: Unable to interpret <[clearrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 02202013_113437

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[catroy]

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.19.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Joe :: JOE-6D21435FB75 [administrator]

2/20/2013 11:41:32 AM

mbam-log-2013-02-20 (11-41-32).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 536459

Time elapsed: 2 hour(s), 19 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)