WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93097 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

The down low on this infected .dll! [Solved]

Started by Lp57 , Apr 06 2012 03:17 PM

This topic is locked

80 replies to this topic

#1 Lp57

Authentic Member

Authentic Member
105 posts

Posted 06 April 2012 - 03:17 PM

So, I'm not sure when it began but last couple days I've noticed that Avast will pop up and block some activity.

The 1st:
Infection Details

URL: http://aubnb.com/img...tx/thgr.asp?mac
Process: C:\WINDOWS\system32\Rpcqt.dll
Infection: URL:Mal

Then shortly after another will pop..
Infection Details

URL: http://aubnb.com/512t/512.jpg
Process: C:\WINDOWS\System32\svchost.exe
Infection: URL:Mal

And there will sometimes be another attempt to download something, I just didn't catch a record of what.

Rpcqt.dll says it's Ad-Aware file.. but I didn't install Ad-Aware nor do I think it's ever been on here. I ran Avast full scan, nothing. Malware Bytes quick and then full scan. Some little thing but nothing that fixed it. CCleaner, bunch of registry fixes.. but nothing that stopped this.

Very annoying since I can't figure out how it got there but, I'm glad avast is stopping it.. mostly.

My scans..

OTL:
OTL logfile created on: 4/6/2012 4:13:12 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Dolores Clark\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.05 Mb Total Physical Memory | 351.15 Mb Available Physical Memory | 34.59% Memory free
2.38 Gb Paging File | 1.54 Gb Available in Paging File | 64.70% Paging File free
Paging file location(s): C:\pagefile.sys 1522 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 1.88 Gb Free Space | 1.68% Space Free | Partition Type: NTFS

Computer Name: EEEPC | User Name: Dolores Clark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dolores Clark\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Documents and Settings\Dolores Clark\Desktop\Player.exe ()
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\X-Chat 2\xchat.exe ()
PRC - C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe (Microsoft Corp.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
PRC - C:\Program Files\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Alwil Software\Avast5\defs\12040600\algo.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
MOD - C:\Documents and Settings\Dolores Clark\Application Data\Petbook\Game.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\Dolores Clark\Application Data\Petbook\Options.dll ()
MOD - C:\Documents and Settings\Dolores Clark\Application Data\Petbook\whatsnew.dll ()
MOD - C:\Documents and Settings\Dolores Clark\Application Data\Petbook\Toolbar.dll ()
MOD - C:\Documents and Settings\Dolores Clark\Application Data\Petbook\Panel.dll ()
MOD - C:\Documents and Settings\Dolores Clark\Application Data\Petbook\libcef.dll ()
MOD - C:\Documents and Settings\Dolores Clark\Application Data\Petbook\auctions.dll ()
MOD - C:\Documents and Settings\Dolores Clark\Application Data\Petbook\Cart.dll ()
MOD - C:\Documents and Settings\Dolores Clark\Desktop\Player.exe ()
MOD - C:\Program Files\ManyCam\Bin\cximagecrt.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\X-Chat 2\xchat.exe ()
MOD - C:\Program Files\X-Chat 2\plugins\xcperl.dll ()
MOD - C:\Program Files\X-Chat 2\lib\libgio-2.0-0.dll ()
MOD - C:\Program Files\X-Chat 2\lib\libpng12-0.dll ()
MOD - C:\Program Files\X-Chat 2\lib\gtk-2.0\2.10.0\engines\libwimp.dll ()
MOD - C:\Program Files\X-Chat 2\lib\libcairo-2.dll ()
MOD - C:\Program Files\X-Chat 2\lib\libpangocairo-1.0-0.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\X-Chat 2\lib\gtk-2.0\2.10.0\engines\libclearlooks.dll ()
MOD - C:\Program Files\DAEMON Tools Pro\cryptapi.dll ()
MOD - C:\Program Files\DAEMON Tools Pro\Lang\ENU.dll ()
MOD - C:\Program Files\DAEMON Tools Pro\Plugins\Images\bw5mount.dll ()
MOD - C:\Program Files\X-Chat 2\plugins\xcdns.dll ()
MOD - C:\Program Files\X-Chat 2\plugins\xcwinamp.dll ()
MOD - C:\Program Files\X-Chat 2\plugins\xcexec.dll ()
MOD - C:\Program Files\X-Chat 2\lib\zlib1.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Desura Install Service) -- C:\Program Files\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (mstbsvc) -- C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe (Microsoft Corp.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (RPCQT) Remote Procedure Call (CQTPM) -- C:\WINDOWS\system32\Rpcqt.dll (Lavasoft )

========== Driver Services (SafeList) ==========

DRV - (XDva356) -- C:\WINDOWS\system32\XDva356.sys File not found
DRV - (WDICA) -- File not found
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS File not found
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (ManyCam) -- system32\DRIVERS\ManyCam.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EagleXNt) -- C:\WINDOWS\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\WINDOWS\system32\drivers\EagleNT.sys File not found
DRV - (cpuz130) -- C:\DOCUME~1\DOLORE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (axw9j4i5) -- File not found
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (rtl8187Se) -- C:\WINDOWS\system32\drivers\rtl8187Se.sys (Realtek Semiconductor Corporation )
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (FsVga) -- C:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....e...tf-8&fr=ysp
IE - HKLM\..\SearchScopes\{60358019-4CF1-4064-8420-6DFCFBE10367}: "URL" = http://searchservice...amp;orig=IMC-IE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...amp;Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...mp;locale=en_US
IE - HKCU\..\SearchScopes\{60358019-4CF1-4064-8420-6DFCFBE10367}: "URL" = http://searchservice...amp;orig=IMC-IE
IE - HKCU\..\SearchScopes\{685002C7-697E-434B-9898-ED1C6646249F}: "URL" = http://search.yahoo....e...-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...;ctid=CT2504091
IE - HKCU\..\SearchScopes\{B4FA100C-1135-4DB0-9473-84F419339D23}: "URL" = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@onlive.com/OlGameDetect,version=1.1.0.67837: C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll (OnLive)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.139_0\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Dolores Clark\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Dolores Clark\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/08 14:28:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/28 15:14:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/21 21:17:20 | 000,000,000 | ---D | M]

[2011/03/11 11:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dolores Clark\Application Data\Mozilla\Extensions
[2012/03/09 11:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dolores Clark\Application Data\Mozilla\Firefox\Profiles\ch13gv3j.default\extensions
[2011/09/27 20:23:30 | 000,000,000 | ---D | M] (Portalarium Player) -- C:\Documents and Settings\Dolores Clark\Application Data\Mozilla\Firefox\Profiles\ch13gv3j.default\extensions\player@portalarium.com
[2012/03/28 15:15:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DOLORES CLARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CH13GV3J.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DOLORES CLARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CH13GV3J.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/08 14:28:13 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/03/28 15:14:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/07/08 17:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll
[2012/02/27 08:16:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 02:29:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{googl
e:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chro
me&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client
=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Dolores Clark\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Dolores Clark\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: OnLive Games Service Detector for Firefox (Enabled) = C:\Program Files\OnLive\FirefoxPlugin\npolgdet.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Hide My rear! Web Proxy = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd\1.2.4_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.25_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Hide Facebook SideBar Ticker = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldfdjdnohanpkljbgeipdoeiefheaefp\1.0_0\
CHR - Extension: Late Night = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\

O1 HOSTS File: ([2011/04/12 18:33:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Asus Power Management Utility.lnk = C:\Program Files\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\Dolores Clark\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinn...9/clue/clue.cab (Clue Control)
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} http://simcity.ea.co...ic/SimCityX.cab (SimCityX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futur...ver/tc/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: ActiveGS.cab http://activegs.free...om/ActiveGS.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC4E0101-8288-4ECA-8AD4-2C937CEBC176}: DhcpNameServer = 192.168.2.1 192.168.2.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/29 19:08:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: RPCQT - C:\WINDOWS\system32\Rpcqt.dll (Lavasoft )
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: oysporn.com/", [ "http://18gayboysporn.com/", 0.46942175657783997 ] ], [ "http://1gaymen.com/", [ "http://1ga - File not found
NetSvcs: men.com/", 0.0515548998578565 ] ], [ "http://2.angelpastel.com/", [ "http://2.angelpastel.com/", 0.1594866381199384 ] ], [ "http://2.hidemyass.com/", [ "http://2.hidemyass.com/", 0.6342069128833101, "http://static.hidemyass.com/", 0.12882327917942238, "http://www.google-analytics.com/", 0.18497701625763233, "https:/ - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp31 - vp31vfw.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/06 16:27:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dolores Clark\Desktop\HiJackThis.exe
[2012/04/06 16:20:38 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Dolores Clark\Desktop\dds.scr
[2012/04/06 15:41:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/04/05 19:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dolores Clark\Application Data\Hamachi
[2012/04/05 19:31:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/04/05 19:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hamachi
[2012/04/05 19:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/04/04 02:17:56 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/01 18:40:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dolores Clark\Recent
[2012/03/31 16:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dolores Clark\Application Data\To the Moon - Freebird Games
[2012/03/31 16:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dolores Clark\Application Data\PriceGong
[2012/03/31 16:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dolores Clark\Start Menu\Programs\To the Moon
[2012/03/31 16:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Foxy Games
[2012/03/21 21:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BYOND
[2012/03/16 18:11:14 | 000,000,000 | ---D | C] -- C:\Program Files\BYOND
[2012/03/09 12:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/03/09 12:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/06 16:20:53 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Dolores Clark\Desktop\dds.scr
[2012/04/06 16:20:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dolores Clark\Desktop\HiJackThis.exe
[2012/04/06 16:00:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1349882262-1105937718-339915021-1006UA.job
[2012/04/06 15:56:12 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/06 15:00:02 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1349882262-1105937718-339915021-1006Core.job
[2012/04/05 19:30:57 | 000,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2012/04/05 19:30:56 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\hamachi.lnk
[2012/04/04 02:58:13 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/04 02:58:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/04 02:54:09 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tropico 2.lnk
[2012/04/04 02:54:08 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tropico 1.lnk
[2012/04/02 02:07:54 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Icewind Dale Complete.lnk
[2012/04/01 18:35:39 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/04/01 06:13:10 | 000,503,252 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/01 06:13:10 | 000,088,658 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/01 06:09:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/01 06:07:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/01 06:07:06 | 1064,423,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/31 22:35:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/31 16:16:33 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Dolores Clark\Desktop\To the Moon.lnk
[2012/03/21 21:17:10 | 000,001,385 | ---- | M] () -- C:\Documents and Settings\Dolores Clark\Desktop\BYOND.lnk
[2012/03/15 21:12:16 | 001,530,368 | ---- | M] () -- C:\Documents and Settings\Dolores Clark\_online.exe
[2012/03/14 20:27:20 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/08 14:28:15 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/05 19:30:56 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\hamachi.lnk
[2012/04/04 02:54:09 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tropico 2.lnk
[2012/04/04 02:54:08 | 000,001,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tropico 1.lnk
[2012/04/04 02:17:59 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/02 02:07:54 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Icewind Dale Complete.lnk
[2012/04/01 18:35:39 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/31 22:35:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/31 16:16:33 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Dolores Clark\Desktop\To the Moon.lnk
[2012/03/21 21:17:10 | 000,001,385 | ---- | C] () -- C:\Documents and Settings\Dolores Clark\Desktop\BYOND.lnk
[2012/02/16 15:24:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/14 01:07:07 | 000,000,515 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/12/24 06:30:35 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/10/18 08:39:27 | 000,000,021 | RH-- | C] () -- C:\WINDOWS\wsysweb.dll
[2011/10/05 19:32:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/09/18 02:46:28 | 000,069,632 | ---- | C] () -- C:\WINDOWS\ST1_Un0.exe
[2011/09/16 22:31:28 | 000,000,012 | ---- | C] () -- C:\WINDOWS\screenmx.ini
[2011/09/16 11:11:38 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2011/09/08 07:35:16 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Dolores Clark\Application Data\EV Nova License.lcs
[2011/09/08 07:35:15 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Dolores Clark\Application Data\EV Nova Prefs.prf
[2011/09/04 02:48:47 | 002,059,264 | ---- | C] () -- C:\WINDOWS\setup_rangers_2.exe
[2011/08/16 02:46:52 | 000,000,991 | ---- | C] () -- C:\WINDOWS\EFXP.ini
[2011/08/16 02:39:20 | 000,000,982 | ---- | C] () -- C:\WINDOWS\EF.ini
[2011/07/24 05:10:46 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ic.ini
[2011/07/24 01:01:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/07/23 02:38:54 | 000,001,500 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/07/23 01:27:17 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2011/05/28 19:12:05 | 000,842,138 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1349882262-1105937718-339915021-1006-0.dat
[2011/05/28 19:11:56 | 000,264,562 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/18 00:54:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2011/04/19 21:31:04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/04/18 21:12:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/22 01:34:35 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\GameNT.sys
[2011/03/08 23:14:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011/03/08 23:14:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011/03/08 23:14:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/02/25 08:14:56 | 000,000,064 | -H-- | C] () -- C:\WINDOWS\pb.dat
[2011/01/29 00:17:21 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Dolores Clark\Application Data\glide_wrapper.zbag.ini
[2011/01/25 23:37:04 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Sfc3ng.ini
[2011/01/07 04:37:07 | 000,000,210 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/12/20 23:51:48 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/11/28 07:21:39 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/11/13 03:30:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Player (1).INI
[2010/11/10 19:02:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Petbook Player.INI
[2010/11/10 18:50:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Player.INI
[2010/06/20 15:24:05 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/05/15 21:25:58 | 000,001,008 | ---- | C] () -- C:\WINDOWS\STA2.ini
[2010/04/22 16:33:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2010/06/21 20:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/06/20 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial
[2010/06/20 15:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
[2010/12/20 20:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/17 13:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/25 06:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/10/12 18:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2010/10/17 14:29:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/11/03 01:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/06/11 09:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2012/02/02 11:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Desura
[2008/07/29 20:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/06/11 14:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout2
[2011/09/16 11:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2009/02/14 21:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2009/02/14 21:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/03/05 16:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/09/12 13:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/26 20:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/06/20 22:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/02 22:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/09/17 01:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011/04/08 17:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SplitMediaLabs
[2010/01/28 03:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2011/10/12 19:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/04/05 23:33:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/30 18:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/28 03:32:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
[2009/09/02 05:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\.bsnes
[2012/02/18 04:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\.minecraft
[2011/09/11 10:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\AquaNox
[2010/10/17 14:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\AVG10
[2012/04/04 02:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\Azureus
[2012/04/01 18:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\DAEMON Tools Lite
[2010/06/11 09:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\DAEMON Tools Pro
[2012/01/11 20:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\ElevatedDiagnostics
[2009/12/20 22:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\fltk.org
[2012/01/22 04:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\GameRanger
[2011/09/10 09:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\GrabPro
[2009/03/19 18:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\IEPro
[2011/06/21 05:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\Leadertech
[2011/03/17 23:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\ManyCam
[2011/06/20 03:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\My Games
[2011/12/08 13:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\Omnitool
[2010/11/23 03:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\OnLive App
[2011/10/12 17:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\OpenCandy
[2012/03/30 05:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\Petbook
[2012/03/31 21:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\PriceGong
[2012/02/28 20:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\RenPy
[2012/02/26 04:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\RotMG.Production
[2010/04/28 04:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\ScummVM
[2011/09/18 14:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\Sony Online Entertainment
[2009/09/05 07:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\Stella
[2011/12/24 17:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\SystemRequirementsLab
[2009/09/06 09:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\Template
[2012/03/31 16:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\To the Moon - Freebird Games
[2010/04/07 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\Unity
[2010/07/18 02:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\UnknownApplicationVendor
[2010/05/13 16:28:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\WebcamMax
[2010/04/23 23:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\WinPatrol
[2012/04/02 17:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolores Clark\Application Data\X-Chat 2

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/03/18 14:52:38 | 000,524,288 | -H-- | M] () -- C:\900HD.ROM
[2008/08/19 14:10:17 | 000,000,157 | ---- | M] () -- C:\AsusUpdate.log
[2008/07/29 19:08:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/05/29 17:01:17 | 000,000,022 | ---- | M] () -- C:\bfest+.txt
[2011/03/01 00:41:49 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/11 21:32:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2008/07/29 19:08:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/03/29 09:45:14 | 000,020,955 | ---- | M] () -- C:\eeectl_0.2.3.zip
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/04/01 06:07:06 | 1064,423,424 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/07/29 19:08:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/29 19:08:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/04/01 06:07:05 | 1595,932,672 | -HS- | M] () -- C:\pagefile.sys
[2008/07/29 20:11:45 | 000,000,522 | ---- | M] () -- C:\RHDSetup.log
[2011/09/18 02:46:55 | 000,002,324 | ---- | M] () -- C:\stsetup.log
[2011/08/03 21:46:26 | 000,173,682 | ---- | M] () -- C:\Ultima - Runes of Virtue II.zip
[2011/08/03 21:44:36 | 000,094,599 | ---- | M] () -- C:\Ultima - Runes of Virtue.zip
[2011/08/03 21:48:46 | 000,243,442 | ---- | M] () -- C:\Ultima 4 - Quest of the Avatar.zip
[2011/07/17 01:22:24 | 009,160,205 | ---- | M] () -- C:\Ultima VII - Part 1 - The Black Gate.zip
[2011/07/17 01:24:09 | 010,332,667 | ---- | M] () -- C:\Ultima VII - Part 2 - Serpent Isle.zip
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/07/29 19:07:39 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/06 20:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2008/04/14 22:20:20 | 008,140,915 | ---- | M] () -- C:\WINDOWS\breve.scr
[2008/02/01 12:11:10 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/05/07 10:34:00 | 015,523,560 | ---- | M] (Macrovision Corporation) -- C:\Program Files\U1 Setup.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/07/29 11:58:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/07/29 11:58:59 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/07/29 11:58:59 | 000,909,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/29 19:08:21 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >
[2008/08/27 23:10:24 | 000,000,173 | ---- | M] () -- C:\WINDOWS\explorer.exe.config
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/02/15 04:37:18 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Dolores Clark\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2008/02/17 03:00:14 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Dolores Clark\Desktop\eeectl.exe
[2012/04/06 16:20:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dolores Clark\Desktop\HiJackThis.exe
[2012/02/08 17:17:26 | 000,941,056 | ---- | M] () -- C:\Documents and Settings\Dolores Clark\Desktop\Player.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-28 23:05:19

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A0561F3
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:233BFF24

< End of report >

Extras:
OTL Extras logfile created on: 4/6/2012 4:13:12 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Dolores Clark\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.05 Mb Total Physical Memory | 351.15 Mb Available Physical Memory | 34.59% Memory free
2.38 Gb Paging File | 1.54 Gb Available in Paging File | 64.70% Paging File free
Paging file location(s): C:\pagefile.sys 1522 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.76 Gb Total Space | 1.88 Gb Free Space | 1.68% Space Free | Partition Type: NTFS

Computer Name: EEEPC | User Name: Dolores Clark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58962:TCP" = 58962:TCP:*:Enabled:Pando Media Booster
"58962:UDP" = 58962:UDP:*:Enabled:Pando Media Booster
"57565:TCP" = 57565:TCP:*:Enabled:Pando Media Booster
"57565:UDP" = 57565:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58962:TCP" = 58962:TCP:*:Enabled:Pando Media Booster
"58962:UDP" = 58962:UDP:*:Enabled:Pando Media Booster
"57565:TCP" = 57565:TCP:*:Enabled:Pando Media Booster
"57565:UDP" = 57565:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\zsnesw142\zsnesw.exe" = C:\zsnesw142\zsnesw.exe:*:Enabled:zsnesw -- ()
"C:\Magic\Manalink.exe" = C:\Magic\Manalink.exe:*:Disabled:manalink -- (MicroProse Software, Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Baldur's Gate\App\BGtOS\BGMain2.exe" = C:\Baldur's Gate\App\BGtOS\BGMain2.exe:*:Enabled:Tales of the Sword Coast
"C:\MameKai\kaillerasrv.exe" = C:\MameKai\kaillerasrv.exe:*:Enabled:kaillerasrv -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\avp\AvP .exe" = C:\avp\AvP .exe:*:Enabled:AvP
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
"C:\Program Files\EA GAMES\American McGee's Alice\Alice.exe" = C:\Program Files\EA GAMES\American McGee's Alice\Alice.exe:*:Enabled:American McGee's Alice
"C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- (Activision Inc)
"C:\ZDaemon\ZLauncher.exe" = C:\ZDaemon\ZLauncher.exe:*:Enabled:ZDaemon Browser -- (www.zdaemon.org)
"C:\ZDaemon\zdaemon.exe" = C:\ZDaemon\zdaemon.exe:*:Enabled:zdaemon -- ( )
"C:\Program Files\mektek.net\MTX\mtx.exe" = C:\Program Files\mektek.net\MTX\mtx.exe:*:Enabled:MTX
"C:\Program Files\X-Chat 2\xchat.exe" = C:\Program Files\X-Chat 2\xchat.exe:*:Enabled:X-Chat IRC Client -- ()
"C:\Program Files\Taldren Software Inc\Starfleet Command Orion Pirates\StarFleetOP.exe" = C:\Program Files\Taldren Software Inc\Starfleet Command Orion Pirates\StarFleetOP.exe:*:Enabled:Starfleet Command - Orion Pirates
"C:\Nexon\DFO\DFO.exe" = C:\Nexon\DFO\DFO.exe:*:Enabled:Dungeon & Fighter
"C:\Documents and Settings\Dolores Clark\My Documents\Downloads\Freelancer1\Freelancer\EXE\Freelancer.exe" = C:\Documents and Settings\Dolores Clark\My Documents\Downloads\Freelancer1\Freelancer\EXE\Freelancer.exe:*:Enabled:/v/lancer
"C:\Program Files\Steam\steamapps\common\terraria\Terraria.exe" = C:\Program Files\Steam\steamapps\common\terraria\Terraria.exe:*:Enabled:Terraria -- (Re-Logic)
"C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe" = C:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe:*:Enabled:Freelancer -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Steam\steamapps\common\terraria\TerrariaServer.exe" = C:\Program Files\Steam\steamapps\common\terraria\TerrariaServer.exe:*:Enabled:Terraria -- (Re-Logic)
"C:\Documents and Settings\Dolores Clark\My Documents\Downloads\ea_(www.gameswin.com.br)\ea\Empire Earth\Empire Earth.exe" = C:\Documents and Settings\Dolores Clark\My Documents\Downloads\ea_(www.gameswin.com.br)\ea\Empire Earth\Empire Earth.exe:*:Disabled:Empire Earth
"C:\Program Files\JoWood\Far West - Demo\Bin\win32\Farwest-Demo.exe" = C:\Program Files\JoWood\Far West - Demo\Bin\win32\Farwest-Demo.exe:*:Enabled:Farwest-Demo
"C:\Program Files\Fate of the Dragon\sanguo.exe" = C:\Program Files\Fate of the Dragon\sanguo.exe:*:Enabled:sanguo
"C:\Program Files\Raven\Star Trek Voyager Elite Force\stvoyHM.exe" = C:\Program Files\Raven\Star Trek Voyager Elite Force\stvoyHM.exe:*:Enabled:stvoyHM -- ()
"C:\Dune 2000\DUNE2000.DAT" = C:\Dune 2000\DUNE2000.DAT:*:Enabled:Dune2000
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\GOG.com\Giants – Citizen Kabuto\Giants.exe" = C:\Program Files\GOG.com\Giants – Citizen Kabuto\Giants.exe:*:Enabled:Giants
"C:\Program Files\Ultima Online - Excelsior Shard\client.exe" = C:\Program Files\Ultima Online - Excelsior Shard\client.exe:*:Enabled:Ultima Online Client
"C:\Program Files\Strategy First\Etherlords II\Etherlords2.exe" = C:\Program Files\Strategy First\Etherlords II\Etherlords2.exe:*:Enabled:Etherlords 2 main executable file
"C:\Program Files\Ultima Online - Excelsior Shard\uotd.exe" = C:\Program Files\Ultima Online - Excelsior Shard\uotd.exe:*:Enabled:Ultima Online 3D Client
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\SecondLifeViewer2\SLVoice.exe" = C:\Program Files\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice
"C:\Program Files\GOG.com\Freespace\FS.exe" = C:\Program Files\GOG.com\Freespace\FS.exe:*:Enabled:FreeSpace -- (Volition Inc.)
"C:\Program Files\GOG.com\Freespace 2\FS2.exe" = C:\Program Files\GOG.com\Freespace 2\FS2.exe:*:Enabled:FreeSpace
"C:\Documents and Settings\Dolores Clark\My Documents\Downloads\minetest-0.3.1-win32\minetest-0.3.1-win32\bin\minetest.exe" = C:\Documents and Settings\Dolores Clark\My Documents\Downloads\minetest-0.3.1-win32\minetest-0.3.1-win32\bin\minetest.exe:*:Enabled:minetest
"C:\Documents and Settings\Dolores Clark\My Documents\Downloads\terraria-server\TerrariaServer.exe" = C:\Documents and Settings\Dolores Clark\My Documents\Downloads\terraria-server\TerrariaServer.exe:*:Enabled:Terraria
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942
"C:\Program Files\Steam\steamapps\common\dungeons of dredmor\Dungeons of Dredmor.exe" = C:\Program Files\Steam\steamapps\common\dungeons of dredmor\Dungeons of Dredmor.exe:*:Enabled:Dungeons of Dredmor -- ()
"C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Sierra\Empire Earth\Empire Earth.exe" = C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- ()
"C:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe" = C:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe:*:Enabled:EE-AOC -- ()
"C:\Program Files\S.W.A.T. 4\ContentExpansion\System\Swat4X.exe" = C:\Program Files\S.W.A.T. 4\ContentExpansion\System\Swat4X.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate
"C:\Program Files\S.W.A.T. 4\ContentExpansion\System\Swat4XDedicatedServer.exe" = C:\Program Files\S.W.A.T. 4\ContentExpansion\System\Swat4XDedicatedServer.exe:*:Enabled:SWAT 4 - The Stetchkov Syndicate Dedicated Server
"C:\Documents and Settings\Dolores Clark\Application Data\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\Dolores Clark\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger -- (GameRanger Technologies)
"C:\Program Files\BYOND\bin\byond.exe" = C:\Program Files\BYOND\bin\byond.exe:*:Enabled:byond -- ()
"C:\KAG\KAG.exe" = C:\KAG\KAG.exe:*:Enabled:KAG
"C:\Program Files\Atari\Deer Hunter 2005\DH2005.exe" = C:\Program Files\Atari\Deer Hunter 2005\DH2005.exe:*:Enabled:DH2005
"C:\Program Files\Steam\steamapps\common\realm of the mad god\Realm of the Mad God.exe" = C:\Program Files\Steam\steamapps\common\realm of the mad god\Realm of the Mad God.exe:*:Enabled:Realm of the Mad God -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}" = Arcanum
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{171251E0-4EED-4EA1-A46D-3213A226F2B3}_is1" = Arx Fatalis version 1.21
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216025F0}" = Java™ 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{33BB97DA-E495-4413-AE56-594AF9221E8B}_is1" = Circle of Eight Modpack version 7.1.0 NC
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{631A0B87-B0B7-4B47-00A2-119A4B942EB6}" = Clive Barker's Undying™
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6B2B0D05-2B4A-4855-A47B-D69CD9E3CDD6}" = Impossible Creatures 1.0.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8AC01A0D-42B6-4A55-AD7A-A545A7AE5364}" = Enclave
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96443F45-13E2-11D6-AC87-00D0B7A9E540}" = Arx Fatalis
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = Empire Earth - The Art of Conquest
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C38DDE4F-5FBD-4FA3-9337-BC3EFCEA36A6}" = Asus Power Management Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK RTL8187SE Wireless LAN Driver
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DD87DB12-0A3A-47AA-B70E-7FC1C2A120AC}" = Hostile Waters
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EB5142E6-7759-4A61-B52E-136686FF19FE}" = MSN Toolbar Setup
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Arx Fatalis_is1" = Arx Fatalis
"avast" = avast! Free Antivirus
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Desura" = Desura
"Dungeon Siege Legends of Aranna 1.0" = Dungeon Siege Legends of Aranna
"Elantech" = ETD Ware PS/2-x86 5.0.0.5 WHQL
"ERUNT_is1" = ERUNT 1.1j
"Exult Audio Data_is1" = Exult audio data
"Exult_is1" = Exult 1.4.9rc1 Snapshot
"Freelancer 1.0" = Freelancer
"Freespace with Silent Threat Expansion_is1" = Freespace with Silent Threat Expansion
"Hamachi" = Hamachi 1.0.1.5
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Icewind Dale Complete_is1" = Icewind Dale Complete
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Impossible Creatures 1.0" = Impossible Creatures
"Impulse" = Impulse
"IncrediMail" = IncrediMail
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
"IONCROSS Freelancer Character Editor" = IONCROSS Freelancer Character Editor
"JA2 Unfinished Business" = JA2 Unfinished Business
"Jagged Alliance 2 Gold" = Jagged Alliance 2 Gold
"Jagged Alliance 2 Gold - 1.12" = Jagged Alliance 2 Gold - 1.12
"LucasArts' Jedi Knight" = LucasArts' Jedi Knight
"LucasArts' Mysteries of the Sith" = LucasArts' Mysteries of the Sith
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"ManyCam" = ManyCam 2.6.30 (remove only)
"Master Of Magic_is1" = Master Of Magic
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Natura Sound Therapy" = Natura Sound Therapy
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnLive" = OnLive
"OpenAL" = OpenAL
"Outcast_is1" = Outcast
"Phantasy Star Online Blue Burst_is1" = Phantasy Star Online Blue Burst 1.0
"Puzzle Quest1.01" = Puzzle Quest
"ScummVM_is1" = ScummVM 1.2.0
"SpellForce - Platinum Edition_is1" = SpellForce - Platinum Edition
"Star Trek Armada II" = Star Trek Armada II
"Star Trek Voyager Elite Force" = Star Trek Voyager Elite Force
"Steam App 105600" = Terraria
"Steam App 200210" = Realm of the Mad God
"Steam App 400" = Portal
"Steam App 98800" = Dungeons of Dredmor
"Tachyon" = Tachyon
"Temple of Elemental Evil_is1" = Temple of Elemental Evil
"Test of Time Patch" = Test of Time Patch
"Throne of Darkness" = Throne of Darkness
"To the Moon1.0" = To the Moon
"Tropico Reloaded_is1" = Tropico Reloaded
"u5lazarus_is1" = v1.20
"Ultima IX" = Ultima IX
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X-Chat 2_is1" = X-Chat 2.8.6-2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZDaemon" = ZDaemon (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2012 8:30:58 PM | Computer Name = EEEPC | Source = MsiInstaller | ID = 1013
Description = Product: InstallMgr -- AlreadyInstalled

Error - 3/15/2012 9:20:43 PM | Computer Name = EEEPC | Source = Application Error | ID = 1000
Description = Faulting application shpsobb.exe, version 0.0.0.0, faulting module
shpsobb.exe, version 0.0.0.0, fault address 0x003c8511.

Error - 3/28/2012 7:33:14 PM | Computer Name = EEEPC | Source = MsiInstaller | ID = 1013
Description = Product: InstallMgr -- AlreadyInstalled

Error - 4/1/2012 12:00:27 AM | Computer Name = EEEPC | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.61, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/1/2012 6:10:57 AM | Computer Name = EEEPC | Source = MsiInstaller | ID = 1013
Description = Product: InstallMgr -- AlreadyInstalled

Error - 4/5/2012 7:14:43 AM | Computer Name = EEEPC | Source = Application Error | ID = 1000
Description = Faulting application pso2.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x0eef00d2.

Error - 4/5/2012 7:21:34 AM | Computer Name = EEEPC | Source = Application Error | ID = 1000
Description = Faulting application pso2.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x0df800d2.

Error - 4/5/2012 8:25:27 AM | Computer Name = EEEPC | Source = Application Error | ID = 1000
Description = Faulting application pso2.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x0df700d2.

Error - 4/5/2012 8:48:52 AM | Computer Name = EEEPC | Source = Application Error | ID = 1000
Description = Faulting application pso2.exe, version 0.0.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x0ef800d2.

Error - 4/5/2012 7:10:50 PM | Computer Name = EEEPC | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 7.0.1426.0, faulting module
avastui.exe, version 7.0.1426.0, fault address 0x000d0b7c.

[ System Events ]
Error - 4/1/2012 6:08:40 AM | Computer Name = EEEPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP SRTSPX

Error - 4/1/2012 6:09:18 AM | Computer Name = EEEPC | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 80000004, parameter2 806d9945, parameter3
f762638c, parameter4 00000000.

Error - 4/2/2012 12:57:33 PM | Computer Name = EEEPC | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

< End of report >

Hijack:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:59:28 PM, on 4/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe
C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dolores Clark\Desktop\Player.exe
C:\Program Files\X-Chat 2\xchat.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Dolores Clark\My Documents\Downloads\OTL.exe
C:\Documents and Settings\Dolores Clark\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start [url="http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDczNjAzNzU2LVQxOS1CQSsxLUtWMys3LVhMKzEtU1QxKzItRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzMtQjE"&"prod=90"&"ver=10.0.1170"]http://www.avg.com/ww.special-uninstallati...t;ver=10.0.1170[/url]
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Asus Power Management Utility.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: ActiveGS.cab - http://activegs.free...om/ActiveGS.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane..._2.3.10.115.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.sy...eqlabdetect.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinn...eweledtwist.cab
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} (Clue Control) - http://www.worldwinn...9/clue/clue.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace...ronGameHost.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futur...ver/tc/FMSI.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://l.yimg.com/jh...aploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files\Common Files\Desura\desura_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11019 bytes

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Dolores Clark at 17:00:59 on 2012-04-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.227 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe
C:\Documents and Settings\Dolores Clark\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dolores Clark\Desktop\Player.exe
C:\Program Files\X-Chat 2\xchat.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\dolores clark\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start [url="http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDczNjAzNzU2LVQxOS1CQSsxLUtWMys3LVhMKzEtU1QxKzItRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzMtQjE"&"prod=90"&"ver=10.0.1170"]http://www.avg.com/ww.special-uninstallati...t;ver=10.0.1170[/url]
StartupFolder: c:\docume~1\dolore~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\asuspo~1.lnk - c:\program files\asus\eeepc\asus power management utility\Asus Power Management Utility.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v59/clue/clue.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/gom/receiver/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.2
TCP: Interfaces\{BC4E0101-8288-4ECA-8AD4-2C937CEBC176} : DhcpNameServer = 192.168.2.1 192.168.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dolores clark\application data\mozilla\firefox\profiles\ch13gv3j.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\dolores clark\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dolores clark\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dolores clark\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\dolores clark\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\byond\bin\npbyond.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\onlive\firefoxplugin\npolgdet.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-24 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-20 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-20 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-20 44768]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 mstbsvc;MSN Toolbar Setup;c:\program files\msn\toolbar\3.0.1125.0\mstbsvc.exe [2009-2-9 104784]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-7-29 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253600]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 cpuz130;cpuz130;\??\c:\docume~1\dolore~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\dolore~1\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2012-2-2 131912]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2008-8-19 38272]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva356;XDva356;\??\c:\windows\system32\xdva356.sys --> c:\windows\system32\XDva356.sys [?]
.
=============== Created Last 30 ================
.
2067-05-27 18:16:26 1249280 ----a-w- c:\program files\microsoft games\impossible creatures\InsectMod.dll
2067-05-22 01:35:22 106496 ----a-w- c:\program files\microsoft games\impossible creatures\Filesystem.dll
2012-04-04 06:17:56 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 20:31:37 -------- d-----w- c:\documents and settings\dolores clark\application data\To the Moon - Freebird Games
2012-03-31 20:19:09 -------- d-----w- c:\documents and settings\dolores clark\application data\PriceGong
2012-03-31 20:15:51 -------- d-----w- c:\program files\Foxy Games
2012-03-28 19:14:43 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-28 19:14:43 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-16 22:11:14 -------- d-----w- c:\program files\BYOND
.
==================== Find3M ====================
.
2012-04-05 23:30:57 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-04-04 06:58:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-16 01:12:16 1530368 ----a-w- c:\documents and settings\dolores clark\_online.exe
2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-27 12:16:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 12:16:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-14 05:09:56 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-01-14 05:09:56 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-01-14 05:09:55 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-05-07 14:34:00 15523560 ----a-w- c:\program files\U1 Setup.exe
.
============= FINISH: 17:10:36.10 ===============

Advertisements

Register to Remove

#2 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 07 April 2012 - 11:12 PM

Hi Lp57,

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Let's give this a go:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#3 Lp57

Authentic Member

Authentic Member
105 posts

Posted 08 April 2012 - 03:54 PM

No idea what Tarma Installer and Price Gong were and where they came from.

Combo Fix log:

ComboFix 12-04-08.01 - Dolores Clark 04/08/2012 17:20:57.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.334 [GMT -4:00]
Running from: c:\documents and settings\Dolores Clark\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Dolores Clark\_online.exe
c:\documents and settings\Dolores Clark\Application Data\PriceGong
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Dolores Clark\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Dolores Clark\Start Menu\Programs\1964.lnk
c:\documents and settings\Dolores Clark\WINDOWS
C:\install.exe
c:\windows\apppatch\AppLoc.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2067-05-27 18:16 . 2011-07-24 09:11 1249280 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\InsectMod.dll
2067-05-22 01:35 . 2003-06-05 20:40 106496 ----a-w- c:\program files\Microsoft Games\Impossible Creatures\Filesystem.dll
2012-04-06 19:41 . 2012-04-06 19:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-04-05 23:31 . 2012-04-06 02:12 -------- d-----w- c:\documents and settings\Dolores Clark\Application Data\Hamachi
2012-04-05 23:31 . 2012-04-05 23:31 -------- d-----w- c:\windows\LastGood
2012-04-04 06:17 . 2012-04-04 06:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-31 20:31 . 2012-03-31 20:52 -------- d-----w- c:\documents and settings\Dolores Clark\Application Data\To the Moon - Freebird Games
2012-03-31 20:15 . 2012-03-31 20:15 -------- d-----w- c:\program files\Foxy Games
2012-03-28 19:14 . 2012-03-28 19:14 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-28 19:14 . 2012-03-28 19:14 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 22:11 . 2012-03-22 01:17 -------- d-----w- c:\program files\BYOND
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 23:30 . 2009-09-28 10:33 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-04-04 06:58 . 2011-05-20 08:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2010-12-21 00:30 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2010-12-21 00:30 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-03-24 09:31 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2010-12-21 00:31 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2010-12-21 00:31 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2010-12-21 00:31 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2010-12-21 00:31 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-07 00:01 . 2010-12-21 00:31 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-07 00:01 . 2010-12-21 00:31 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 23:58 . 2010-12-21 00:31 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-27 12:16 . 2011-10-23 09:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 12:16 . 2010-04-19 05:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22 . 2008-07-29 22:51 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-14 05:09 . 2011-03-09 03:14 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-01-14 05:09 . 2011-03-09 03:14 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-01-14 05:09 . 2011-03-09 03:14 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-01-11 19:06 . 2012-02-16 19:24 3072 ------w- c:\windows\system32\iacenc.dll
2008-05-07 14:34 . 2008-07-30 00:28 15523560 ----a-w- c:\program files\U1 Setup.exe
2012-03-28 19:14 . 2011-04-19 01:10 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-17 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-16 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-28 204800]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-06 16858112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 104984]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 121368]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 100888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [url="http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNDczNjAzNzU2LVQxOS1CQSsxLUtWMys3LVhMKzEtU1QxKzItRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzMtQjE&prod=90&ver=10.0.1170""]http://www.avg.com/ww.special-uninstallati...10.0.1170"[/url] [?]
.
c:\documents and settings\Dolores Clark\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Asus Power Management Utility.lnk - c:\program files\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe [2008-11-17 294912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-23 02:10 136176 ----atw- c:\documents and settings\Dolores Clark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2009-02-02 17:46 251264 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 18:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Petbook player]
2012-02-08 21:17 941056 ----a-w- c:\documents and settings\Dolores Clark\Desktop\Player.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-02 23:02 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\zsnesw142\\zsnesw.exe"=
"c:\\Magic\\Manalink.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\MameKai\\kaillerasrv.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\ZDaemon\\ZLauncher.exe"=
"c:\\ZDaemon\\zdaemon.exe"=
"c:\\Program Files\\X-Chat 2\\xchat.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\terraria\\Terraria.exe"=
"c:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\terraria\\TerrariaServer.exe"=
"c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\GOG.com\\Freespace\\FS.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dungeons of dredmor\\Dungeons of Dredmor.exe"=
"c:\\Documents and Settings\\Dolores Clark\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"c:\\Documents and Settings\\Dolores Clark\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\BYOND\\bin\\byond.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58962:TCP"= 58962:TCP:Pando Media Booster
"58962:UDP"= 58962:UDP:Pando Media Booster
"57565:TCP"= 57565:TCP:Pando Media Booster
"57565:UDP"= 57565:UDP:Pando Media Booster
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/3/2009 1:52 AM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/24/2011 5:31 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/20/2010 8:31 PM 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/20/2010 8:31 PM 20696]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 mstbsvc;MSN Toolbar Setup;c:\program files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe [2/9/2009 9:33 PM 104784]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [7/29/2008 6:51 PM 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 9:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 2:17 AM 253600]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 cpuz130;cpuz130;\??\c:\docume~1\DOLORE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\DOLORE~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Desura Install Service;Desura Install Service;c:\program files\Common Files\Desura\desura_service.exe [2/2/2012 11:36 AM 131912]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [8/19/2008 2:38 PM 38272]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva356;XDva356;\??\c:\windows\system32\XDva356.sys --> c:\windows\system32\XDva356.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ADOBEFLASHPLAYERUPDATESVC
*Deregistered* - MBAMSwissArmy
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RPCQT
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:58]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1349882262-1105937718-339915021-1006Core.job
- c:\documents and settings\Dolores Clark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-23 02:10]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1349882262-1105937718-339915021-1006UA.job
- c:\documents and settings\Dolores Clark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-23 02:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1 192.168.2.2
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
FF - ProfilePath - c:\documents and settings\Dolores Clark\Application Data\Mozilla\Firefox\Profiles\ch13gv3j.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Test of Time Patch - c:\program files\Hasbro Interactive\Test of Time Patch\UninstCP.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 17:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\00\19\03\0f\11]"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-04-08 17:49:09
ComboFix-quarantined-files.txt 2012-04-08 21:48
.
Pre-Run: 2,057,142,272 bytes free
Post-Run: 2,368,659,456 bytes free
.
- - End Of File - - 6A7E45AF2CAB48918D1BFC096029F7FD

#4 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 08 April 2012 - 08:42 PM

Lp57, I'm not really familiar with Tarma Installer either but it is a third party installer to replace InstallaShield that you are probably used to seeing. I don't really know what is supposed to be better about it... but I don't believe it is malware. ComboFix was just removing some dross. Uneeded files that are just taking up space on your computer. PriceGong is just a garbage program that typically gets installed when you click on (or open email about) coupons or maybe price comparison websites. It can cause your system to be laggy. Things are looking pretty good to me. Please start your Malwarebytes', update it, then run a quick scan. Post the resultant report here please. Also, please let me know how things seem to be running at this point.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#5 Lp57

Authentic Member

Authentic Member
105 posts

Posted 08 April 2012 - 11:25 PM

Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.09.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Dolores Clark :: EEEPC [administrator] 4/9/2012 1:04:05 AM mbam-log-2012-04-09 (01-04-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 185606 Time elapsed: 21 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

#6 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 09 April 2012 - 08:06 AM

Lp57,

You didn't tell me how things seem to be?

Let's get an online scan:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#7 Lp57

Authentic Member

Authentic Member
105 posts

Posted 09 April 2012 - 05:44 PM

I didn't say how it was behaving cause it normally only tried to access once a day ( or after a restart not sure since I tend to restart around the same time) and seemed to be early during the day. So far, so good. It hasn't tried today that I've caught. the ESET log: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=115f6ab6846711458c4b337038cae7f0 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-04-09 11:37:03 # local_time=2012-04-09 07:37:03 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 61213426 61213426 0 0 # compatibility_mode=768 16777215 100 0 41027688 41027688 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=263686 # found=4 # cleaned=0 # scan_time=12705 C:\Documents and Settings\Dolores Clark\Desktop\SYSTEMSHOCK-Portable-v1.2\RES\affinity.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Dolores Clark\My Documents\Azureus Downloads\Microsoft Freelancer-SIGISMUNT\trainer\r-fltr4.exe a variant of Win32/GameHack.S application (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{04178546-C85A-456E-86F0-015E98165390}\RP335\A0064917.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I

#8 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 09 April 2012 - 09:00 PM

Lp57, There really appears to be only one issue there... and the resolution is a little unclear. C:\Documents and Settings\Dolores Clark\My Documents\Azureus Downloads\Microsoft Freelancer-SIGISMUNT\trainer\r-fltr4.exe is a problem. That particular file has been known to come with a BackDoor trojan - though I haven't found a sign of it but it could have been rendered impotent by your anti-virus. What makes the correct resolution unclear is as follows: Microsoft Freelancer-SIGISMUNT appears that it may be a pirated version of Microsoft Freelancer that has been cracked. If that is the case... we need to remove the whole program. If the program is legitimate... we only need to remove the r-fltr4.exe program. But... if we only remove the r-fltr4.exe program... and Microsoft Freelancer has in fact been cracked... the program may cease to operate, or become unstable, or perhaps even trigger the activation of the backdoor trojan. So... the question to you is... Is the Microsoft Freelancer program installed on your computer a legitimate copy? Based upon the answer to that question... I'll provide instructions.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#9 Lp57

Authentic Member

Authentic Member
105 posts

Posted 10 April 2012 - 02:08 PM

Sort of legit. I own freelancer on cd, but my netbook doesn't have any drives. I've just never accepted buying games I already own for digital download rights. Chaps my butt cheeks having to pay another 10 bucks for something I already paid 40 or more for once. It can be removed tho, it's be on here for about a year and I don't think I ever used that trainer that came with it. Seems odd, haven't touched freelancer in a couple months. Avast hasn't warned me about Rpcqt.dll/scvhost trying to download anything. Spoke too soon, avast just popped up blocking the same stuff I posted in the 1st post. Hmm.

Edited by Lp57, 10 April 2012 - 03:08 PM.

#10 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 10 April 2012 - 04:33 PM

Let's get a better look at that file:

Please scan the following files

Please go to VirusTotal

On the page you'll find a "Browse" button.
Click on the Browse button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

C:\WINDOWS\system32\Rpcqt.dll

Next, click the Open button.
Then click the "Send File" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now.
Once scanned, copy and paste the link to the results page in your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Advertisements

Register to Remove

#11 Lp57

Authentic Member

Authentic Member
105 posts

Posted 10 April 2012 - 05:50 PM

https://www.virustot...02a6b/analysis/

#12 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 10 April 2012 - 07:03 PM

Hmm.... that appears to be the legitimate file... but something strange seems to be going on. Let's try this please:

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#13 Lp57

Authentic Member

Authentic Member
105 posts

Posted 10 April 2012 - 07:36 PM

21:29:52.0484 3668 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05 21:29:53.0000 3668 ============================================================ 21:29:53.0000 3668 Current date / time: 2012/04/10 21:29:53.0000 21:29:53.0000 3668 SystemInfo: 21:29:53.0000 3668 21:29:53.0000 3668 OS Version: 5.1.2600 ServicePack: 3.0 21:29:53.0000 3668 Product type: Workstation 21:29:53.0000 3668 ComputerName: EEEPC 21:29:53.0000 3668 UserName: Dolores Clark 21:29:53.0000 3668 Windows directory: C:\WINDOWS 21:29:53.0000 3668 System windows directory: C:\WINDOWS 21:29:53.0000 3668 Processor architecture: Intel x86 21:29:53.0000 3668 Number of processors: 1 21:29:53.0000 3668 Page size: 0x1000 21:29:53.0000 3668 Boot type: Normal boot 21:29:53.0000 3668 ============================================================ 21:29:58.0218 3668 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:29:58.0281 3668 \Device\Harddisk0\DR0: 21:29:58.0281 3668 MBR used 21:29:58.0281 3668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF83C7E 21:29:58.0312 3668 Initialize success 21:29:58.0312 3668 ============================================================ 21:31:00.0578 5036 ============================================================ 21:31:00.0578 5036 Scan started 21:31:00.0578 5036 Mode: Manual; SigCheck; TDLFS; 21:31:00.0578 5036 ============================================================ 21:31:01.0171 5036 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys 21:31:01.0671 5036 Aavmker4 - ok 21:31:01.0765 5036 Abiosdsk - ok 21:31:01.0796 5036 abp480n5 - ok 21:31:01.0875 5036 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:31:02.0750 5036 ACPI - ok 21:31:02.0890 5036 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 21:31:03.0187 5036 ACPIEC - ok 21:31:03.0390 5036 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:31:03.0437 5036 AdobeFlashPlayerUpdateSvc - ok 21:31:03.0468 5036 adpu160m - ok 21:31:03.0578 5036 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:31:03.0859 5036 aec - ok 21:31:03.0984 5036 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 21:31:04.0031 5036 AFD - ok 21:31:04.0093 5036 Aha154x - ok 21:31:04.0125 5036 aic78u2 - ok 21:31:04.0156 5036 aic78xx - ok 21:31:04.0218 5036 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 21:31:04.0531 5036 Alerter - ok 21:31:04.0593 5036 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 21:31:04.0718 5036 ALG - ok 21:31:04.0812 5036 AliIde - ok 21:31:04.0828 5036 amsint - ok 21:31:04.0859 5036 AppMgmt - ok 21:31:04.0890 5036 asc - ok 21:31:04.0906 5036 asc3350p - ok 21:31:04.0937 5036 asc3550 - ok 21:31:05.0109 5036 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 21:31:05.0203 5036 aspnet_state - ok 21:31:05.0343 5036 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 21:31:05.0390 5036 AsusACPI - ok 21:31:05.0453 5036 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys 21:31:05.0484 5036 aswFsBlk - ok 21:31:05.0562 5036 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys 21:31:05.0593 5036 aswMon2 - ok 21:31:05.0703 5036 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys 21:31:05.0718 5036 aswRdr - ok 21:31:05.0875 5036 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys 21:31:05.0968 5036 aswSnx - ok 21:31:06.0093 5036 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys 21:31:06.0140 5036 aswSP - ok 21:31:06.0250 5036 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys 21:31:06.0281 5036 aswTdi - ok 21:31:06.0343 5036 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:31:06.0640 5036 AsyncMac - ok 21:31:06.0765 5036 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:31:07.0062 5036 atapi - ok 21:31:07.0203 5036 Atdisk - ok 21:31:07.0265 5036 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:31:07.0578 5036 Atmarpc - ok 21:31:07.0687 5036 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 21:31:07.0984 5036 AudioSrv - ok 21:31:08.0078 5036 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:31:08.0359 5036 audstub - ok 21:31:08.0515 5036 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 21:31:08.0531 5036 avast! Antivirus - ok 21:31:08.0656 5036 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE 21:31:08.0718 5036 BBSvc - ok 21:31:08.0890 5036 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE 21:31:08.0937 5036 BBUpdate - ok 21:31:09.0062 5036 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:31:09.0359 5036 Beep - ok 21:31:09.0468 5036 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 21:31:09.0796 5036 BITS - ok 21:31:09.0937 5036 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 21:31:10.0234 5036 Browser - ok 21:31:10.0421 5036 catchme - ok 21:31:10.0484 5036 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:31:10.0765 5036 cbidf2k - ok 21:31:10.0859 5036 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 21:31:11.0140 5036 CCDECODE - ok 21:31:11.0171 5036 cd20xrnt - ok 21:31:11.0265 5036 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:31:11.0562 5036 Cdaudio - ok 21:31:11.0687 5036 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:31:11.0984 5036 Cdfs - ok 21:31:12.0078 5036 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:31:12.0359 5036 Cdrom - ok 21:31:12.0468 5036 Changer - ok 21:31:12.0515 5036 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 21:31:12.0859 5036 CiSvc - ok 21:31:13.0000 5036 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 21:31:14.0343 5036 ClipSrv - ok 21:31:14.0500 5036 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:31:14.0625 5036 clr_optimization_v2.0.50727_32 - ok 21:31:14.0843 5036 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:31:14.0953 5036 clr_optimization_v4.0.30319_32 - ok 21:31:15.0062 5036 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:31:15.0359 5036 CmBatt - ok 21:31:15.0390 5036 CmdIde - ok 21:31:15.0468 5036 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:31:15.0796 5036 Compbatt - ok 21:31:15.0828 5036 COMSysApp - ok 21:31:15.0859 5036 Cpqarray - ok 21:31:16.0000 5036 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys 21:31:16.0031 5036 cpudrv - ok 21:31:16.0171 5036 cpuz130 - ok 21:31:16.0281 5036 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 21:31:16.0609 5036 CryptSvc - ok 21:31:16.0671 5036 dac2w2k - ok 21:31:16.0718 5036 dac960nt - ok 21:31:16.0781 5036 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 21:31:16.0890 5036 DcomLaunch - ok 21:31:17.0046 5036 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files\Common Files\Desura\desura_service.exe 21:31:17.0078 5036 Desura Install Service - ok 21:31:17.0187 5036 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 21:31:17.0500 5036 Dhcp - ok 21:31:17.0609 5036 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:31:17.0906 5036 Disk - ok 21:31:17.0921 5036 dmadmin - ok 21:31:18.0046 5036 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 21:31:18.0421 5036 dmboot - ok 21:31:18.0609 5036 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 21:31:18.0921 5036 dmio - ok 21:31:19.0031 5036 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:31:19.0343 5036 dmload - ok 21:31:19.0406 5036 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 21:31:19.0781 5036 dmserver - ok 21:31:19.0906 5036 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:31:20.0218 5036 DMusic - ok 21:31:20.0343 5036 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 21:31:20.0421 5036 Dnscache - ok 21:31:20.0468 5036 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 21:31:20.0796 5036 Dot3svc - ok 21:31:20.0859 5036 dpti2o - ok 21:31:20.0937 5036 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:31:21.0234 5036 drmkaud - ok 21:31:21.0296 5036 EagleNT - ok 21:31:21.0312 5036 EagleXNt - ok 21:31:21.0390 5036 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 21:31:21.0796 5036 EapHost - ok 21:31:21.0921 5036 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys 21:31:21.0968 5036 ENTECH - ok 21:31:22.0046 5036 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 21:31:22.0359 5036 ERSvc - ok 21:31:22.0515 5036 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 21:31:22.0640 5036 Eventlog - ok 21:31:22.0718 5036 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 21:31:22.0828 5036 EventSystem - ok 21:31:22.0968 5036 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:31:23.0281 5036 Fastfat - ok 21:31:23.0375 5036 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:31:23.0484 5036 FastUserSwitchingCompatibility - ok 21:31:23.0578 5036 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 21:31:23.0937 5036 Fdc - ok 21:31:24.0031 5036 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 21:31:24.0406 5036 Fips - ok 21:31:24.0515 5036 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 21:31:25.0078 5036 Flpydisk - ok 21:31:25.0234 5036 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 21:31:25.0593 5036 FltMgr - ok 21:31:25.0828 5036 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 21:31:25.0843 5036 FontCache3.0.0.0 - ok 21:31:25.0968 5036 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys 21:31:26.0296 5036 FsVga - ok 21:31:26.0656 5036 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:31:26.0984 5036 Fs_Rec - ok 21:31:27.0093 5036 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:31:27.0546 5036 Ftdisk - ok 21:31:27.0656 5036 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:31:27.0953 5036 Gpc - ok 21:31:28.0062 5036 hamachi (d30b31375c40309425c21efe75db90bb) C:\WINDOWS\system32\DRIVERS\hamachi.sys 21:31:28.0093 5036 hamachi - ok 21:31:28.0171 5036 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:31:28.0515 5036 HDAudBus - ok 21:31:28.0687 5036 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 21:31:29.0000 5036 helpsvc - ok 21:31:29.0046 5036 HidServ - ok 21:31:29.0125 5036 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:31:29.0437 5036 HidUsb - ok 21:31:29.0531 5036 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 21:31:29.0859 5036 hkmsvc - ok 21:31:29.0968 5036 hpn - ok 21:31:30.0031 5036 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 21:31:30.0093 5036 HTTP - ok 21:31:30.0187 5036 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 21:31:30.0531 5036 HTTPFilter - ok 21:31:30.0593 5036 i2omgmt - ok 21:31:30.0625 5036 i2omp - ok 21:31:30.0687 5036 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:31:31.0031 5036 i8042prt - ok 21:31:31.0203 5036 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 21:31:31.0390 5036 ialm - ok 21:31:31.0578 5036 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 21:31:31.0609 5036 IDriverT ( UnsignedFile.Multi.Generic ) - warning 21:31:31.0609 5036 IDriverT - detected UnsignedFile.Multi.Generic (1) 21:31:31.0796 5036 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:31:31.0875 5036 idsvc - ok 21:31:31.0984 5036 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:31:32.0281 5036 Imapi - ok 21:31:32.0343 5036 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 21:31:32.0671 5036 ImapiService - ok 21:31:32.0750 5036 ini910u - ok 21:31:33.0015 5036 IntcAzAudAddService (cc8e47e97e4cb382c842a3066b1dfa7d) C:\WINDOWS\system32\drivers\RtkHDAud.sys 21:31:33.0421 5036 IntcAzAudAddService - ok 21:31:33.0546 5036 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 21:31:33.0843 5036 IntelIde - ok 21:31:33.0937 5036 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:31:34.0234 5036 intelppm - ok 21:31:34.0328 5036 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 21:31:34.0625 5036 Ip6Fw - ok 21:31:34.0750 5036 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:31:35.0031 5036 IpFilterDriver - ok 21:31:35.0156 5036 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:31:35.0421 5036 IpInIp - ok 21:31:35.0515 5036 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:31:35.0812 5036 IpNat - ok 21:31:35.0937 5036 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:31:36.0234 5036 IPSec - ok 21:31:36.0343 5036 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:31:36.0484 5036 IRENUM - ok 21:31:36.0578 5036 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:31:36.0890 5036 isapnp - ok 21:31:37.0125 5036 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe 21:31:37.0171 5036 JavaQuickStarterService - ok 21:31:37.0640 5036 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:31:37.0953 5036 Kbdclass - ok 21:31:38.0046 5036 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 21:31:38.0359 5036 kmixer - ok 21:31:38.0500 5036 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 21:31:38.0546 5036 KSecDD - ok 21:31:38.0671 5036 Ktp (fdee5b743205ac0d68ad68be2847893b) C:\WINDOWS\system32\DRIVERS\ETD.sys 21:31:38.0765 5036 Ktp - ok 21:31:38.0828 5036 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 21:31:38.0921 5036 L1e - ok 21:31:39.0046 5036 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 21:31:39.0140 5036 LanmanServer - ok 21:31:39.0281 5036 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 21:31:39.0406 5036 lanmanworkstation - ok 21:31:39.0437 5036 lbrtfdc - ok 21:31:39.0531 5036 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 21:31:39.0859 5036 LmHosts - ok 21:31:39.0937 5036 ManyCam - ok 21:31:40.0015 5036 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 21:31:40.0359 5036 Messenger - ok 21:31:40.0484 5036 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:31:40.0781 5036 mnmdd - ok 21:31:40.0906 5036 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 21:31:41.0203 5036 mnmsrvc - ok 21:31:41.0312 5036 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 21:31:41.0625 5036 Modem - ok 21:31:41.0750 5036 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:31:42.0031 5036 Mouclass - ok 21:31:42.0140 5036 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:31:42.0437 5036 mouhid - ok 21:31:42.0734 5036 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 21:31:43.0046 5036 MountMgr - ok 21:31:43.0109 5036 mraid35x - ok 21:31:43.0187 5036 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:31:43.0484 5036 MRxDAV - ok 21:31:43.0656 5036 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:31:44.0093 5036 MRxSmb - ok 21:31:44.0312 5036 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 21:31:44.0640 5036 MSDTC - ok 21:31:44.0765 5036 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 21:31:45.0062 5036 Msfs - ok 21:31:45.0125 5036 MSIServer - ok 21:31:45.0234 5036 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:31:45.0531 5036 MSKSSRV - ok 21:31:45.0656 5036 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:31:45.0937 5036 MSPCLOCK - ok 21:31:46.0046 5036 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 21:31:46.0390 5036 MSPQM - ok 21:31:46.0484 5036 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:31:46.0828 5036 mssmbios - ok 21:31:46.0968 5036 mstbsvc (6a7d7b1c1e829c4332292d492d8140fd) C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe 21:31:47.0000 5036 mstbsvc - ok 21:31:47.0109 5036 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 21:31:47.0406 5036 MSTEE - ok 21:31:47.0515 5036 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 21:31:47.0578 5036 Mup - ok 21:31:47.0671 5036 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 21:31:47.0953 5036 NABTSFEC - ok 21:31:48.0062 5036 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 21:31:48.0406 5036 napagent - ok 21:31:48.0546 5036 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 21:31:48.0875 5036 NDIS - ok 21:31:48.0968 5036 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 21:31:49.0281 5036 NdisIP - ok 21:31:49.0312 5036 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:31:49.0359 5036 NdisTapi - ok 21:31:49.0453 5036 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:31:49.0765 5036 Ndisuio - ok 21:31:49.0890 5036 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:31:50.0250 5036 NdisWan - ok 21:31:50.0296 5036 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 21:31:50.0359 5036 NDProxy - ok 21:31:50.0484 5036 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:31:50.0796 5036 NetBIOS - ok 21:31:50.0890 5036 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:31:51.0265 5036 NetBT - ok 21:31:51.0359 5036 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 21:31:51.0718 5036 NetDDE - ok 21:31:51.0796 5036 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 21:31:52.0109 5036 NetDDEdsdm - ok 21:31:52.0250 5036 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:31:52.0625 5036 Netlogon - ok 21:31:52.0734 5036 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 21:31:53.0046 5036 Netman - ok 21:31:53.0281 5036 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 21:31:53.0343 5036 NetTcpPortSharing - ok 21:31:53.0453 5036 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 21:31:53.0531 5036 Nla - ok 21:31:53.0625 5036 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 21:31:53.0937 5036 Npfs - ok 21:31:53.0953 5036 npggsvc - ok 21:31:54.0046 5036 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 21:31:54.0406 5036 Ntfs - ok 21:31:54.0531 5036 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:31:54.0843 5036 NtLmSsp - ok 21:31:54.0953 5036 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 21:31:55.0312 5036 NtmsSvc - ok 21:31:55.0437 5036 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:31:55.0750 5036 Null - ok 21:31:55.0843 5036 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:31:56.0187 5036 NwlnkFlt - ok 21:31:56.0218 5036 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:31:56.0562 5036 NwlnkFwd - ok 21:31:56.0656 5036 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 21:31:56.0968 5036 Parport - ok 21:31:57.0078 5036 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 21:31:57.0406 5036 PartMgr - ok 21:31:57.0531 5036 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 21:31:57.0859 5036 ParVdm - ok 21:31:57.0984 5036 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 21:31:58.0281 5036 PCI - ok 21:31:58.0296 5036 PCIDump - ok 21:31:58.0390 5036 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys 21:31:58.0718 5036 PCIIde - ok 21:31:58.0859 5036 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 21:31:59.0171 5036 Pcmcia - ok 21:31:59.0265 5036 PDCOMP - ok 21:31:59.0312 5036 PDFRAME - ok 21:31:59.0343 5036 PDRELI - ok 21:31:59.0390 5036 PDRFRAME - ok 21:31:59.0437 5036 perc2 - ok 21:31:59.0484 5036 perc2hib - ok 21:31:59.0578 5036 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 21:31:59.0640 5036 PlugPlay - ok 21:31:59.0765 5036 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:32:00.0078 5036 PolicyAgent - ok 21:32:00.0187 5036 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:32:00.0515 5036 PptpMiniport - ok 21:32:00.0546 5036 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:32:00.0859 5036 ProtectedStorage - ok 21:32:00.0968 5036 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 21:32:01.0281 5036 PSched - ok 21:32:01.0359 5036 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:32:01.0687 5036 Ptilink - ok 21:32:01.0796 5036 ql1080 - ok 21:32:01.0843 5036 Ql10wnt - ok 21:32:01.0859 5036 ql12160 - ok 21:32:01.0890 5036 ql1240 - ok 21:32:01.0921 5036 ql1280 - ok 21:32:02.0000 5036 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:32:02.0312 5036 RasAcd - ok 21:32:02.0406 5036 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 21:32:02.0765 5036 RasAuto - ok 21:32:02.0890 5036 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:32:03.0203 5036 Rasl2tp - ok 21:32:03.0281 5036 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 21:32:03.0593 5036 RasMan - ok 21:32:03.0796 5036 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:32:04.0093 5036 RasPppoe - ok 21:32:04.0234 5036 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:32:04.0546 5036 Raspti - ok 21:32:04.0671 5036 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:32:04.0984 5036 Rdbss - ok 21:32:05.0109 5036 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:32:05.0421 5036 RDPCDD - ok 21:32:05.0546 5036 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 21:32:05.0625 5036 RDPWD - ok 21:32:05.0703 5036 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 21:32:06.0031 5036 RDSessMgr - ok 21:32:06.0140 5036 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:32:06.0500 5036 redbook - ok 21:32:06.0625 5036 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 21:32:06.0937 5036 RemoteAccess - ok 21:32:07.0109 5036 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 21:32:07.0406 5036 RpcLocator - ok 21:32:07.0546 5036 RPCQT - ok 21:32:07.0625 5036 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 21:32:07.0734 5036 RpcSs - ok 21:32:07.0828 5036 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 21:32:08.0203 5036 RSVP - ok 21:32:08.0375 5036 rtl8187Se (0df1d68f289e07efd054b498d8efbbfd) C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys 21:32:08.0515 5036 rtl8187Se - ok 21:32:08.0625 5036 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:32:08.0921 5036 SamSs - ok 21:32:09.0015 5036 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 21:32:09.0359 5036 SCardSvr - ok 21:32:09.0453 5036 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 21:32:09.0765 5036 Schedule - ok 21:32:09.0875 5036 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:32:09.0921 5036 Secdrv ( UnsignedFile.Multi.Generic ) - warning 21:32:09.0921 5036 Secdrv - detected UnsignedFile.Multi.Generic (1) 21:32:09.0984 5036 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 21:32:10.0312 5036 seclogon - ok 21:32:10.0421 5036 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 21:32:10.0750 5036 SENS - ok 21:32:10.0890 5036 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 21:32:11.0203 5036 Serial - ok 21:32:11.0390 5036 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys 21:32:11.0406 5036 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning 21:32:11.0406 5036 sfdrv01 - detected UnsignedFile.Multi.Generic (1) 21:32:11.0468 5036 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys 21:32:11.0515 5036 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning 21:32:11.0515 5036 sfhlp02 - detected UnsignedFile.Multi.Generic (1) 21:32:11.0593 5036 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 21:32:11.0921 5036 Sfloppy - ok 21:32:12.0015 5036 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys 21:32:12.0031 5036 sfsync02 ( UnsignedFile.Multi.Generic ) - warning 21:32:12.0031 5036 sfsync02 - detected UnsignedFile.Multi.Generic (1) 21:32:12.0109 5036 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 21:32:12.0453 5036 SharedAccess - ok 21:32:12.0593 5036 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:32:12.0656 5036 ShellHWDetection - ok 21:32:12.0687 5036 Simbad - ok 21:32:12.0812 5036 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 21:32:12.0843 5036 SkypeUpdate - ok 21:32:12.0953 5036 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 21:32:13.0265 5036 SLIP - ok 21:32:13.0296 5036 Sparrow - ok 21:32:13.0343 5036 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 21:32:13.0687 5036 splitter - ok 21:32:13.0781 5036 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 21:32:13.0875 5036 Spooler - ok 21:32:14.0093 5036 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 21:32:14.0109 5036 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 21:32:14.0109 5036 sptd ( LockedFile.Multi.Generic ) - warning 21:32:14.0109 5036 sptd - detected LockedFile.Multi.Generic (1) 21:32:14.0281 5036 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 21:32:14.0421 5036 sr - ok 21:32:14.0484 5036 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 21:32:14.0625 5036 srservice - ok 21:32:14.0687 5036 SRS_PremiumSound_Service (3a424746e0278f4d77e084a3b1bca97b) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys 21:32:14.0734 5036 SRS_PremiumSound_Service - ok 21:32:14.0796 5036 SRTSP - ok 21:32:14.0843 5036 SRTSPX - ok 21:32:14.0921 5036 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 21:32:15.0031 5036 Srv - ok 21:32:15.0140 5036 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 21:32:15.0296 5036 SSDPSRV - ok 21:32:15.0406 5036 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 21:32:15.0734 5036 stisvc - ok 21:32:15.0890 5036 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 21:32:16.0171 5036 streamip - ok 21:32:16.0265 5036 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:32:16.0593 5036 swenum - ok 21:32:16.0687 5036 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 21:32:16.0984 5036 swmidi - ok 21:32:17.0000 5036 SwPrv - ok 21:32:17.0031 5036 symc810 - ok 21:32:17.0046 5036 symc8xx - ok 21:32:17.0078 5036 sym_hi - ok 21:32:17.0093 5036 sym_u3 - ok 21:32:17.0156 5036 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 21:32:17.0453 5036 sysaudio - ok 21:32:17.0546 5036 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 21:32:17.0906 5036 SysmonLog - ok 21:32:18.0000 5036 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 21:32:18.0312 5036 TapiSrv - ok 21:32:18.0421 5036 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:32:18.0515 5036 Tcpip - ok 21:32:18.0609 5036 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:32:18.0921 5036 TDPIPE - ok 21:32:19.0062 5036 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 21:32:19.0359 5036 TDTCP - ok 21:32:19.0468 5036 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:32:19.0781 5036 TermDD - ok 21:32:19.0953 5036 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 21:32:20.0312 5036 TermService - ok 21:32:20.0453 5036 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:32:20.0515 5036 Themes - ok 21:32:20.0546 5036 TosIde - ok 21:32:20.0609 5036 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 21:32:20.0937 5036 TrkWks - ok 21:32:21.0109 5036 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 21:32:21.0406 5036 Udfs - ok 21:32:21.0421 5036 ultra - ok 21:32:21.0546 5036 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 21:32:21.0906 5036 Update - ok 21:32:22.0000 5036 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 21:32:22.0156 5036 upnphost - ok 21:32:22.0218 5036 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 21:32:22.0625 5036 UPS - ok 21:32:22.0781 5036 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 21:32:23.0968 5036 usbaudio - ok 21:32:24.0437 5036 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:32:24.0781 5036 usbccgp - ok 21:32:24.0875 5036 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:32:25.0171 5036 usbehci - ok 21:32:25.0265 5036 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:32:25.0593 5036 usbhub - ok 21:32:25.0687 5036 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:32:25.0984 5036 usbstor - ok 21:32:26.0046 5036 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:32:26.0359 5036 usbuhci - ok 21:32:26.0468 5036 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 21:32:26.0796 5036 usbvideo - ok 21:32:26.0890 5036 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 21:32:27.0203 5036 VgaSave - ok 21:32:27.0234 5036 ViaIde - ok 21:32:27.0281 5036 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 21:32:27.0593 5036 VolSnap - ok 21:32:27.0703 5036 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 21:32:27.0890 5036 VSS - ok 21:32:28.0062 5036 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 21:32:28.0375 5036 W32Time - ok 21:32:28.0515 5036 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:32:28.0875 5036 Wanarp - ok 21:32:28.0953 5036 WDICA - ok 21:32:29.0015 5036 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 21:32:29.0421 5036 wdmaud - ok 21:32:29.0734 5036 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 21:32:30.0265 5036 WebClient - ok 21:32:30.0484 5036 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 21:32:30.0875 5036 winmgmt - ok 21:32:31.0328 5036 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe 21:32:31.0375 5036 WLSetupSvc ( UnsignedFile.Multi.Generic ) - warning 21:32:31.0375 5036 WLSetupSvc - detected UnsignedFile.Multi.Generic (1) 21:32:31.0484 5036 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 21:32:31.0578 5036 WmdmPmSN - ok 21:32:31.0718 5036 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 21:32:32.0750 5036 WmiApSrv - ok 21:32:32.0921 5036 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 21:32:33.0468 5036 WMPNetworkSvc - ok 21:32:33.0750 5036 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 21:32:34.0062 5036 WPFFontCache_v0400 - ok 21:32:34.0218 5036 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 21:32:35.0906 5036 WS2IFSL - ok 21:32:36.0046 5036 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 21:32:36.0390 5036 wscsvc - ok 21:32:36.0515 5036 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 21:32:36.0812 5036 WSTCODEC - ok 21:32:36.0906 5036 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 21:32:37.0234 5036 wuauserv - ok 21:32:37.0343 5036 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:32:37.0421 5036 WudfPf - ok 21:32:37.0515 5036 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 21:32:37.0546 5036 WudfRd - ok 21:32:37.0625 5036 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 21:32:37.0718 5036 WudfSvc - ok 21:32:37.0843 5036 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 21:32:38.0203 5036 WZCSVC - ok 21:32:38.0296 5036 XDva356 - ok 21:32:38.0343 5036 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 21:32:38.0703 5036 xmlprov - ok 21:32:38.0890 5036 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 21:32:38.0953 5036 YahooAUService - ok 21:32:39.0031 5036 MBR (0x1B8) (6d589cfce97527ce5d3b291f4d2d54cb) \Device\Harddisk0\DR0 21:32:39.0312 5036 \Device\Harddisk0\DR0 - ok 21:32:39.0328 5036 Boot (0x1200) (34eb64d9847c30a12d52029b15cc9000) \Device\Harddisk0\DR0\Partition0 21:32:39.0328 5036 \Device\Harddisk0\DR0\Partition0 - ok 21:32:39.0328 5036 ============================================================ 21:32:39.0328 5036 Scan finished 21:32:39.0328 5036 ============================================================ 21:32:39.0468 4796 Detected object count: 7 21:32:39.0468 4796 Actual detected object count: 7 21:33:30.0375 4796 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 21:33:30.0375 4796 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:33:30.0375 4796 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user 21:33:30.0375 4796 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:33:30.0375 4796 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user 21:33:30.0375 4796 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:33:30.0375 4796 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user 21:33:30.0375 4796 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:33:30.0390 4796 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user 21:33:30.0390 4796 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:33:30.0390 4796 sptd ( LockedFile.Multi.Generic ) - skipped by user 21:33:30.0390 4796 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 21:33:30.0390 4796 WLSetupSvc ( UnsignedFile.Multi.Generic ) - skipped by user 21:33:30.0390 4796 WLSetupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:33:59.0875 3812 ============================================================ 21:33:59.0875 3812 Scan started 21:33:59.0875 3812 Mode: Manual; SigCheck; TDLFS; 21:33:59.0875 3812 ============================================================ 21:34:00.0375 3812 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys 21:34:00.0500 3812 Aavmker4 - ok 21:34:00.0531 3812 Abiosdsk - ok 21:34:00.0546 3812 abp480n5 - ok 21:34:00.0671 3812 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:34:01.0000 3812 ACPI - ok 21:34:01.0125 3812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 21:34:01.0421 3812 ACPIEC - ok 21:34:01.0593 3812 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:34:01.0640 3812 AdobeFlashPlayerUpdateSvc - ok 21:34:01.0671 3812 adpu160m - ok 21:34:01.0750 3812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:34:02.0046 3812 aec - ok 21:34:02.0171 3812 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 21:34:02.0234 3812 AFD - ok 21:34:02.0265 3812 Aha154x - ok 21:34:02.0296 3812 aic78u2 - ok 21:34:02.0328 3812 aic78xx - ok 21:34:02.0390 3812 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 21:34:02.0718 3812 Alerter - ok 21:34:02.0859 3812 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 21:34:03.0000 3812 ALG - ok 21:34:03.0062 3812 AliIde - ok 21:34:03.0093 3812 amsint - ok 21:34:03.0109 3812 AppMgmt - ok 21:34:03.0140 3812 asc - ok 21:34:03.0203 3812 asc3350p - ok 21:34:03.0218 3812 asc3550 - ok 21:34:03.0421 3812 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 21:34:03.0453 3812 aspnet_state - ok 21:34:03.0578 3812 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 21:34:03.0671 3812 AsusACPI - ok 21:34:03.0750 3812 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys 21:34:03.0796 3812 aswFsBlk - ok 21:34:03.0906 3812 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys 21:34:03.0921 3812 aswMon2 - ok 21:34:03.0984 3812 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys 21:34:04.0015 3812 aswRdr - ok 21:34:04.0093 3812 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys 21:34:04.0156 3812 aswSnx - ok 21:34:04.0281 3812 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys 21:34:04.0328 3812 aswSP - ok 21:34:04.0406 3812 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys 21:34:04.0437 3812 aswTdi - ok 21:34:04.0484 3812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:34:04.0781 3812 AsyncMac - ok 21:34:04.0921 3812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:34:05.0218 3812 atapi - ok 21:34:05.0250 3812 Atdisk - ok 21:34:05.0343 3812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:34:05.0687 3812 Atmarpc - ok 21:34:05.0781 3812 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 21:34:06.0109 3812 AudioSrv - ok 21:34:06.0218 3812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:34:06.0500 3812 audstub - ok 21:34:06.0671 3812 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 21:34:06.0703 3812 avast! Antivirus - ok 21:34:06.0828 3812 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE 21:34:06.0890 3812 BBSvc - ok 21:34:06.0937 3812 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE 21:34:07.0000 3812 BBUpdate - ok 21:34:07.0109 3812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:34:07.0421 3812 Beep - ok 21:34:07.0546 3812 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 21:34:08.0062 3812 BITS - ok 21:34:08.0203 3812 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 21:34:08.0578 3812 Browser - ok 21:34:08.0781 3812 catchme - ok 21:34:08.0875 3812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:34:09.0203 3812 cbidf2k - ok 21:34:09.0453 3812 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 21:34:09.0750 3812 CCDECODE - ok 21:34:09.0859 3812 cd20xrnt - ok 21:34:09.0937 3812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:34:10.0265 3812 Cdaudio - ok 21:34:10.0390 3812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:34:10.0718 3812 Cdfs - ok 21:34:10.0828 3812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:34:11.0171 3812 Cdrom - ok 21:34:11.0187 3812 Changer - ok 21:34:11.0265 3812 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 21:34:11.0625 3812 CiSvc - ok 21:34:11.0734 3812 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 21:34:13.0000 3812 ClipSrv - ok 21:34:14.0281 3812 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:34:14.0812 3812 clr_optimization_v2.0.50727_32 - ok 21:34:15.0312 3812 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:34:15.0343 3812 clr_optimization_v4.0.30319_32 - ok 21:34:15.0453 3812 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:34:15.0781 3812 CmBatt - ok 21:34:15.0812 3812 CmdIde - ok 21:34:15.0906 3812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:34:16.0468 3812 Compbatt - ok 21:34:16.0500 3812 COMSysApp - ok 21:34:16.0531 3812 Cpqarray - ok 21:34:16.0671 3812 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys 21:34:16.0703 3812 cpudrv - ok 21:34:16.0843 3812 cpuz130 - ok 21:34:17.0218 3812 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 21:34:17.0703 3812 CryptSvc - ok 21:34:17.0765 3812 dac2w2k - ok 21:34:17.0781 3812 dac960nt - ok 21:34:17.0859 3812 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 21:34:17.0921 3812 DcomLaunch - ok 21:34:18.0031 3812 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files\Common Files\Desura\desura_service.exe 21:34:18.0062 3812 Desura Install Service - ok 21:34:18.0171 3812 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 21:34:18.0453 3812 Dhcp - ok 21:34:18.0578 3812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:34:18.0875 3812 Disk - ok 21:34:18.0953 3812 dmadmin - ok 21:34:19.0046 3812 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 21:34:19.0343 3812 dmboot - ok 21:34:19.0437 3812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 21:34:19.0718 3812 dmio - ok 21:34:19.0859 3812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:34:20.0156 3812 dmload - ok 21:34:20.0218 3812 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 21:34:20.0546 3812 dmserver - ok 21:34:20.0656 3812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:34:20.0953 3812 DMusic - ok 21:34:21.0046 3812 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 21:34:21.0109 3812 Dnscache - ok 21:34:21.0390 3812 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 21:34:21.0765 3812 Dot3svc - ok 21:34:21.0875 3812 dpti2o - ok 21:34:21.0921 3812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:34:22.0218 3812 drmkaud - ok 21:34:22.0281 3812 EagleNT - ok 21:34:22.0312 3812 EagleXNt - ok 21:34:22.0359 3812 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 21:34:22.0687 3812 EapHost - ok 21:34:22.0968 3812 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys 21:34:23.0000 3812 ENTECH - ok 21:34:23.0062 3812 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 21:34:23.0328 3812 ERSvc - ok 21:34:23.0500 3812 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 21:34:23.0562 3812 Eventlog - ok 21:34:23.0640 3812 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 21:34:24.0109 3812 EventSystem - ok 21:34:24.0250 3812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:34:24.0562 3812 Fastfat - ok 21:34:25.0140 3812 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:34:25.0343 3812 FastUserSwitchingCompatibility - ok 21:34:25.0484 3812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 21:34:25.0843 3812 Fdc - ok 21:34:25.0953 3812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 21:34:26.0265 3812 Fips - ok 21:34:26.0546 3812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 21:34:26.0890 3812 Flpydisk - ok 21:34:27.0031 3812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 21:34:27.0296 3812 FltMgr - ok 21:34:27.0468 3812 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 21:34:27.0484 3812 FontCache3.0.0.0 - ok 21:34:27.0625 3812 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys 21:34:28.0109 3812 FsVga - ok 21:34:28.0203 3812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:34:28.0468 3812 Fs_Rec - ok 21:34:28.0593 3812 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:34:28.0921 3812 Ftdisk - ok 21:34:29.0062 3812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:34:29.0312 3812 Gpc - ok 21:34:29.0406 3812 hamachi (d30b31375c40309425c21efe75db90bb) C:\WINDOWS\system32\DRIVERS\hamachi.sys 21:34:29.0437 3812 hamachi - ok 21:34:29.0515 3812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:34:29.0781 3812 HDAudBus - ok 21:34:29.0953 3812 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 21:34:30.0265 3812 helpsvc - ok 21:34:30.0328 3812 HidServ - ok 21:34:30.0390 3812 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:34:30.0703 3812 HidUsb - ok 21:34:30.0812 3812 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 21:34:31.0093 3812 hkmsvc - ok 21:34:31.0156 3812 hpn - ok 21:34:31.0250 3812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 21:34:31.0281 3812 HTTP - ok 21:34:31.0375 3812 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 21:34:31.0671 3812 HTTPFilter - ok 21:34:31.0718 3812 i2omgmt - ok 21:34:31.0750 3812 i2omp - ok 21:34:31.0812 3812 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:34:32.0109 3812 i8042prt - ok 21:34:32.0406 3812 ialm (6fcb904910da07c9dc2593d66438fa29) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 21:34:32.0578 3812 ialm - ok 21:34:32.0750 3812 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 21:34:32.0796 3812 IDriverT ( UnsignedFile.Multi.Generic ) - warning 21:34:32.0796 3812 IDriverT - detected UnsignedFile.Multi.Generic (1) 21:34:33.0109 3812 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:34:33.0187 3812 idsvc - ok 21:34:33.0375 3812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:34:33.0687 3812 Imapi - ok 21:34:33.0750 3812 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 21:34:34.0062 3812 ImapiService - ok 21:34:34.0125 3812 ini910u - ok 21:34:34.0390 3812 IntcAzAudAddService (cc8e47e97e4cb382c842a3066b1dfa7d) C:\WINDOWS\system32\drivers\RtkHDAud.sys 21:34:34.0718 3812 IntcAzAudAddService - ok 21:34:34.0843 3812 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 21:34:35.0125 3812 IntelIde - ok 21:34:35.0234 3812 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:34:35.0500 3812 intelppm - ok 21:34:35.0609 3812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 21:34:35.0937 3812 Ip6Fw - ok 21:34:36.0015 3812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:34:36.0296 3812 IpFilterDriver - ok 21:34:36.0359 3812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:34:36.0671 3812 IpInIp - ok 21:34:36.0718 3812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:34:37.0234 3812 IpNat - ok 21:34:37.0328 3812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:34:37.0625 3812 IPSec - ok 21:34:37.0703 3812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:34:37.0843 3812 IRENUM - ok 21:34:37.0921 3812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:34:38.0203 3812 isapnp - ok 21:34:38.0421 3812 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe 21:34:38.0453 3812 JavaQuickStarterService - ok 21:34:38.0578 3812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:34:38.0859 3812 Kbdclass - ok 21:34:38.0953 3812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 21:34:39.0250 3812 kmixer - ok 21:34:39.0375 3812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 21:34:39.0421 3812 KSecDD - ok 21:34:39.0515 3812 Ktp (fdee5b743205ac0d68ad68be2847893b) C:\WINDOWS\system32\DRIVERS\ETD.sys 21:34:39.0562 3812 Ktp - ok 21:34:39.0625 3812 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys 21:34:39.0671 3812 L1e - ok 21:34:39.0765 3812 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 21:34:39.0828 3812 LanmanServer - ok 21:34:39.0906 3812 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 21:34:39.0968 3812 lanmanworkstation - ok 21:34:40.0015 3812 lbrtfdc - ok 21:34:40.0078 3812 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 21:34:40.0390 3812 LmHosts - ok 21:34:40.0453 3812 ManyCam - ok 21:34:40.0500 3812 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 21:34:40.0796 3812 Messenger - ok 21:34:40.0921 3812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:34:41.0203 3812 mnmdd - ok 21:34:41.0281 3812 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 21:34:41.0578 3812 mnmsrvc - ok 21:34:41.0703 3812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 21:34:41.0984 3812 Modem - ok 21:34:42.0109 3812 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:34:42.0531 3812 Mouclass - ok 21:34:42.0656 3812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:34:42.0984 3812 mouhid - ok 21:34:43.0062 3812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 21:34:43.0343 3812 MountMgr - ok 21:34:43.0359 3812 mraid35x - ok 21:34:43.0468 3812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:34:43.0781 3812 MRxDAV - ok 21:34:43.0890 3812 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:34:43.0968 3812 MRxSmb - ok 21:34:44.0078 3812 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 21:34:44.0375 3812 MSDTC - ok 21:34:44.0531 3812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 21:34:44.0796 3812 Msfs - ok 21:34:44.0875 3812 MSIServer - ok 21:34:44.0953 3812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:34:45.0218 3812 MSKSSRV - ok 21:34:45.0343 3812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:34:45.0656 3812 MSPCLOCK - ok 21:34:45.0750 3812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 21:34:46.0031 3812 MSPQM - ok 21:34:46.0125 3812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:34:46.0406 3812 mssmbios - ok 21:34:46.0531 3812 mstbsvc (6a7d7b1c1e829c4332292d492d8140fd) C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe 21:34:46.0562 3812 mstbsvc - ok 21:34:46.0671 3812 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 21:34:46.0953 3812 MSTEE - ok 21:34:47.0046 3812 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 21:34:47.0093 3812 Mup - ok 21:34:47.0156 3812 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 21:34:47.0453 3812 NABTSFEC - ok 21:34:47.0578 3812 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 21:34:47.0906 3812 napagent - ok 21:34:48.0046 3812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 21:34:48.0375 3812 NDIS - ok 21:34:48.0500 3812 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 21:34:48.0828 3812 NdisIP - ok 21:34:48.0968 3812 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:34:49.0015 3812 NdisTapi - ok 21:34:49.0078 3812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:34:49.0609 3812 Ndisuio - ok 21:34:49.0843 3812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:34:50.0265 3812 NdisWan - ok 21:34:50.0390 3812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 21:34:50.0421 3812 NDProxy - ok 21:34:50.0500 3812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:34:50.0781 3812 NetBIOS - ok 21:34:50.0937 3812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:34:51.0218 3812 NetBT - ok 21:34:51.0390 3812 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 21:34:51.0750 3812 NetDDE - ok 21:34:51.0828 3812 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 21:34:52.0156 3812 NetDDEdsdm - ok 21:34:52.0281 3812 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:34:52.0578 3812 Netlogon - ok 21:34:52.0687 3812 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 21:34:53.0000 3812 Netman - ok 21:34:53.0203 3812 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 21:34:53.0234 3812 NetTcpPortSharing - ok 21:34:53.0359 3812 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 21:34:53.0421 3812 Nla - ok 21:34:53.0515 3812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 21:34:53.0984 3812 Npfs - ok 21:34:54.0078 3812 npggsvc - ok 21:34:54.0171 3812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 21:34:54.0531 3812 Ntfs - ok 21:34:54.0671 3812 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:34:54.0953 3812 NtLmSsp - ok 21:34:55.0062 3812 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 21:34:55.0359 3812 NtmsSvc - ok 21:34:55.0468 3812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:34:55.0781 3812 Null - ok 21:34:55.0890 3812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:34:56.0187 3812 NwlnkFlt - ok 21:34:56.0328 3812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:34:56.0640 3812 NwlnkFwd - ok 21:34:56.0734 3812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 21:34:57.0000 3812 Parport - ok 21:34:57.0109 3812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 21:34:57.0406 3812 PartMgr - ok 21:34:57.0515 3812 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 21:34:57.0796 3812 ParVdm - ok 21:34:57.0859 3812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 21:34:58.0140 3812 PCI - ok 21:34:58.0171 3812 PCIDump - ok 21:34:58.0250 3812 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys 21:34:58.0515 3812 PCIIde - ok 21:34:58.0593 3812 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 21:34:59.0046 3812 Pcmcia - ok 21:34:59.0140 3812 PDCOMP - ok 21:34:59.0171 3812 PDFRAME - ok 21:34:59.0187 3812 PDRELI - ok 21:34:59.0218 3812 PDRFRAME - ok 21:34:59.0234 3812 perc2 - ok 21:34:59.0250 3812 perc2hib - ok 21:34:59.0343 3812 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 21:34:59.0421 3812 PlugPlay - ok 21:34:59.0531 3812 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:34:59.0781 3812 PolicyAgent - ok 21:34:59.0906 3812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:35:00.0187 3812 PptpMiniport - ok 21:35:00.0218 3812 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:35:00.0500 3812 ProtectedStorage - ok 21:35:00.0562 3812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 21:35:00.0843 3812 PSched - ok 21:35:00.0921 3812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:35:01.0203 3812 Ptilink - ok 21:35:01.0296 3812 ql1080 - ok 21:35:01.0328 3812 Ql10wnt - ok 21:35:01.0343 3812 ql12160 - ok 21:35:01.0375 3812 ql1240 - ok 21:35:01.0406 3812 ql1280 - ok 21:35:01.0453 3812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:35:01.0750 3812 RasAcd - ok 21:35:01.0843 3812 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 21:35:02.0140 3812 RasAuto - ok 21:35:02.0281 3812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:35:02.0578 3812 Rasl2tp - ok 21:35:02.0687 3812 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 21:35:03.0187 3812 RasMan - ok 21:35:03.0296 3812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:35:03.0593 3812 RasPppoe - ok 21:35:03.0671 3812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:35:03.0937 3812 Raspti - ok 21:35:04.0078 3812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:35:04.0359 3812 Rdbss - ok 21:35:04.0468 3812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:35:04.0796 3812 RDPCDD - ok 21:35:04.0921 3812 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 21:35:04.0968 3812 RDPWD - ok 21:35:05.0046 3812 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 21:35:05.0343 3812 RDSessMgr - ok 21:35:05.0500 3812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:35:05.0765 3812 redbook - ok 21:35:05.0906 3812 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 21:35:06.0203 3812 RemoteAccess - ok 21:35:06.0296 3812 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 21:35:06.0640 3812 RpcLocator - ok 21:35:06.0703 3812 RPCQT - ok 21:35:06.0765 3812 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 21:35:06.0875 3812 RpcSs - ok 21:35:06.0984 3812 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 21:35:07.0281 3812 RSVP - ok 21:35:07.0453 3812 rtl8187Se (0df1d68f289e07efd054b498d8efbbfd) C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys 21:35:07.0500 3812 rtl8187Se - ok 21:35:07.0593 3812 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 21:35:07.0890 3812 SamSs - ok 21:35:07.0968 3812 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 21:35:08.0406 3812 SCardSvr - ok 21:35:08.0546 3812 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 21:35:08.0828 3812 Schedule - ok 21:35:08.0921 3812 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:35:08.0953 3812 Secdrv ( UnsignedFile.Multi.Generic ) - warning 21:35:08.0953 3812 Secdrv - detected UnsignedFile.Multi.Generic (1) 21:35:09.0015 3812 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 21:35:09.0296 3812 seclogon - ok 21:35:09.0390 3812 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 21:35:09.0703 3812 SENS - ok 21:35:09.0812 3812 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 21:35:10.0093 3812 Serial - ok 21:35:10.0234 3812 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys 21:35:10.0265 3812 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning 21:35:10.0265 3812 sfdrv01 - detected UnsignedFile.Multi.Generic (1) 21:35:10.0328 3812 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys 21:35:10.0343 3812 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning 21:35:10.0343 3812 sfhlp02 - detected UnsignedFile.Multi.Generic (1) 21:35:10.0421 3812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 21:35:10.0687 3812 Sfloppy - ok 21:35:10.0812 3812 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys 21:35:10.0828 3812 sfsync02 ( UnsignedFile.Multi.Generic ) - warning 21:35:10.0828 3812 sfsync02 - detected UnsignedFile.Multi.Generic (1) 21:35:10.0906 3812 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 21:35:11.0218 3812 SharedAccess - ok 21:35:11.0359 3812 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:35:11.0437 3812 ShellHWDetection - ok 21:35:11.0484 3812 Simbad - ok 21:35:11.0593 3812 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 21:35:11.0609 3812 SkypeUpdate - ok 21:35:11.0750 3812 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 21:35:12.0031 3812 SLIP - ok 21:35:12.0078 3812 Sparrow - ok 21:35:12.0171 3812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 21:35:12.0484 3812 splitter - ok 21:35:12.0593 3812 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 21:35:12.0656 3812 Spooler - ok 21:35:12.0765 3812 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 21:35:12.0812 3812 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 21:35:12.0812 3812 sptd ( LockedFile.Multi.Generic ) - warning 21:35:12.0812 3812 sptd - detected LockedFile.Multi.Generic (1) 21:35:12.0890 3812 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 21:35:13.0015 3812 sr - ok 21:35:13.0078 3812 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 21:35:13.0218 3812 srservice - ok 21:35:13.0328 3812 SRS_PremiumSound_Service (3a424746e0278f4d77e084a3b1bca97b) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386.sys 21:35:13.0375 3812 SRS_PremiumSound_Service - ok 21:35:13.0406 3812 SRTSP - ok 21:35:13.0421 3812 SRTSPX - ok 21:35:13.0515 3812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 21:35:13.0578 3812 Srv - ok 21:35:13.0687 3812 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 21:35:13.0828 3812 SSDPSRV - ok 21:35:13.0984 3812 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 21:35:14.0296 3812 stisvc - ok 21:35:14.0437 3812 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 21:35:14.0734 3812 streamip - ok 21:35:14.0781 3812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:35:15.0062 3812 swenum - ok 21:35:15.0125 3812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 21:35:15.0390 3812 swmidi - ok 21:35:15.0468 3812 SwPrv - ok 21:35:15.0500 3812 symc810 - ok 21:35:15.0515 3812 symc8xx - ok 21:35:15.0562 3812 sym_hi - ok 21:35:15.0578 3812 sym_u3 - ok 21:35:15.0656 3812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 21:35:15.0984 3812 sysaudio - ok 21:35:16.0125 3812 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 21:35:16.0437 3812 SysmonLog - ok 21:35:16.0593 3812 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 21:35:16.0890 3812 TapiSrv - ok 21:35:17.0015 3812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:35:17.0078 3812 Tcpip - ok 21:35:17.0140 3812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:35:17.0421 3812 TDPIPE - ok 21:35:17.0515 3812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 21:35:17.0796 3812 TDTCP - ok 21:35:17.0937 3812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:35:18.0218 3812 TermDD - ok 21:35:18.0281 3812 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 21:35:18.0640 3812 TermService - ok 21:35:18.0750 3812 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 21:35:18.0796 3812 Themes - ok 21:35:18.0843 3812 TosIde - ok 21:35:18.0906 3812 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 21:35:19.0218 3812 TrkWks - ok 21:35:19.0375 3812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 21:35:19.0687 3812 Udfs - ok 21:35:19.0703 3812 ultra - ok 21:35:19.0781 3812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 21:35:20.0078 3812 Update - ok 21:35:20.0187 3812 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 21:35:20.0343 3812 upnphost - ok 21:35:20.0437 3812 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 21:35:20.0765 3812 UPS - ok 21:35:20.0890 3812 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 21:35:21.0156 3812 usbaudio - ok 21:35:21.0234 3812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:35:21.0531 3812 usbccgp - ok 21:35:21.0593 3812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:35:21.0875 3812 usbehci - ok 21:35:21.0937 3812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:35:22.0218 3812 usbhub - ok 21:35:22.0281 3812 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:35:22.0593 3812 usbstor - ok 21:35:22.0656 3812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:35:22.0921 3812 usbuhci - ok 21:35:23.0046 3812 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 21:35:23.0312 3812 usbvideo - ok 21:35:23.0453 3812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 21:35:23.0718 3812 VgaSave - ok 21:35:23.0750 3812 ViaIde - ok 21:35:23.0843 3812 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 21:35:24.0125 3812 VolSnap - ok 21:35:24.0203 3812 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 21:35:24.0375 3812 VSS - ok 21:35:24.0531 3812 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 21:35:24.0843 3812 W32Time - ok 21:35:24.0968 3812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:35:25.0250 3812 Wanarp - ok 21:35:25.0375 3812 WDICA - ok 21:35:25.0453 3812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 21:35:25.0750 3812 wdmaud - ok 21:35:25.0859 3812 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 21:35:26.0171 3812 WebClient - ok 21:35:26.0296 3812 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 21:35:26.0640 3812 winmgmt - ok 21:35:26.0843 3812 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe 21:35:26.0875 3812 WLSetupSvc ( UnsignedFile.Multi.Generic ) - warning 21:35:26.0875 3812 WLSetupSvc - detected UnsignedFile.Multi.Generic (1) 21:35:26.0968 3812 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 21:35:27.0015 3812 WmdmPmSN - ok 21:35:27.0109 3812 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 21:35:27.0421 3812 WmiApSrv - ok 21:35:27.0609 3812 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 21:35:27.0703 3812 WMPNetworkSvc - ok 21:35:28.0078 3812 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 21:35:28.0140 3812 WPFFontCache_v0400 - ok 21:35:28.0265 3812 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 21:35:28.0562 3812 WS2IFSL - ok 21:35:28.0625 3812 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 21:35:28.0953 3812 wscsvc - ok 21:35:29.0062 3812 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 21:35:29.0328 3812 WSTCODEC - ok 21:35:29.0484 3812 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 21:35:29.0796 3812 wuauserv - ok 21:35:29.0953 3812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:35:30.0000 3812 WudfPf - ok 21:35:30.0078 3812 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 21:35:30.0109 3812 WudfRd - ok 21:35:30.0218 3812 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 21:35:30.0375 3812 WudfSvc - ok 21:35:30.0546 3812 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 21:35:30.0921 3812 WZCSVC - ok 21:35:31.0015 3812 XDva356 - ok 21:35:31.0062 3812 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 21:35:31.0406 3812 xmlprov - ok 21:35:31.0578 3812 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 21:35:31.0640 3812 YahooAUService - ok 21:35:31.0734 3812 MBR (0x1B8) (6d589cfce97527ce5d3b291f4d2d54cb) \Device\Harddisk0\DR0 21:35:32.0062 3812 \Device\Harddisk0\DR0 - ok 21:35:32.0093 3812 Boot (0x1200) (34eb64d9847c30a12d52029b15cc9000) \Device\Harddisk0\DR0\Partition0 21:35:32.0093 3812 \Device\Harddisk0\DR0\Partition0 - ok 21:35:32.0109 3812 ============================================================ 21:35:32.0109 3812 Scan finished 21:35:32.0109 3812 ============================================================ 21:35:32.0125 4724 Detected object count: 7 21:35:32.0125 4724 Actual detected object count: 7 21:35:58.0125 4724 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 21:35:58.0125 4724 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:35:58.0125 4724 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user 21:35:58.0125 4724 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:35:58.0125 4724 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user 21:35:58.0125 4724 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:35:58.0125 4724 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user 21:35:58.0125 4724 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:35:58.0125 4724 sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user 21:35:58.0140 4724 sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:35:58.0140 4724 sptd ( LockedFile.Multi.Generic ) - skipped by user 21:35:58.0140 4724 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 21:35:58.0140 4724 WLSetupSvc ( UnsignedFile.Multi.Generic ) - skipped by user 21:35:58.0140 4724 WLSetupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:36:01.0734 1404 Deinitialize success

#14 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 10 April 2012 - 10:29 PM

No problem there.

Let's try one more scan:

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#15 Lp57

Authentic Member

Authentic Member
105 posts

Posted 11 April 2012 - 01:40 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-11 02:51:56 ----------------------------- 02:51:56.109 OS Version: Windows 5.1.2600 Service Pack 3 02:51:56.109 Number of processors: 1 586 0xD08 02:51:56.109 ComputerName: EEEPC UserName: 02:52:00.437 Initialize success 02:52:08.031 AVAST engine defs: 12041002 02:52:18.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 02:52:18.796 Disk 0 Vendor: ST9120817AS 3.AAA Size: 114473MB BusType: 3 02:52:18.812 Disk 0 MBR read successfully 02:52:18.812 Disk 0 MBR scan 02:52:18.890 Disk 0 Windows XP default MBR code 02:52:18.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114439 MB offset 63 02:52:18.921 Disk 0 Partition 2 00 EF EFI FAT A1055 31 MB offset 234372285 02:52:18.968 Disk 0 scanning sectors +234436545 02:52:19.062 Disk 0 scanning C:\WINDOWS\system32\drivers 02:52:47.250 Service scanning 02:53:06.109 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 02:53:10.718 Modules scanning 02:53:24.671 Disk 0 trace - called modules: 02:53:24.687 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spgg.sys >>UNKNOWN [0x86d8d938]<< 02:53:24.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d3eab8] 02:53:24.687 3 CLASSPNP.SYS[f75c8fd7] -> nt!IofCallDriver -> \Device\00000075[0x86d533b8] 02:53:24.687 5 ACPI.sys[f7354620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d52940] 02:53:24.687 \Driver\atapi[0x86d4f560] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf7818d60] 02:53:25.687 AVAST engine scan C:\WINDOWS 02:53:39.000 AVAST engine scan C:\WINDOWS\system32 02:58:26.968 AVAST engine scan C:\WINDOWS\system32\drivers 02:58:56.812 AVAST engine scan C:\Documents and Settings\Dolores Clark 03:33:47.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dolores Clark\Desktop\MBR.dat" 03:33:47.453 The log file has been saved successfully to "C:\Documents and Settings\Dolores Clark\Desktop\aswMBR.txt" Can't seem to attach mbr. I tried to rar and zip it. keep getting told "Error Upload failed. You are not permitted to upload this type of file".

Body Background

skin color theme