Pc incredibly Slow, anti virus reports no problem??

Hi my pc is real slow and my antivirus says theres no issues.. has it slipped under the radar? I would really appreciate some help please

thank you

OTL logfile created on: 19/12/2012 15:08:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Veron\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.24 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 75.08% Memory free
4.09 Gb Paging File | 3.58 Gb Available in Paging File | 87.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 111.74 Gb Free Space | 75.01% Space Free | Partition Type: NTFS
Drive F: | 465.70 Gb Total Space | 444.68 Gb Free Space | 95.49% Space Free | Partition Type: FAT32

Computer Name: HOME-CA08B8A03F | User Name: Veron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/19 15:06:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Veron\Desktop\OTL.com
PRC - [2012/12/19 11:13:07 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/08 00:01:00 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/14 22:04:15 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2012/11/14 22:04:15 | 000,032,032 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2012/11/12 14:45:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012/11/01 19:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/15 12:52:20 | 000,221,832 | ---- | M] (Panda Security) -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2010/07/26 13:17:06 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
PRC - [2010/07/26 13:15:26 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/04 15:24:15 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\Veron\Desktop\SASCORE.EXE -- (!SASCORE)
SRV - [2012/12/08 00:01:00 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/14 22:04:15 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2012/11/12 14:45:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2012/07/10 03:15:56 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/07/26 13:17:06 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
SRV - [2010/07/26 13:15:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RkPavproc1.sys -- (RkPavproc1)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/11/09 19:01:47 | 000,178,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2012/11/09 19:01:47 | 000,123,560 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2012/11/09 19:01:47 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2012/11/09 19:01:46 | 000,149,288 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2012/11/09 19:01:46 | 000,102,184 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2012/11/09 11:23:58 | 000,276,520 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2012/11/09 11:23:58 | 000,133,928 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2012/11/09 11:23:57 | 000,370,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2012/11/09 11:23:57 | 000,191,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2012/11/09 11:23:57 | 000,128,040 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2012/11/09 11:23:56 | 000,125,480 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2012/11/09 11:23:56 | 000,063,400 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\NNSpihs.sys -- (NNSPIHS)
DRV - [2012/11/09 11:23:55 | 000,163,112 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2012/11/09 11:23:55 | 000,139,176 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2012/11/09 11:23:55 | 000,133,544 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2012/11/09 11:23:54 | 000,119,208 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2012/11/07 09:00:12 | 000,046,672 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2012/10/22 12:08:35 | 000,038,824 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NNSNAHS.sys -- (NNSNAHS)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/26 13:17:06 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/07/26 13:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/06/21 03:26:36 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/06/21 03:26:36 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2010/06/21 03:26:36 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/06/21 03:26:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/05/12 10:14:58 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2010/04/27 02:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010/04/27 02:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus)
DRV - [2010/04/27 02:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2010/04/27 02:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/27 02:25:16 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2010/04/27 02:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010/04/27 02:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2009/06/23 08:37:10 | 003,486,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2005/08/17 13:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 BA 00 61 C1 53 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.2.2.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.1.1.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/19 11:15:09 | 000,000,000 | ---D | M]

[2009/07/18 20:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Extensions
[2012/12/07 21:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions
[2010/07/09 13:01:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/05 17:27:32 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011/06/06 08:33:30 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/12/07 21:15:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2009/11/05 17:30:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: RealDownloader = C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\

O1 HOSTS File: ([2012/12/07 19:51:26 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Veron\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354937089281 (MUWebControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86BFBBDD-D2D3-4D79-A360-31CC24750164}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Veron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/18 19:20:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/19 15:06:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Veron\Desktop\OTL.com
[2012/12/19 14:06:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Veron\Recent
[2012/12/19 13:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/12/19 13:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/19 13:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veron\My Documents\Downloads
[2012/12/19 11:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veron\Application Data\RealNetworks
[2012/12/19 11:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2012/12/19 11:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2012/12/19 11:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/12/19 11:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks
[2012/12/19 11:13:23 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/12/17 20:16:18 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSKMAD.sys
[2012/12/08 03:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/12/08 03:10:42 | 022,494,424 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Veron\Desktop\SUPERAntiSpyware.exe
[2012/12/08 00:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veron\Local Settings\Application Data\Sun
[2012/12/08 00:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veron\Local Settings\Application Data\panda4_0dn
[2012/12/08 00:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/08 00:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/12/07 23:01:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veron\Desktop\trash
[2012/12/07 21:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/12/07 21:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities
[2012/12/07 21:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/12/07 21:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
[2012/12/07 21:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/12/07 21:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veron\Application Data\pandasecuritytb
[2012/12/07 21:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\pandasecuritytb
[2012/12/07 21:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus

========== Files - Modified Within 30 Days ==========

[2012/12/19 15:06:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Veron\Desktop\OTL.com
[2012/12/19 15:06:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-73586283-725345543-1004UA.job
[2012/12/19 14:53:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/19 13:45:24 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/12/19 11:17:48 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1409082233-73586283-725345543-1004.job
[2012/12/19 11:17:48 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1409082233-73586283-725345543-1004.job
[2012/12/19 11:15:40 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/12/19 11:13:23 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/12/19 11:05:25 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-73586283-725345543-1004.job
[2012/12/19 10:56:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/18 18:06:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-73586283-725345543-1004Core.job
[2012/12/17 00:36:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-73586283-725345543-1004.job
[2012/12/15 06:14:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/13 23:07:13 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Veron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/13 16:46:20 | 003,426,432 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/11 16:50:27 | 000,070,174 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\SNA0515B--620-_1632356a.jpg
[2012/12/11 16:50:07 | 000,016,345 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\dtyt_1634314a.jpg
[2012/12/08 03:11:15 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/12/08 03:10:50 | 022,494,424 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Veron\Desktop\SUPERAntiSpyware.exe
[2012/12/07 22:20:37 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012/12/07 21:12:29 | 000,808,232 | ---- | M] () -- C:\Documents and Settings\Veron\Desktop\PandaCloudAntivirus.exe
[2012/12/07 19:51:26 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/12/04 15:02:01 | 000,028,952 | ---- | M] () -- C:\Documents

========== Files Created - No Company Name ==========

[2012/12/19 13:45:20 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/12/19 11:16:25 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1409082233-73586283-725345543-1004.job
[2012/12/19 11:16:24 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1409082233-73586283-725345543-1004.job
[2012/12/19 11:15:40 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/12/16 20:54:50 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2012/12/11 16:50:27 | 000,070,174 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\SNA0515B--620-_1632356a.jpg
[2012/12/11 16:50:07 | 000,016,345 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\dtyt_1634314a.jpg
[2012/12/08 03:11:15 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/12/07 22:20:34 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012/12/07 21:12:29 | 000,808,232 | ---- | C] () -- C:\Documents and Settings\Veron\Desktop\PandaCloudAntivirus.exe
[2012/12/04 14:58:57 | 000,028,952 | ---- | C] () -- C:\Documents
[2012/12/02 18:01:50 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-73586283-725345543-1004UA.job
[2012/12/02 18:01:49 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-73586283-725345543-1004Core.job
[2012/05/10 13:18:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/05 10:12:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\PSINAflt(2).sys
[2011/06/27 17:35:13 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SharedProperties.xml
[2011/02/03 03:20:55 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Veron\Local Settings\Application Data\FASTWiz.html
[2010/08/29 12:16:14 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Veron\Application Data\$_hpcst$.hpc
[2010/08/03 15:11:22 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Veron\Application Data\Adobe GIF Format CS5 Prefs

========== ZeroAccess Check ==========

[2009/07/18 19:42:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/29 04:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/06/27 16:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/12/07 21:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2011/03/14 18:36:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/03 04:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2012/06/21 00:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/12/07 20:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011/06/27 16:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/27 16:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/12/18 18:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
[2011/05/18 20:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/08/08 13:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/08/29 12:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/07/22 16:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/07/29 18:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2012/11/28 20:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/10/29 00:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/08/21 14:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/08/08 16:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/06/27 17:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Media
[2012/03/04 21:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/26 04:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/18 17:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/10/29 00:32:59 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/12/19 14:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Azureus
[2012/12/04 14:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\DVDVideoSoft
[2012/10/29 00:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\DVDVideoSoftIEHelpers
[2012/05/17 02:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\ElevatedDiagnostics
[2012/06/21 22:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Epson
[2010/12/03 14:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\FoxyTunes
[2011/05/18 23:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\FrostWire
[2009/08/05 16:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Leadertech
[2011/09/02 00:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\MSNInstaller
[2010/08/25 03:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\OpenOffice.org
[2011/04/17 12:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Opera
[2011/06/27 16:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Panda Security
[2012/12/07 23:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\pandasecuritytb
[2011/05/18 20:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Radialpoint
[2010/08/29 12:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Samsung
[2012/10/29 00:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\TuneUp Software
[2010/08/08 16:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Ulead Systems
[2006/04/04 23:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veron\Application Data\Virgin Media

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 19/12/2012 15:08:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Veron\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.24 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 75.08% Memory free
4.09 Gb Paging File | 3.58 Gb Available in Paging File | 87.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 111.74 Gb Free Space | 75.01% Space Free | Partition Type: NTFS
Drive F: | 465.70 Gb Total Space | 444.68 Gb Free Space | 95.49% Space Free | Partition Type: FAT32

Computer Name: HOME-CA08B8A03F | User Name: Veron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\pandasecuritytb\dtUser.exe" = C:\Program Files\pandasecuritytb\dtUser.exe:*:Enabled:Panda Security Toolbar DTX Broker -- (Visicom Media Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{223A0FFB-5BAE-4541-B4AA-5688384FA77E}" = USB2.0 UVC Camera
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C99CEE0-3B88-40C0-A2FB-6F8F923EEBA9}" = Panda Cloud Antivirus
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 TBYB
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C5E3CB9A-0834-44C0-86F0-11E9BC95A26D}" = Default
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AMCap" = AMCap
"CCleaner" = CCleaner
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2009-2010)
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Opera 11.60.1185" = Opera 11.60
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"pandasecuritytb" = Panda Security Toolbar
"Privoxy" = Privoxy (remove only)
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/12/2012 08:05:13 | Computer Name = HOME-CA08B8A03F | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader X (10.1.4) - Update 'Adobe Reader X (10.1.4)'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 04/12/2012 11:00:00 | Computer Name = HOME-CA08B8A03F | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description =

Error - 04/12/2012 11:00:55 | Computer Name = HOME-CA08B8A03F | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description =

Error - 04/12/2012 11:01:22 | Computer Name = HOME-CA08B8A03F | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description =

Error - 04/12/2012 11:01:49 | Computer Name = HOME-CA08B8A03F | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description =

Error - 04/12/2012 11:05:06 | Computer Name = HOME-CA08B8A03F | Source = Application Hang | ID = 1002
Description = Hanging application _iu14D2O.tmp, version 51.1052.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 07/12/2012 14:40:49 | Computer Name = HOME-CA08B8A03F | Source = MsiInstaller | ID = 11500
Description = Product: COMODO Internet Security Premium -- Error 1500. Another installation
is in progress. You must complete that installation before continuing this one.

Error - 07/12/2012 14:41:08 | Computer Name = HOME-CA08B8A03F | Source = MsiInstaller | ID = 11722
Description = Product: COMODO Internet Security -- Error 1722. There is a problem
with this Windows Installer package. A program run as part of the setup did not
finish as expected. Contact your support personnel or package vendor. Action RegisterCavshell,
location: regsvr32.exe, command: /s "C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll"


Error - 07/12/2012 18:47:31 | Computer Name = HOME-CA08B8A03F | Source = MsiInstaller | ID = 11328
Description = Product: Adobe Reader X (10.1.4) -- Error 1328.Error applying patch
to file C:\Config.Msi\PT402A.tmp. It has probably been updated by other means,
and can no longer be modified by this patch. For more information contact your
patch vendor. System Error: -1072807676

Error - 07/12/2012 18:47:35 | Computer Name = HOME-CA08B8A03F | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader X (10.1.4) - Update 'Adobe Reader X (10.1.4)'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

[ System Events ]
Error - 18/12/2012 20:56:20 | Computer Name = HOME-CA08B8A03F | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 18/12/2012 20:56:20 | Computer Name = HOME-CA08B8A03F | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 18/12/2012 20:56:20 | Computer Name = HOME-CA08B8A03F | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 18/12/2012 20:56:20 | Computer Name = HOME-CA08B8A03F | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 18/12/2012 20:56:20 | Computer Name = HOME-CA08B8A03F | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 18/12/2012 20:56:20 | Computer Name = HOME-CA08B8A03F | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 18/12/2012 20:56:22 | Computer Name = HOME-CA08B8A03F | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%2

Error - 18/12/2012 20:57:26 | Computer Name = HOME-CA08B8A03F | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 18/12/2012 20:58:47 | Computer Name = HOME-CA08B8A03F | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 19/12/2012 06:56:42 | Computer Name = HOME-CA08B8A03F | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%2


< End of report >

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  

*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

# AdwCleaner v2.101 - Logfile created 12/19/2012 at 20:10:01
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Veron - HOME-CA08B8A03F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Veron\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.60.1185.0

File : C:\Documents and Settings\Veron\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1258 octets] - [19/12/2012 20:10:01]
AdwCleaner[S1].txt - [3740 octets] - [07/12/2012 20:11:06]

########## EOF - C:\AdwCleaner[R1].txt - [1378 octets] ##########

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.19.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Veron :: HOME-CA08B8A03F [administrator]

19/12/2012 20:11:04
mbam-log-2012-12-19 (20-11-04).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273905
Time elapsed: 48 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Panda Cloud Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
SUPERAntiSpyware
Windows Defender
Malwarebytes Anti-Malware version 1.65.1.1000
HijackThis 2.0.2
CCleaner
Java 7 Update 9
Adobe Flash Player 11.1.102.55
Adobe Reader 10.1.3 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUAService.exe
Panda Security Panda Cloud Antivirus PSUAMain.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````

Remove the Adware:

• Please close all open programs and internet browsers.
  
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

*****************************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Here is the the Adware log below i followed your advice. I updated Adobe. I opened task manager but i was not allowed to disable the anti virus so i ran revo uninstaller clicked on auto run and un checked panda cloud from starting i then re started my pc then i ran combo fix but it picked up in the scanner my antivirus i tried again to disable it via task manager to no success. so i ran combofix it went through the scanning stages nut it did not reboot then i was left with BSOD before the scan was complete


# AdwCleaner v2.101 - Logfile created 12/20/2012 at 10:27:17
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Veron - HOME-CA08B8A03F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Veron\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Documents and Settings\Veron\Application Data\Mozilla\Firefox\Profiles\1g0immaq.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Veron\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.60.1185.0

File : C:\Documents and Settings\Veron\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1447 octets] - [19/12/2012 20:10:01]
AdwCleaner[S1].txt - [3740 octets] - [07/12/2012 20:11:06]
AdwCleaner[S2].txt - [1380 octets] - [20/12/2012 10:27:17]

########## EOF - C:\AdwCleaner[S2].txt - [1440 octets] ##########

un checked panda cloud from starting i then re started my pc then i ran combo fix but it picked up in the scanner my antivirus i tried again to disable it via task manager to no success.

Panda started up again after the re-boot.

Disable Panda Anti-Virus

Though an icon for Panda Antivirus will always be present in your computer's system tray, you cannot disable Panda Antivirus
protection through this icon. Instead, you're going to have to load the Windows Task Manager and manually force Panda Antivirus to
close if you want to disable it at any time.
Right-click on the long, horizontal bar that holds your "Start" menu icon, i.e. taskbar.
Click "Start Task Manager."
Click the "Processes" tab.
Look under the "Description" column for the file that represents Panda Antivirus. Once located, click on it.
Click the "End Task" button. Click "End Task" again in the new window that appears. This will disable Panda Antivirus on your
computer, until you restart.

hi i cant force close panda or anything linked to it. it says in a warning box the operation could not be completed access denied!

i right clicked on task bar opened tasked manager under description colum looked for the name of my antivirus its called PSUMain.exe and i am not able to force close this or anything related to it i even uninstalled panda cloud and ran combo-fix it went to stage 50 it said something about a file infected it successfully restored the file it then crashed and then again BSOD i am currently thinking about installing windows security-essentials as i have no antivirus now



[/url]

Ok. Please try running Combofix in Safe Mode.

ComboFix 12-12-20.02 - Veron 20/12/2012 23:54:33.14.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2294.2010 [GMT 0:00]
Running from: c:\documents and settings\Veron\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
F:\install.exe
.
-- Previous Run --
.
Infected copy of c:\windows\system32\Version.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\version.dll
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-20 23:17 . 2012-11-08 10:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8BEF27A4-CCC8-4E65-A4A9-FA546769A2B8}\mpengine.dll
2012-12-20 23:16 . 2012-12-20 23:16 -------- d-----w- c:\windows\LastGood
2012-12-20 23:16 . 2012-12-20 23:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-12-19 13:45 . 2012-12-19 13:45 -------- d-----w- c:\program files\CCleaner
2012-12-19 11:16 . 2012-12-19 11:16 -------- d-----w- c:\documents and settings\Veron\Application Data\RealNetworks
2012-12-19 11:15 . 2012-12-19 11:15 -------- d-----w- c:\program files\RealNetworks
2012-12-19 11:15 . 2012-12-19 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\RealNetworks
2012-12-19 11:14 . 2012-12-19 11:14 -------- d-----w- c:\program files\Common Files\xing shared
2012-12-19 11:12 . 2012-12-19 11:12 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-19 11:12 . 2012-12-19 11:12 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-16 20:54 . 2011-06-21 11:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-12-08 00:08 . 2012-12-08 00:08 -------- d-----w- c:\documents and settings\Veron\Local Settings\Application Data\Sun
2012-12-08 00:03 . 2012-12-08 00:27 -------- d-----w- c:\documents and settings\Veron\Local Settings\Application Data\panda4_0dn
2012-12-08 00:01 . 2012-12-08 00:01 -------- d-----w- c:\program files\Common Files\Java
2012-12-08 00:01 . 2012-12-08 00:00 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-08 00:01 . 2012-12-08 00:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-08 00:00 . 2012-12-08 00:00 -------- d-----w- c:\program files\Java
2012-12-07 21:18 . 2012-12-07 21:18 -------- d-----w- c:\program files\ESET
2012-12-07 21:15 . 2012-12-20 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security URL Filtering
2012-12-07 21:15 . 2012-12-07 21:15 -------- d-----w- c:\program files\Toolbar Cleaner
2012-12-07 21:15 . 2012-12-20 22:00 -------- d-----w- c:\documents and settings\Veron\Application Data\pandasecuritytb
2012-12-04 20:04 . 2012-12-06 20:03 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1281AD34-953A-4682-8FB5-E237777F4E3A}\offreg.dll
2012-12-04 11:59 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{1281AD34-953A-4682-8FB5-E237777F4E3A}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-08 00:00 . 2012-05-10 17:44 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-08 00:00 . 2010-08-25 02:58 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-13 01:25 . 2009-07-18 20:40 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 18:00 . 2009-07-18 20:19 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-07 23:37 . 2011-10-24 00:40 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-06 00:41 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-02 18:04 . 2004-08-04 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 19:54 . 2009-08-01 20:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Panda Security URL Filtering"="c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-10-15 221832]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNjYyODIyNTYwLUJBKzEtS1YzKzYtRlA5Mis2LVRCOSsyLUZMKzktWE8zNisxLUY5TTEwQSsyLVhPOSsxLUY5TTIrMS1ERFQrMC1UVUcrMw&prod=55&ver=10.0.1388" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Veron\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 17:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2010-07-28 11:56 3365176 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [26/07/2010 13:17 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [29/08/2010 12:16 217088]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 20:31 38608]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [29/08/2010 12:17 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [26/07/2010 13:17 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [29/08/2010 12:16 36640]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [29/08/2010 12:17 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [29/08/2010 12:17 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [29/08/2010 12:17 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [29/08/2010 12:17 100224]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [29/08/2010 12:17 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [29/08/2010 12:17 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [29/08/2010 12:17 121576]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [29/08/2010 12:17 98152]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [29/08/2010 12:17 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [29/08/2010 12:17 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [29/08/2010 12:17 123648]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 03:15]
.
2012-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-73586283-725345543-1004Core.job
- c:\documents and settings\Veron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-06 01:57]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-73586283-725345543-1004UA.job
- c:\documents and settings\Veron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-06 01:57]
.
2012-12-20 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 17:25]
.
2012-12-20 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 17:25]
.
2012-12-20 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1409082233-73586283-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2012-12-20 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1409082233-73586283-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2012-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-73586283-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
2012-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-73586283-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 15:30]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file)
Toolbar-{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-21 00:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-73586283-725345543-1004\Software\º€ÿb ȉ©O Gjº€
_O ØNǏdƒÊO‘ ïyñ]I{ ȉ©O Gjº€
_O]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-12-21 00:07:34
ComboFix-quarantined-files.txt 2012-12-21 00:07
.
Pre-Run: 119,677,612,032 bytes free
Post-Run: 119,629,602,816 bytes free
.
- - End Of File - - 010BFF6BAE89967B07E1C2BC81D2008B

• Download RogueKiller on the desktop
  
• Close all the running programs
  
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
  
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • Hidden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
  

RogueKiller V8.4.0 [Dec 20 2012] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Veron [Admin rights]
Mode : Scan -- Date : 12/21/2012 20:57:43

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD160JJ/P +++++
--- User ---
[MBR] 2d4463ecdeac9f7f57dcd397662a69ac
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 152539 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Seagate Desktop USB Device +++++
--- User ---
[MBR] e7aa3236bbe6fb5a7a00a8c7cfbc6aae
[BSP] e3f918c55a8777328de74ac2548d8c16 : MyBios MBR Code!
Partition table:
0 - [XXXXXX] OS/2 (0x0a) [VISIBLE] Offset (sectors): 1919230059 | Size: 2092621 Mo
1 - [XXXXXX] UNKNOWN (0x65) [VISIBLE] Offset (sectors): 544829025 | Size: 266028 Mo
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 2885681152 | Size: 25 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12212012_02d2057.txt >>
RKreport[1]_S_12212012_02d2057.txt



SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: A96C0000
Module End: A96D8000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA5F8000
Module End: BA5FA000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\_____________________________________________________________________________________________________________________________________________________________hostiles.txt.36.zip.to
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\______________________________________________________________________________________________________________________________________________________________hostiles.txt.36.zip.t
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\_______________________________________________________________________________________________________________________________________________________________hostiles.txt.36.zip.
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\________________________________________________________________________________________________________________________________________________________________hostiles.txt.36.zip
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\_________________________________________________________________________________________________________________________________________________________________hostiles.txt.36.zi
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\__________________________________________________________________________________________________________________________________________________________________hostiles.txt.36.z
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________hostiles.txt.36.
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\____________________________________________________________________________________________________________________________________________________________________hostiles.txt.36
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\_____________________________________________________________________________________________________________________________________________________________________hostiles.txt.3
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\______________________________________________________________________________________________________________________________________________________________________hostiles.txt.
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\_______________________________________________________________________________________________________________________________________________________________________hostiles.txt
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\________________________________________________________________________________________________________________________________________________________________________hostiles.tx
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\_________________________________________________________________________________________________________________________________________________________________________hostiles.t
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\__________________________________________________________________________________________________________________________________________________________________________hostiles.
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________hostiles
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\____________________________________________________________________________________________________________________________________________________________________________hostile
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\_____________________________________________________________________________________________________________________________________________________________________________hostil
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\______________________________________________________________________________________________________________________________________________________________________________hosti
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\_______________________________________________________________________________________________________________________________________________________________________________host
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\________________________________________________________________________________________________________________________________________________________________________________hos
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\_________________________________________________________________________________________________________________________________________________________________________________ho
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\__________________________________________________________________________________________________________________________________________________________________________________h
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Documents and Settings\Veron\Application Data\FrostWire\azureus\torrents\___________________________________________________________________________________________________________________________________________________________________________________
Status: Hidden

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-22 10:34:34
-----------------------------
10:34:34.421 OS Version: Windows 5.1.2600 Service Pack 3
10:34:34.421 Number of processors: 1 586 0x409
10:34:34.421 ComputerName: HOME-CA08B8A03F UserName: Veron
10:34:35.015 Initialize success
10:35:01.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:35:01.890 Disk 0 Vendor: SAMSUNG_HD160JJ/P ZM100-34 Size: 152587MB BusType: 3
10:35:01.906 Disk 0 MBR read successfully
10:35:01.906 Disk 0 MBR scan
10:35:01.906 Disk 0 Windows XP default MBR code
10:35:01.921 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
10:35:01.921 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152539 MB offset 80325
10:35:01.921 Disk 0 scanning sectors +312480315
10:35:01.968 Disk 0 scanning C:\WINDOWS\system32\drivers
10:35:12.437 Service scanning
10:35:16.984 Service MpKsla0611f80 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A993B714-B60E-4611-9D0E-E7FBA92DF4F4}\MpKsla0611f80.sys **LOCKED** 32
10:35:22.531 Modules scanning
10:35:26.656 Disk 0 trace - called modules:
10:35:26.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:35:27.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac41ab8]
10:35:27.187 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ac43b00]
10:35:27.187 Scan finished successfully
10:36:27.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Veron\Desktop\MBR.dat"
10:36:27.437 The log file has been saved successfully to "C:\Documents and Settings\Veron\Desktop\aswMBR.txt"

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

10:46:44.0421 1740 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:46:44.0656 1740 ============================================================
10:46:44.0656 1740 Current date / time: 2012/12/23 10:46:44.0656
10:46:44.0656 1740 SystemInfo:
10:46:44.0656 1740
10:46:44.0656 1740 OS Version: 5.1.2600 ServicePack: 3.0
10:46:44.0656 1740 Product type: Workstation
10:46:44.0656 1740 ComputerName: HOME-CA08B8A03F
10:46:44.0656 1740 UserName: Veron
10:46:44.0656 1740 Windows directory: C:\WINDOWS
10:46:44.0656 1740 System windows directory: C:\WINDOWS
10:46:44.0656 1740 Processor architecture: Intel x86
10:46:44.0656 1740 Number of processors: 1
10:46:44.0656 1740 Page size: 0x1000
10:46:44.0656 1740 Boot type: Normal boot
10:46:44.0656 1740 ============================================================
10:46:46.0828 1740 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:46:46.0828 1740 Drive \Device\Harddisk1\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:46:46.0828 1740 ============================================================
10:46:46.0828 1740 \Device\Harddisk0\DR0:
10:46:46.0828 1740 MBR partitions:
10:46:46.0828 1740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x129ED876
10:46:46.0828 1740 \Device\Harddisk1\DR3:
10:46:46.0843 1740 MBR partitions:
10:46:46.0843 1740 ============================================================
10:46:46.0875 1740 C: <-> \Device\Harddisk0\DR0\Partition1
10:46:46.0875 1740 ============================================================
10:46:46.0875 1740 Initialize success
10:46:46.0875 1740 ============================================================
10:47:03.0234 0496 ============================================================
10:47:03.0234 0496 Scan started
10:47:03.0234 0496 Mode: Manual;
10:47:03.0234 0496 ============================================================
10:47:03.0390 0496 ================ Scan system memory ========================
10:47:03.0390 0496 System memory - ok
10:47:03.0406 0496 ================ Scan services =============================
10:47:03.0468 0496 Abiosdsk - ok
10:47:03.0468 0496 abp480n5 - ok
10:47:03.0531 0496 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:47:03.0531 0496 ACPI - ok
10:47:03.0562 0496 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:47:03.0562 0496 ACPIEC - ok
10:47:03.0640 0496 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:47:03.0828 0496 AdobeFlashPlayerUpdateSvc - ok
10:47:03.0828 0496 adpu160m - ok
10:47:03.0875 0496 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:47:03.0875 0496 aec - ok
10:47:03.0921 0496 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:47:03.0937 0496 AFD - ok
10:47:03.0937 0496 Aha154x - ok
10:47:03.0953 0496 aic78u2 - ok
10:47:03.0953 0496 aic78xx - ok
10:47:04.0015 0496 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:47:04.0015 0496 Alerter - ok
10:47:04.0031 0496 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:47:04.0046 0496 ALG - ok
10:47:04.0046 0496 AliIde - ok
10:47:04.0062 0496 amsint - ok
10:47:04.0093 0496 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\WINDOWS\system32\Drivers\ssadadb.sys
10:47:04.0109 0496 androidusb - ok
10:47:04.0187 0496 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:47:04.0187 0496 Apple Mobile Device - ok
10:47:04.0203 0496 AppMgmt - ok
10:47:04.0203 0496 asc - ok
10:47:04.0218 0496 asc3350p - ok
10:47:04.0218 0496 asc3550 - ok
10:47:04.0328 0496 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:47:04.0421 0496 aspnet_state - ok
10:47:04.0453 0496 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:47:04.0453 0496 AsyncMac - ok
10:47:04.0484 0496 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:47:04.0484 0496 atapi - ok
10:47:04.0500 0496 Atdisk - ok
10:47:04.0515 0496 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:47:04.0531 0496 Atmarpc - ok
10:47:04.0562 0496 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:47:04.0562 0496 AudioSrv - ok
10:47:04.0609 0496 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:47:04.0609 0496 audstub - ok
10:47:04.0671 0496 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:47:04.0671 0496 Beep - ok
10:47:04.0734 0496 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:47:04.0859 0496 BITS - ok
10:47:04.0890 0496 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:47:04.0906 0496 Bonjour Service - ok
10:47:04.0937 0496 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
10:47:04.0937 0496 Browser - ok
10:47:04.0984 0496 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
10:47:04.0984 0496 BthEnum - ok
10:47:05.0000 0496 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
10:47:05.0015 0496 BthPan - ok
10:47:05.0031 0496 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
10:47:05.0046 0496 BTHPORT - ok
10:47:05.0062 0496 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
10:47:05.0062 0496 BthServ - ok
10:47:05.0093 0496 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
10:47:05.0093 0496 BTHUSB - ok
10:47:05.0218 0496 catchme - ok
10:47:05.0265 0496 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:47:05.0265 0496 cbidf2k - ok
10:47:05.0296 0496 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:47:05.0296 0496 CCDECODE - ok
10:47:05.0312 0496 cd20xrnt - ok
10:47:05.0359 0496 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:47:05.0359 0496 Cdaudio - ok
10:47:05.0390 0496 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:47:05.0390 0496 Cdfs - ok
10:47:05.0406 0496 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:47:05.0421 0496 Cdrom - ok
10:47:05.0437 0496 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
10:47:05.0484 0496 cercsr6 - ok
10:47:05.0500 0496 Changer - ok
10:47:05.0531 0496 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:47:05.0531 0496 CiSvc - ok
10:47:05.0562 0496 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:47:05.0578 0496 ClipSrv - ok
10:47:05.0609 0496 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:47:05.0796 0496 clr_optimization_v2.0.50727_32 - ok
10:47:05.0796 0496 CmdIde - ok
10:47:05.0812 0496 COMSysApp - ok
10:47:05.0828 0496 Cpqarray - ok
10:47:05.0859 0496 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:47:05.0859 0496 CryptSvc - ok
10:47:05.0875 0496 dac2w2k - ok
10:47:05.0890 0496 dac960nt - ok
10:47:05.0937 0496 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:47:05.0968 0496 DcomLaunch - ok
10:47:06.0015 0496 [ D0D4F3CA1D3A4400E1F40F36A800CD12 ] dgderdrv C:\WINDOWS\system32\drivers\dgderdrv.sys
10:47:06.0015 0496 dgderdrv - ok
10:47:06.0062 0496 [ 1F7BACA7D1DD1B3D73B4C3934148FAD3 ] dgdersvc C:\WINDOWS\system32\dgdersvc.exe
10:47:06.0062 0496 dgdersvc - ok
10:47:06.0125 0496 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:47:06.0125 0496 Dhcp - ok
10:47:06.0140 0496 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:47:06.0140 0496 Disk - ok
10:47:06.0156 0496 dmadmin - ok
10:47:06.0187 0496 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:47:06.0203 0496 dmboot - ok
10:47:06.0234 0496 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:47:06.0234 0496 dmio - ok
10:47:06.0265 0496 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:47:06.0281 0496 dmload - ok
10:47:06.0296 0496 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:47:06.0312 0496 dmserver - ok
10:47:06.0328 0496 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:47:06.0328 0496 DMusic - ok
10:47:06.0375 0496 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:47:06.0375 0496 Dnscache - ok
10:47:06.0421 0496 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:47:06.0437 0496 Dot3svc - ok
10:47:06.0437 0496 dpti2o - ok
10:47:06.0468 0496 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:47:06.0468 0496 drmkaud - ok
10:47:06.0500 0496 [ 95974E66D3DE4951D29E28E8BC0B644C ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:47:06.0515 0496 E100B - ok
10:47:06.0546 0496 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:47:06.0546 0496 EapHost - ok
10:47:06.0593 0496 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:47:06.0593 0496 ERSvc - ok
10:47:06.0640 0496 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:47:06.0687 0496 Eventlog - ok
10:47:06.0718 0496 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:47:06.0734 0496 EventSystem - ok
10:47:06.0734 0496 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:47:06.0750 0496 Fastfat - ok
10:47:06.0796 0496 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:47:06.0812 0496 FastUserSwitchingCompatibility - ok
10:47:06.0859 0496 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:47:06.0859 0496 Fdc - ok
10:47:06.0875 0496 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:47:06.0875 0496 Fips - ok
10:47:06.0890 0496 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:47:06.0890 0496 Flpydisk - ok
10:47:06.0937 0496 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:47:06.0937 0496 FltMgr - ok
10:47:07.0031 0496 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:47:07.0031 0496 FontCache3.0.0.0 - ok
10:47:07.0078 0496 [ B07663A810E861EEBFD0EAC7E82CA62D ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
10:47:07.0078 0496 FsUsbExDisk - ok
10:47:07.0093 0496 [ F96C429788350DB4BA6771C3034DFD88 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
10:47:07.0109 0496 FsUsbExService - ok
10:47:07.0125 0496 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:47:07.0125 0496 Fs_Rec - ok
10:47:07.0156 0496 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:47:07.0156 0496 Ftdisk - ok
10:47:07.0171 0496 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:47:07.0171 0496 GEARAspiWDM - ok
10:47:07.0203 0496 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:47:07.0203 0496 Gpc - ok
10:47:07.0234 0496 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:47:07.0234 0496 HDAudBus - ok
10:47:07.0328 0496 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:47:07.0328 0496 helpsvc - ok
10:47:07.0343 0496 HidServ - ok
10:47:07.0359 0496 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:47:07.0359 0496 hidusb - ok
10:47:07.0406 0496 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:47:07.0406 0496 hkmsvc - ok
10:47:07.0421 0496 hpn - ok
10:47:07.0453 0496 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:47:07.0453 0496 HTTP - ok
10:47:07.0515 0496 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:47:07.0531 0496 HTTPFilter - ok
10:47:07.0546 0496 i2omgmt - ok
10:47:07.0546 0496 i2omp - ok
10:47:07.0578 0496 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
10:47:07.0593 0496 i8042prt - ok
10:47:07.0656 0496 [ 240D0F5D7CAAFD87BD8D801A97BBE041 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:47:07.0671 0496 ialm - ok
10:47:07.0796 0496 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:47:07.0812 0496 idsvc - ok
10:47:07.0828 0496 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:47:07.0828 0496 Imapi - ok
10:47:07.0890 0496 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:47:07.0890 0496 ImapiService - ok
10:47:07.0906 0496 ini910u - ok
10:47:07.0921 0496 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:47:07.0921 0496 IntelIde - ok
10:47:07.0937 0496 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:47:07.0953 0496 intelppm - ok
10:47:07.0968 0496 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:47:07.0968 0496 Ip6Fw - ok
10:47:08.0000 0496 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:47:08.0000 0496 IpFilterDriver - ok
10:47:08.0015 0496 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:47:08.0015 0496 IpInIp - ok
10:47:08.0046 0496 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:47:08.0046 0496 IpNat - ok
10:47:08.0125 0496 [ 3A6D4D8ABACF64292D060C9E06D2050D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:47:08.0140 0496 iPod Service - ok
10:47:08.0171 0496 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:47:08.0171 0496 IPSec - ok
10:47:08.0171 0496 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:47:08.0171 0496 IRENUM - ok
10:47:08.0187 0496 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:47:08.0187 0496 isapnp - ok
10:47:08.0312 0496 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:47:08.0328 0496 JavaQuickStarterService - ok
10:47:08.0343 0496 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:47:08.0343 0496 Kbdclass - ok
10:47:08.0359 0496 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:47:08.0359 0496 kbdhid - ok
10:47:08.0390 0496 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:47:08.0390 0496 kmixer - ok
10:47:08.0406 0496 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:47:08.0406 0496 KSecDD - ok
10:47:08.0453 0496 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:47:08.0468 0496 lanmanserver - ok
10:47:08.0515 0496 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:47:08.0562 0496 lanmanworkstation - ok
10:47:08.0562 0496 lbrtfdc - ok
10:47:08.0609 0496 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:47:08.0609 0496 LmHosts - ok
10:47:08.0640 0496 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:47:08.0656 0496 Messenger - ok
10:47:08.0671 0496 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:47:08.0671 0496 mnmdd - ok
10:47:08.0703 0496 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:47:08.0703 0496 mnmsrvc - ok
10:47:08.0718 0496 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:47:08.0718 0496 Modem - ok
10:47:08.0718 0496 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:47:08.0734 0496 Mouclass - ok
10:47:08.0750 0496 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:47:08.0750 0496 mouhid - ok
10:47:08.0765 0496 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:47:08.0765 0496 MountMgr - ok
10:47:08.0812 0496 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:47:08.0828 0496 MpFilter - ok
10:47:08.0921 0496 [ A69630D039C38018689190234F866D77 ] MpKsl492077c7 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D855D08-86A0-4C61-A8F8-4682EF00B374}\MpKsl492077c7.sys
10:47:08.0921 0496 MpKsl492077c7 - ok
10:47:08.0921 0496 mraid35x - ok
10:47:08.0937 0496 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:47:08.0937 0496 MRxDAV - ok
10:47:08.0984 0496 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:47:09.0000 0496 MRxSmb - ok
10:47:09.0015 0496 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:47:09.0031 0496 MSDTC - ok
10:47:09.0031 0496 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:47:09.0031 0496 Msfs - ok
10:47:09.0046 0496 MSIServer - ok
10:47:09.0062 0496 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:47:09.0062 0496 MSKSSRV - ok
10:47:09.0125 0496 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:47:09.0140 0496 MsMpSvc - ok
10:47:09.0140 0496 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:47:09.0140 0496 MSPCLOCK - ok
10:47:09.0171 0496 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:47:09.0171 0496 MSPQM - ok
10:47:09.0187 0496 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:47:09.0187 0496 mssmbios - ok
10:47:09.0203 0496 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
10:47:09.0203 0496 MSTEE - ok
10:47:09.0218 0496 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:47:09.0218 0496 Mup - ok
10:47:09.0250 0496 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:47:09.0250 0496 NABTSFEC - ok
10:47:09.0312 0496 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:47:09.0312 0496 napagent - ok
10:47:09.0328 0496 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:47:09.0328 0496 NDIS - ok
10:47:09.0375 0496 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:47:09.0375 0496 NdisIP - ok
10:47:09.0421 0496 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:47:09.0421 0496 NdisTapi - ok
10:47:09.0484 0496 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:47:09.0484 0496 Ndisuio - ok
10:47:09.0500 0496 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:47:09.0500 0496 NdisWan - ok
10:47:09.0515 0496 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:47:09.0515 0496 NDProxy - ok
10:47:09.0546 0496 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:47:09.0546 0496 NetBIOS - ok
10:47:09.0578 0496 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:47:09.0578 0496 NetBT - ok
10:47:09.0640 0496 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:47:09.0640 0496 NetDDE - ok
10:47:09.0640 0496 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:47:09.0656 0496 NetDDEdsdm - ok
10:47:09.0671 0496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:47:09.0671 0496 Netlogon - ok
10:47:09.0734 0496 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:47:09.0734 0496 Netman - ok
10:47:09.0765 0496 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:47:09.0765 0496 NetTcpPortSharing - ok
10:47:09.0796 0496 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:47:09.0812 0496 Nla - ok
10:47:09.0828 0496 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:47:09.0843 0496 Npfs - ok
10:47:09.0875 0496 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:47:09.0890 0496 Ntfs - ok
10:47:09.0890 0496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:47:09.0890 0496 NtLmSsp - ok
10:47:09.0937 0496 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:47:09.0953 0496 NtmsSvc - ok
10:47:09.0984 0496 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:47:09.0984 0496 Null - ok
10:47:10.0031 0496 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:47:10.0031 0496 NwlnkFlt - ok
10:47:10.0031 0496 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:47:10.0046 0496 NwlnkFwd - ok
10:47:10.0078 0496 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:47:10.0078 0496 Parport - ok
10:47:10.0093 0496 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:47:10.0093 0496 PartMgr - ok
10:47:10.0140 0496 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:47:10.0140 0496 ParVdm - ok
10:47:10.0156 0496 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:47:10.0156 0496 PCI - ok
10:47:10.0156 0496 PCIDump - ok
10:47:10.0187 0496 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:47:10.0187 0496 PCIIde - ok
10:47:10.0218 0496 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:47:10.0234 0496 Pcmcia - ok
10:47:10.0234 0496 PDCOMP - ok
10:47:10.0250 0496 PDFRAME - ok
10:47:10.0250 0496 PDRELI - ok
10:47:10.0265 0496 PDRFRAME - ok
10:47:10.0265 0496 perc2 - ok
10:47:10.0281 0496 perc2hib - ok
10:47:10.0312 0496 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:47:10.0312 0496 PlugPlay - ok
10:47:10.0328 0496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:47:10.0328 0496 PolicyAgent - ok
10:47:10.0375 0496 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:47:10.0375 0496 PptpMiniport - ok
10:47:10.0390 0496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:47:10.0390 0496 ProtectedStorage - ok
10:47:10.0406 0496 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:47:10.0406 0496 PSched - ok
10:47:10.0406 0496 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:47:10.0421 0496 Ptilink - ok
10:47:10.0437 0496 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:47:10.0437 0496 PxHelp20 - ok
10:47:10.0453 0496 ql1080 - ok
10:47:10.0468 0496 Ql10wnt - ok
10:47:10.0468 0496 ql12160 - ok
10:47:10.0484 0496 ql1240 - ok
10:47:10.0484 0496 ql1280 - ok
10:47:10.0515 0496 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:47:10.0515 0496 RasAcd - ok
10:47:10.0546 0496 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:47:10.0562 0496 RasAuto - ok
10:47:10.0578 0496 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:47:10.0593 0496 Rasl2tp - ok
10:47:10.0640 0496 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:47:10.0656 0496 RasMan - ok
10:47:10.0656 0496 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:47:10.0656 0496 RasPppoe - ok
10:47:10.0671 0496 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:47:10.0671 0496 Raspti - ok
10:47:10.0703 0496 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:47:10.0703 0496 Rdbss - ok
10:47:10.0734 0496 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:47:10.0734 0496 RDPCDD - ok
10:47:10.0796 0496 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:47:10.0796 0496 RDPWD - ok
10:47:10.0828 0496 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:47:10.0828 0496 RDSessMgr - ok
10:47:10.0890 0496 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
10:47:10.0890 0496 RealNetworks Downloader Resolver Service - ok
10:47:10.0937 0496 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:47:10.0953 0496 redbook - ok
10:47:10.0984 0496 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:47:10.0984 0496 RemoteAccess - ok
10:47:11.0015 0496 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
10:47:11.0015 0496 RFCOMM - ok
10:47:11.0031 0496 RkPavproc1 - ok
10:47:11.0046 0496 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:47:11.0046 0496 RpcLocator - ok
10:47:11.0078 0496 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:47:11.0078 0496 RpcSs - ok
10:47:11.0109 0496 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:47:11.0109 0496 RSVP - ok
10:47:11.0125 0496 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:47:11.0125 0496 SamSs - ok
10:47:11.0140 0496 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:47:11.0140 0496 SCardSvr - ok
10:47:11.0187 0496 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:47:11.0203 0496 Schedule - ok
10:47:11.0281 0496 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:47:11.0296 0496 SeaPort - ok
10:47:11.0343 0496 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:47:11.0343 0496 Secdrv - ok
10:47:11.0390 0496 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:47:11.0390 0496 seclogon - ok
10:47:11.0437 0496 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:47:11.0437 0496 SENS - ok
10:47:11.0500 0496 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:47:11.0500 0496 Serial - ok
10:47:11.0562 0496 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:47:11.0562 0496 Sfloppy - ok
10:47:11.0625 0496 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:47:11.0625 0496 SharedAccess - ok
10:47:11.0656 0496 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:47:11.0656 0496 ShellHWDetection - ok
10:47:11.0656 0496 Simbad - ok
10:47:11.0718 0496 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:47:11.0718 0496 SLIP - ok
10:47:11.0843 0496 [ E1F5F9FBF8A2CFED174E4EC38A358B93 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
10:47:11.0906 0496 SNP2UVC - ok
10:47:11.0906 0496 Sparrow - ok
10:47:11.0937 0496 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:47:11.0937 0496 splitter - ok
10:47:12.0000 0496 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:47:12.0000 0496 Spooler - ok
10:47:12.0046 0496 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:47:12.0046 0496 sr - ok
10:47:12.0109 0496 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:47:12.0109 0496 srservice - ok
10:47:12.0171 0496 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:47:12.0171 0496 Srv - ok
10:47:12.0203 0496 [ 406776FE3C2B66796BAC1A7AFB9AC8A1 ] ssadbus C:\WINDOWS\system32\DRIVERS\ssadbus.sys
10:47:12.0218 0496 ssadbus - ok
10:47:12.0234 0496 [ B19532D015A5D295E2AA34BB521202CF ] ssadmdfl C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
10:47:12.0234 0496 ssadmdfl - ok
10:47:12.0265 0496 [ 2AEBF9108E6F435458B9499C27394DA4 ] ssadmdm C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
10:47:12.0265 0496 ssadmdm - ok
10:47:12.0296 0496 [ 28F893C9B4E98DEE5AE3C24DB56B1B11 ] ssadserd C:\WINDOWS\system32\DRIVERS\ssadserd.sys
10:47:12.0296 0496 ssadserd - ok
10:47:12.0343 0496 [ B2063CE662AF3AB20045121A5B716DF6 ] sscebus C:\WINDOWS\system32\DRIVERS\sscebus.sys
10:47:12.0343 0496 sscebus - ok
10:47:12.0359 0496 [ 66799DC0AFE3DCAF8368CAE17394A762 ] sscemdfl C:\WINDOWS\system32\DRIVERS\sscemdfl.sys
10:47:12.0359 0496 sscemdfl - ok
10:47:12.0375 0496 [ CBF03FFC08F8DB547BAB2F79AA663D16 ] sscemdm C:\WINDOWS\system32\DRIVERS\sscemdm.sys
10:47:12.0375 0496 sscemdm - ok
10:47:12.0421 0496 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:47:12.0421 0496 SSDPSRV - ok
10:47:12.0484 0496 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
10:47:12.0484 0496 ss_bbus - ok
10:47:12.0515 0496 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
10:47:12.0515 0496 ss_bmdfl - ok
10:47:12.0531 0496 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
10:47:12.0531 0496 ss_bmdm - ok
10:47:12.0562 0496 [ 994D2E5378CC337EC7DD73C1E04FCAA4 ] ss_bserd C:\WINDOWS\system32\DRIVERS\ss_bserd.sys
10:47:12.0578 0496 ss_bserd - ok
10:47:12.0656 0496 [ 26EB7ACF476A3461B85F5BCE9A677A4A ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
10:47:12.0656 0496 STHDA - ok
10:47:12.0718 0496 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:47:12.0734 0496 stisvc - ok
10:47:12.0781 0496 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:47:12.0781 0496 streamip - ok
10:47:12.0828 0496 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:47:12.0828 0496 swenum - ok
10:47:12.0875 0496 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:47:12.0875 0496 swmidi - ok
10:47:12.0875 0496 SwPrv - ok
10:47:12.0890 0496 symc810 - ok
10:47:12.0906 0496 symc8xx - ok
10:47:12.0906 0496 sym_hi - ok
10:47:12.0921 0496 sym_u3 - ok
10:47:12.0968 0496 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:47:12.0968 0496 sysaudio - ok
10:47:13.0000 0496 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:47:13.0000 0496 SysmonLog - ok
10:47:13.0046 0496 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:47:13.0046 0496 TapiSrv - ok
10:47:13.0109 0496 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:47:13.0125 0496 Tcpip - ok
10:47:13.0171 0496 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:47:13.0171 0496 TDPIPE - ok
10:47:13.0187 0496 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:47:13.0187 0496 TDTCP - ok
10:47:13.0234 0496 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:47:13.0234 0496 TermDD - ok
10:47:13.0281 0496 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:47:13.0281 0496 TermService - ok
10:47:13.0328 0496 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:47:13.0328 0496 Themes - ok
10:47:13.0343 0496 TosIde - ok
10:47:13.0359 0496 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:47:13.0359 0496 TrkWks - ok
10:47:13.0406 0496 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
10:47:13.0500 0496 TrueSight - ok
10:47:13.0531 0496 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:47:13.0531 0496 Udfs - ok
10:47:13.0546 0496 ultra - ok
10:47:13.0593 0496 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:47:13.0609 0496 Update - ok
10:47:13.0656 0496 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:47:13.0656 0496 upnphost - ok
10:47:13.0671 0496 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:47:13.0671 0496 UPS - ok
10:47:13.0734 0496 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
10:47:13.0765 0496 USBAAPL - ok
10:47:13.0812 0496 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
10:47:13.0812 0496 usbaudio - ok
10:47:13.0843 0496 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:47:13.0843 0496 usbccgp - ok
10:47:13.0890 0496 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:47:13.0890 0496 usbehci - ok
10:47:13.0890 0496 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:47:13.0890 0496 usbhub - ok
10:47:13.0937 0496 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:47:13.0937 0496 usbprint - ok
10:47:13.0968 0496 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:47:13.0968 0496 usbscan - ok
10:47:14.0015 0496 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:47:14.0015 0496 USBSTOR - ok
10:47:14.0078 0496 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:47:14.0078 0496 usbuhci - ok
10:47:14.0125 0496 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
10:47:14.0125 0496 usbvideo - ok
10:47:14.0171 0496 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:47:14.0171 0496 VgaSave - ok
10:47:14.0171 0496 ViaIde - ok
10:47:14.0234 0496 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:47:14.0234 0496 VolSnap - ok
10:47:14.0265 0496 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:47:14.0281 0496 VSS - ok
10:47:14.0312 0496 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:47:14.0328 0496 W32Time - ok
10:47:14.0375 0496 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:47:14.0375 0496 Wanarp - ok
10:47:14.0406 0496 [ 4C0B8EF721783F52F8E531FBDC4B1F74 ] wceusbsh C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
10:47:14.0421 0496 wceusbsh - ok
10:47:14.0453 0496 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
10:47:14.0468 0496 Wdf01000 - ok
10:47:14.0468 0496 WDICA - ok
10:47:14.0500 0496 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:47:14.0500 0496 wdmaud - ok
10:47:14.0562 0496 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:47:14.0562 0496 WebClient - ok
10:47:14.0625 0496 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
10:47:14.0625 0496 WinDefend - ok
10:47:14.0718 0496 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:47:14.0718 0496 winmgmt - ok
10:47:14.0765 0496 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
10:47:14.0765 0496 WmdmPmSN - ok
10:47:14.0812 0496 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:47:14.0828 0496 WmiApSrv - ok
10:47:14.0890 0496 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:47:14.0906 0496 WMPNetworkSvc - ok
10:47:14.0953 0496 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:47:14.0953 0496 WpdUsb - ok
10:47:15.0000 0496 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:47:15.0000 0496 WS2IFSL - ok
10:47:15.0031 0496 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:47:15.0046 0496 wscsvc - ok
10:47:15.0093 0496 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:47:15.0093 0496 WSTCODEC - ok
10:47:15.0140 0496 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:47:15.0140 0496 wuauserv - ok
10:47:15.0187 0496 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:47:15.0187 0496 WudfPf - ok
10:47:15.0203 0496 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:47:15.0203 0496 WudfRd - ok
10:47:15.0250 0496 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:47:15.0265 0496 WudfSvc - ok
10:47:15.0328 0496 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:47:15.0343 0496 WZCSVC - ok
10:47:15.0390 0496 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:47:15.0390 0496 xmlprov - ok
10:47:15.0421 0496 ================ Scan global ===============================
10:47:15.0453 0496 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:47:15.0515 0496 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:47:15.0531 0496 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:47:15.0546 0496 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:47:15.0546 0496 [Global] - ok
10:47:15.0546 0496 ================ Scan MBR ==================================
10:47:15.0578 0496 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:47:15.0781 0496 \Device\Harddisk0\DR0 - ok
10:47:15.0796 0496 [ 2852254352EAC3B4F1A878FF2733FACC ] \Device\Harddisk1\DR3
10:47:24.0375 0496 \Device\Harddisk1\DR3 - ok
10:47:24.0390 0496 ================ Scan VBR ==================================
10:47:24.0390 0496 [ A7E96CB85D7519C9979BF10D33B36757 ] \Device\Harddisk0\DR0\Partition1
10:47:24.0390 0496 \Device\Harddisk0\DR0\Partition1 - ok
10:47:24.0390 0496 ============================================================
10:47:24.0390 0496 Scan finished
10:47:24.0390 0496 ============================================================
10:47:24.0406 0464 Detected object count: 0
10:47:24.0406 0464 Actual detected object count: 0

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
  
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  
• Copy and paste the contents of these two log files in your next reply.
  

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.24.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Veron :: HOME-CA08B8A03F [administrator]

24/12/2012 09:56:42
mbar-log-2012-12-24 (09-56-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26158
Time elapsed: 13 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 2405515264, free: 1588080640

------------ Kernel report ------------
12/24/2012 09:42:29
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
cercsr6.sys
\WINDOWS\System32\Drivers\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D855D08-86A0-4C61-A8F8-4682EF00B374}\MpKsl492077c7.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\FsUsbExDisk.SYS
\SystemRoot\System32\drivers\dgderdrv.sys
\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D855D08-86A0-4C61-A8F8-4682EF00B374}\MpKsl45bc1b85.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\splitter.sys
\SystemRoot\system32\drivers\aec.sys
\SystemRoot\system32\drivers\swmidi.sys
\SystemRoot\system32\drivers\DMusic.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\drivers\drmkaud.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a7a96a0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005d\
Lower Device Object: 0xffffffff8ab8ad50
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8abb0ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-e\
Lower Device Object: 0xffffffff8abffb00
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.24.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8abb0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ac44958, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8abb0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8abffb00, DeviceName: \Device\Ide\IdeDeviceP1T0L0-e\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe3926eb8, 0xffffffff8abb0ab8, 0xffffffff8a436ab8
Lower DeviceData: 0xffffffffe391a508, 0xffffffff8abffb00, 0xffffffff8a865f18
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D0F4738C

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 80325 Numsec = 312399990
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a7a96a0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a799e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a7a96a0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8ab8ad50, DeviceName: \Device\0000005d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xffffffffe35e3ce0, 0xffffffff8a7a96a0, 0xffffffff8a353ab8
Lower DeviceData: 0xffffffffe36db0e8, 0xffffffff8ab8ad50, 0xffffffff8a3ed040
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
Partition information:

This drive is a Single Partition removable Drive.
Partition file system is FAT32
Partition is not bootable

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Performing system, memory and registry scan...
Read File: File "C:\WINDOWS\$NtUninstallKB977816$\update.ver" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB977816$\updatebr.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB946648$\update.ver" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB2467659$\update.ver" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB2467659$\updatebr.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB980195$\update.ver" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB980195$\updatebr.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB2508272$\update.ver" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB2508272$\updatebr.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB2524375$\update.ver" is compressed (flags = 1)
Read File: File "C:\WINDOWS\$NtUninstallKB2524375$\updatebr.inf" is compressed (flags = 1)
Done!
Scan finished
Scanning directory: C:\WINDOWS\system32\drivers...

How's your computer runnning now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

my computer loads pages quicker although when i stream online videos there jumpy and not so fast pause alot

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=868406043fc8a140874e1ab4aa13f9c5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-25 03:41:45
# local_time=2012-12-25 03:41:45 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# scanned=66211
# found=1
# cleaned=1
# scan_time=4189
C:\Documents and Settings\Veron\Local Settings\Application Data\Opera\Opera\temporary_downloads\Setup.exe a variant of Win32/Adware.iBryte.D application (cleaned by deleting - quarantined) 818F2610C5105DA76119516FB08845CFBF914582 C

my computer loads pages quicker although when i stream online videos there jumpy and not so fast pause alot

This could be caused by not enough RAM or your ISP(internet service provider). I cannot watch Youtube with IE on my computer because of the same problem but I have no problem with FireFox.
Let's do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*****************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
********************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*********************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing and Season's Greetings!