Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't Eliminate Multiple Malware [Closed]


  • This topic is locked This topic is locked

#1
mej_jeff

mej_jeff

    Member

  • Member
  • PipPip
  • 26 posts
I have been trying to eliminate several Malware and Trojans on a computer. Yesterday I ran my normal virus scan which located several trojans (KATUSHA, AGENT3 and others). IT tried to eliminate them and said that they were wiped out. However, I ran Malwarebytes which still found them. It eliminated them, but as soon as I reconnected to the network, the virus scan alerted me to new instances of these malware.

I disconnected from the network, and the internet again and used OTL on a flash drive to create the attached log.



Can anyone help me finally eliminate the malware?

Thanks

Attached Files


Edited by mej_jeff, 27 August 2013 - 09:39 AM.

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello mej_jeff: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

OTL is designed to be run from the desktop of the computer. Please copy OTL from the flash drive to the desktop and run it from there. Then Copy and Paste the OTL. txt and Extras.txt files in to your next reply. Do Not attach them.
  • 0

#3
mej_jeff

mej_jeff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thanks for your response, godawgs.

I have one question to ask before you take a look at the OTL log. My computer has AVG running in the background. Should I turn this off and run OTL with it off?

I have run OTL from the desktop. I could not locate any extra.txt file. Here is the OTL.txt file

OTL logfile created on: 8/27/2013 12:22:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jtracey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

876.04 Mb Total Physical Memory | 407.71 Mb Available Physical Memory | 46.54% Memory free
2.07 Gb Paging File | 1.61 Gb Available in Paging File | 77.86% Paging File free
Paging file location(s): C:\pagefile.sys 1308 2616 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.50 Gb Total Space | 94.81 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
Drive E: | 7.26 Gb Total Space | 7.16 Gb Free Space | 98.64% Space Free | Partition Type: FAT32

Computer Name: NAL006A | User Name: jtracey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/27 09:15:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jtracey\Desktop\OTL.exe
PRC - [2013/08/26 09:41:56 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/08/26 09:41:56 | 001,616,048 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
PRC - [2013/08/26 09:41:56 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/01/18 15:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/06/03 10:52:01 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2008/06/27 02:18:20 | 000,053,248 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/11/06 17:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


========== Modules (No Company Name) ==========

MOD - [2013/08/26 09:41:57 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
MOD - [2013/08/26 09:41:56 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/08/26 09:41:56 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
MOD - [2013/08/26 09:41:56 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
MOD - [2008/05/14 18:08:56 | 000,139,264 | ---- | M] () -- c:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/06/18 18:28:44 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2003/11/06 17:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
MOD - [2001/07/31 05:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - [2013/08/26 09:41:56 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013/08/20 18:33:47 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\pcollins\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2008/04/25 10:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/01/15 16:11:26 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe -- (NetFxUpdate_v1.1.4322)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/08/26 14:56:44 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/08/26 09:41:57 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/10/13 11:46:13 | 000,111,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2009/06/02 14:22:24 | 000,008,448 | ---- | M] (Logic Controls Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lcildfil.sys -- (lcildfil)
DRV - [2009/06/02 14:22:22 | 000,024,192 | ---- | M] (Logic Controls, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCILD.sys -- (LCILD)
DRV - [2008/07/22 03:14:38 | 000,144,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2008/07/16 03:12:02 | 000,037,184 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/07/10 21:48:00 | 000,046,144 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/04/09 16:40:06 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/03/27 23:42:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2008/02/10 19:49:10 | 000,018,048 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2007/09/05 19:35:46 | 000,377,920 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2007/06/18 18:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 18:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 18:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 18:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 18:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 18:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 18:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 18:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 22:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/10/14 11:56:46 | 000,014,592 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2006/09/14 12:48:58 | 000,016,768 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2005/10/26 10:18:20 | 000,008,704 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/10/04 08:28:38 | 000,043,392 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://catalogue1.ch...me/Default.aspx
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rms}&FORM=LENIE
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2013-08-26 09:42:06&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/03 10:52:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/10/13 12:51:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [Seagull Drivers] C:\WINDOWS\ssdal_nc.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = northamericanlumber.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1BA58C9-9EE6-49A0-B28A-557329A34550}: NameServer = 192.168.0.12
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Swoosh 1024_768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Swoosh 1024_768.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 17:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (/sync)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/27 12:21:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jtracey\Desktop\OTL.exe
[2013/08/26 09:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jtracey\Application Data\AVG2013
[2013/08/26 09:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jtracey\Local Settings\Application Data\AVG Secure Search
[2013/08/26 09:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jtracey\Application Data\TuneUp Software
[2013/08/26 09:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/08/26 09:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jtracey\Application Data\AVG Secure Search
[2013/08/26 09:42:05 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/08/26 09:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/08/26 09:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2013/08/26 09:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2013/08/26 09:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/08/26 09:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jtracey\Local Settings\Application Data\MFAData
[2013/08/26 09:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jtracey\Local Settings\Application Data\Avg2013
[2013/08/20 18:33:43 | 017,139,080 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/27 11:33:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/27 09:15:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jtracey\Desktop\OTL.exe
[2013/08/27 07:52:55 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/27 07:52:54 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2309195978-1724402022-2627459343-1255.job
[2013/08/27 07:52:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2309195978-1724402022-2627459343-3137.job
[2013/08/27 07:52:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2309195978-1724402022-2627459343-1302.job
[2013/08/27 07:52:53 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2309195978-1724402022-2627459343-1254.job
[2013/08/27 07:52:52 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2733357402-314577972-2489089845-1012.job
[2013/08/27 07:52:52 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2733357402-314577972-2489089845-500.job
[2013/08/27 07:52:52 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2309195978-1724402022-2627459343-500.job
[2013/08/27 07:48:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/27 07:45:45 | 000,001,770 | -H-- | M] () -- C:\Documents and Settings\jtracey\My Documents\Default.rdp
[2013/08/26 14:57:36 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2309195978-1724402022-2627459343-1255.job
[2013/08/26 14:56:44 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/08/26 09:42:15 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/08/26 09:41:57 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/08/26 09:02:04 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2309195978-1724402022-2627459343-3137.job
[2013/08/25 23:00:08 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013/08/23 17:19:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2309195978-1724402022-2627459343-1302.job
[2013/08/22 17:24:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2309195978-1724402022-2627459343-500.job
[2013/08/22 15:09:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2309195978-1724402022-2627459343-1254.job
[2013/08/21 17:00:00 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2733357402-314577972-2489089845-1012.job
[2013/08/20 18:33:46 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/20 18:33:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/20 18:33:43 | 017,139,080 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/08/20 13:27:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2733357402-314577972-2489089845-500.job
[2013/08/15 03:03:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/15 03:02:18 | 000,444,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/15 03:02:18 | 000,072,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/26 14:56:44 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/08/26 09:42:15 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/02/14 17:02:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/13 12:29:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/13 12:29:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/13 12:29:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/13 12:29:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/13 12:29:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/12 15:04:13 | 000,111,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/10/12 10:00:58 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\jtracey\Local Settings\Application Data\housecall.guid.cache
[2011/04/18 14:29:12 | 000,001,330 | RHS- | C] () -- C:\Documents and Settings\jtracey\ntuser.pol
[2009/08/24 16:05:53 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2009/07/23 14:45:16 | 000,008,442 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2008/07/21 17:06:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[2011/10/13 10:52:56 | 000,028,160 | -HS- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I have one question to ask before you take a look at the OTL log. My computer has AVG running in the background. Should I turn this off and run OTL with it off?

You don't need to turn it off unless OTL or parts of it won't run. I will let you know when/if it needs to be disabled.
Some of our tools do require that the AV program be disabled. The instructions to run each tool will tell you this.

You say that you ram MalwareBytes and it found the trojans. I want to look at that log please. You can find it in the MBAM program under the Logs tab.

I don't really see a whole lot in the OTL scan. So we are gonna get a more detailed scan that will include the Extras.txt log. And some additional scans. Please read the directions carefully. It might also be helpful to print the instructions or copy them to a text file so you will have them available. It will also be easier if you download all of the tools first and then close the browser and all open windows before running them.


Step-1.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C
DRIVES


2. Re-open Posted Imageon the desktop. To do that:
  • XP users: Double click on the OTL icon.
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
    NOTE: There won't be an option to include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the radio button beside Use Safelist<---Very Important
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3.

Run RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here

  • Click here to go to the RogueKiller download page.
  • Click the Build 32 bits (x86): download button and save the RogueKiller.exe file to the desktop.
  • Quit all programs and close all browsers.
  • Double click the RogueKiller icon to run the program.
    NOTE: If this is the first time you have used the program you will need to accept the User Agreement.
  • Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-4.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users, double click the AdwCleaner icon Posted Image on the desktop to run AdwCleaner. You will see the following console:

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this. Do Not delete anything at this time.
  • On reboot a log will be produced please copy/paste that in your next reply. To do that:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt. NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1.The MalwareBytes log
2. The new OTL.txt log
3. The Extras.txt log
4. The aswMBR log
5. The RKreport.txt log
6. The AdwCleaner[R0].txt log
  • 0

#5
mej_jeff

mej_jeff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I got as far as step 4, no problem. then I tried to download ADWCleaner and two unexpected programs showed up on the desktop. they are OTShot and optimizer Pro. I know that was not supposed to happen. Should I worry about these now, or try again to install ADWCleaner?

Thanks
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OTShot and Optimizer Pro did not come from the BleepingComputer web site. Something else on the computer is downloading these adware an browser hijacking programs. Do not click on them. The AdwCleaner program does not install. It is a stand alone scan. You just download it and run it using the instructions given. Please complete the steps above and post the logs.
  • 0

#7
mej_jeff

mej_jeff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I have finished all the steps you listed and will copy all the logs from these steps. Unfortunately, I redownloaded Malwarebytes before I contacted you and now can not locate any log files. If you have to ideas where I may find this, I will post it when I locate the log.

Here are the other files. Hopefully this helps you locate the culprit(s)

Thanks

OTL

OTL logfile created on: 8/27/2013 1:49:19 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jtracey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

876.04 Mb Total Physical Memory | 455.74 Mb Available Physical Memory | 52.02% Memory free
2.07 Gb Paging File | 1.60 Gb Available in Paging File | 77.47% Paging File free
Paging file location(s): C:\pagefile.sys 1308 2616 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.50 Gb Total Space | 94.81 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
Drive E: | 7.26 Gb Total Space | 7.16 Gb Free Space | 98.64% Space Free | Partition Type: FAT32

Computer Name: NAL006A | User Name: jtracey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/27 09:15:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jtracey\Desktop\OTL.exe
PRC - [2013/08/26 09:41:56 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/08/26 09:41:56 | 001,616,048 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
PRC - [2013/08/26 09:41:56 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/01/18 15:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/06/03 10:52:01 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2008/06/27 02:18:20 | 000,053,248 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/11/06 17:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE


========== Modules (No Company Name) ==========

MOD - [2013/08/26 09:41:57 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
MOD - [2013/08/26 09:41:56 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/08/26 09:41:56 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
MOD - [2013/08/26 09:41:56 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
MOD - [2008/05/14 18:08:56 | 000,139,264 | ---- | M] () -- c:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/06/18 18:28:44 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2003/11/06 17:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
MOD - [2001/07/31 05:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - [2013/08/26 09:41:56 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013/08/20 18:33:47 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/07/21 08:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\pcollins\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2008/04/25 10:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/01/15 16:11:26 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe -- (NetFxUpdate_v1.1.4322)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/08/26 14:56:44 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/08/26 09:41:57 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/10/13 11:46:13 | 000,111,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2009/06/02 14:22:24 | 000,008,448 | ---- | M] (Logic Controls Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lcildfil.sys -- (lcildfil)
DRV - [2009/06/02 14:22:22 | 000,024,192 | ---- | M] (Logic Controls, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LCILD.sys -- (LCILD)
DRV - [2008/07/22 03:14:38 | 000,144,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2008/07/16 03:12:02 | 000,037,184 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/07/10 21:48:00 | 000,046,144 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/04/09 16:40:06 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/03/27 23:42:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2008/02/10 19:49:10 | 000,018,048 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2007/09/05 19:35:46 | 000,377,920 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2007/06/18 18:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 18:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 18:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 18:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 18:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 18:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 18:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 18:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 22:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/10/14 11:56:46 | 000,014,592 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)
DRV - [2006/09/14 12:48:58 | 000,016,768 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2005/10/26 10:18:20 | 000,008,704 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/10/04 08:28:38 | 000,043,392 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.co...ome/thinkcentre [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://catalogue1.ch...me/Default.aspx
IE - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rms}&FORM=LENIE
IE - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2013-08-26 09:42:06&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/23 15:52:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/03 10:52:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012/06/29 07:37:50 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/10/13 12:51:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Seagull Drivers] C:\WINDOWS\ssdal_nc.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\S-1-5-21-2309195978-1724402022-2627459343-1255\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = northamericanlumber.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1BA58C9-9EE6-49A0-B28A-557329A34550}: NameServer = 192.168.0.12
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-res {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files\Common Files\Intuit\intu-res.dll ()
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Swoosh 1024_768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Swoosh 1024_768.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 17:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (/sync)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/08/27 12:21:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jtracey\Desktop\OTL.exe
[2013/08/26 09:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jtracey\Application Data\AVG2013
[2013/08/26 09:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jtracey\Local Settings\Application Data\AVG Secure Search
[2013/08/26 09:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jtracey\Application Data\TuneUp Software
[2013/08/26 09:42:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/08/26 09:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jtracey\Application Data\AVG Secure Search
[2013/08/26 09:42:05 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/08/26 09:42:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/08/26 09:42:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2013/08/26 09:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2013/08/26 09:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/08/26 09:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jtracey\Local Settings\Application Data\MFAData
[2013/08/26 09:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jtracey\Local Settings\Application Data\Avg2013
[2013/08/20 18:33:43 | 017,139,080 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/27 13:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/27 13:27:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2733357402-314577972-2489089845-500.job
[2013/08/27 09:15:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jtracey\Desktop\OTL.exe
[2013/08/27 07:52:55 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/27 07:52:54 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2309195978-1724402022-2627459343-1255.job
[2013/08/27 07:52:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2309195978-1724402022-2627459343-3137.job
[2013/08/27 07:52:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2309195978-1724402022-2627459343-1302.job
[2013/08/27 07:52:53 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2309195978-1724402022-2627459343-1254.job
[2013/08/27 07:52:52 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2733357402-314577972-2489089845-1012.job
[2013/08/27 07:52:52 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2733357402-314577972-2489089845-500.job
[2013/08/27 07:52:52 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2309195978-1724402022-2627459343-500.job
[2013/08/27 07:48:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/27 07:45:45 | 000,001,770 | -H-- | M] () -- C:\Documents and Settings\jtracey\My Documents\Default.rdp
[2013/08/26 14:57:36 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2309195978-1724402022-2627459343-1255.job
[2013/08/26 14:56:44 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/08/26 09:42:15 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/08/26 09:41:57 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/08/26 09:02:04 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2309195978-1724402022-2627459343-3137.job
[2013/08/25 23:00:08 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013/08/23 17:19:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2309195978-1724402022-2627459343-1302.job
[2013/08/22 17:24:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2309195978-1724402022-2627459343-500.job
[2013/08/22 15:09:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2309195978-1724402022-2627459343-1254.job
[2013/08/21 17:00:00 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2733357402-314577972-2489089845-1012.job
[2013/08/20 18:33:46 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/20 18:33:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/20 18:33:43 | 017,139,080 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/08/15 03:03:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/15 03:02:18 | 000,444,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/15 03:02:18 | 000,072,598 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/26 14:56:44 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/08/26 09:42:15 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012/02/14 17:02:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/13 12:29:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/13 12:29:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/13 12:29:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/13 12:29:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/13 12:29:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/12 15:04:13 | 000,111,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011/10/12 10:00:58 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\jtracey\Local Settings\Application Data\housecall.guid.cache
[2011/04/18 14:29:12 | 000,001,330 | RHS- | C] () -- C:\Documents and Settings\jtracey\ntuser.pol
[2009/08/24 16:05:53 | 000,000,325 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\PrimoPDFSet.xml
[2009/07/23 14:45:16 | 000,008,442 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2008/07/21 17:06:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[2011/10/13 10:52:56 | 000,028,160 | -HS- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DesktopPwrMgr
[2011/04/13 10:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ISIS Drivers
[2011/03/14 14:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.NAL\Application Data\DesktopPwrMgr
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.NAL\Application Data\Lenovo
[2013/08/26 09:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2013/08/26 09:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2013/08/26 09:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/03/14 15:49:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/18 14:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ISIS DRIVERS
[2011/04/13 09:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kofax
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2013/08/27 08:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/07/06 21:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/07/06 21:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/04/14 15:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/07/06 20:59:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\DesktopPwrMgr
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dpeebles\Application Data\DesktopPwrMgr
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dpeebles\Application Data\Lenovo
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jo-Anne\Application Data\DesktopPwrMgr
[2011/04/14 15:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jo-Anne\Application Data\ISIS Drivers
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jo-Anne\Application Data\Lenovo
[2011/04/14 15:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jo-Anne\Application Data\ScanSoft
[2013/08/26 09:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jtracey\Application Data\AVG Secure Search
[2013/08/26 09:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jtracey\Application Data\AVG2013
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jtracey\Application Data\DesktopPwrMgr
[2011/04/18 14:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jtracey\Application Data\ISIS Drivers
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jtracey\Application Data\Lenovo
[2011/04/18 14:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jtracey\Application Data\ScanSoft
[2013/08/26 09:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jtracey\Application Data\TuneUp Software
[2011/05/02 12:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TightVNC
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mkennedy\Application Data\DesktopPwrMgr
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mkennedy\Application Data\Lenovo
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\movie\Application Data\DesktopPwrMgr
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\movie\Application Data\Lenovo
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msimpson\Application Data\DesktopPwrMgr
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msimpson\Application Data\Lenovo
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msimpson.NAL\Application Data\DesktopPwrMgr
[2010/05/14 11:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msimpson.NAL\Application Data\InterVideo
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msimpson.NAL\Application Data\Lenovo
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtracey\Application Data\DesktopPwrMgr
[2011/07/09 16:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtracey\Application Data\ISIS Drivers
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtracey\Application Data\Lenovo
[2011/07/09 16:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mtracey\Application Data\ScanSoft
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pcollins\Application Data\DesktopPwrMgr
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pcollins\Application Data\Lenovo
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Red Lake Users\Application Data\DesktopPwrMgr
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Red Lake Users\Application Data\Lenovo
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\redlcash\Application Data\DesktopPwrMgr
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\redlcash\Application Data\Lenovo
[2009/07/06 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnarvanen\Application Data\DesktopPwrMgr
[2009/07/06 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tnarvanen\Application Data\Lenovo

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 07:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 07:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 07:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 07:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 07:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 07:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 07:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 07:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 07:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 07:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 07:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 07:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 07:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 07:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 07:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 07:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 07:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 07:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 07:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 07:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 07:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 07:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 07:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 07:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 07:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 07:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 07:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 07:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\RRbackups\FR\UF\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SERVICES >
[2008/04/14 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2008/04/14 07:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\I386\SERVICES._

< MD5 for: SERVICES.DAT >
[2011/02/02 12:54:02 | 000,010,240 | ---- | M] () MD5=10977B58A5310C909BE1F1C2F84DE923 -- C:\Documents and Settings\msimpson.NAL\Application Data\Adobe\Acrobat\10.0\Security\services.dat

< MD5 for: SERVICES.DLL >
[2008/05/05 01:17:44 | 000,020,480 | ---- | M] ( ) MD5=17AD4A8A51AECE2EC20D8CF7994BC9F4 -- C:\Program Files\Common Files\Lenovo\InvAgent\local\collect\services.dll

< MD5 for: SERVICES.EX_ >
[2008/04/14 07:00:00 | 000,049,959 | ---- | M] () MD5=EE4885163C0C0729A3C5F1416A6E5F48 -- C:\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 07:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\RRbackups\FR\UF\WINDOWS\system32\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2009/07/28 16:07:10 | 000,001,609 | ---- | M] () MD5=64AE1CB18940461D6360DCA40AE06CC4 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2008/04/14 07:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2008/04/14 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.PNG >
[2008/12/11 23:43:40 | 000,000,875 | ---- | M] () MD5=3382D191625A7528ED791FEDCCE3F212 -- C:\Program Files\PCDR5\Images\icons\png\16_16\services.png
[2008/12/11 23:44:14 | 000,000,875 | ---- | M] () MD5=3382D191625A7528ED791FEDCCE3F212 -- C:\Program Files\PCDR5\Images\img16_16\services.png
[2008/12/11 23:43:40 | 000,002,244 | ---- | M] () MD5=8C5F2C34A5FB317B868565F9451BF74C -- C:\Program Files\PCDR5\Images\icons\png\32_32\services.png
[2008/12/11 23:44:16 | 000,002,244 | ---- | M] () MD5=8C5F2C34A5FB317B868565F9451BF74C -- C:\Program Files\PCDR5\Images\img32_32\services.png
[2008/12/11 23:43:42 | 000,007,755 | ---- | M] () MD5=98D241D1B7DCC26BBE1296776BB23918 -- C:\Program Files\PCDR5\Images\icons\png\72_72\services.png
[2008/12/11 23:43:42 | 000,006,479 | ---- | M] () MD5=AFCA60ED198BE9309943722FE8758392 -- C:\Program Files\PCDR5\Images\icons\png\64_64\services.png
[2008/12/11 23:44:18 | 000,006,479 | ---- | M] () MD5=AFCA60ED198BE9309943722FE8758392 -- C:\Program Files\PCDR5\Images\img64_64\services.png
[2008/12/11 23:43:44 | 000,053,947 | ---- | M] () MD5=DB3B429B0E296B76F0A9F506055AEF7E -- C:\Program Files\PCDR5\Images\icons\png\256_256\services.png
[2008/12/11 23:43:42 | 000,004,193 | ---- | M] () MD5=E1C3A20056206C394E65B37CE1D43851 -- C:\Program Files\PCDR5\Images\icons\png\48_48\services.png
[2008/12/11 23:44:18 | 000,004,193 | ---- | M] () MD5=E1C3A20056206C394E65B37CE1D43851 -- C:\Program Files\PCDR5\Images\img48_48\services.png
[2008/12/11 23:43:40 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\PCDR5\Images\icons\png\24_24\services.png
[2008/12/11 23:44:14 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\PCDR5\Images\img24_24\services.png

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\RRbackups\FR\UF\WINDOWS\system32\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\RRbackups\FR\UF\WINDOWS\system32\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\RRbackups\FR\UF\WINDOWS\system32\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DL_ >
[2008/04/14 07:00:00 | 000,001,516 | ---- | M] () MD5=DBE00AC2D306E49623D471A292EF25DC -- C:\I386\WINSOCK.DL_

< MD5 for: WINSOCK.DLL >
[2008/04/14 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Preload
Volume Serial Number is 9265-E9BD
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
08/15/2013 03:01 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
08/15/2013 03:01 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 101,764,456,448 bytes free

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST3160815AS
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable media other than\tfloppy
Interface type: USB
Media Type: Removable media other than\tfloppy
Model: Kingston DT 101 G2 USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 146.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 156231532544
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 7.00GB
Starting Offset: 4128768
Hidden sectors: 0


< End of report >

Extras

OTL Extras logfile created on: 8/27/2013 1:49:19 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jtracey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

876.04 Mb Total Physical Memory | 455.74 Mb Available Physical Memory | 52.02% Memory free
2.07 Gb Paging File | 1.60 Gb Available in Paging File | 77.47% Paging File free
Paging file location(s): C:\pagefile.sys 1308 2616 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.50 Gb Total Space | 94.81 Gb Free Space | 65.16% Space Free | Partition Type: NTFS
Drive E: | 7.26 Gb Total Space | 7.16 Gb Free Space | 98.64% Space Free | Partition Type: FAT32

Computer Name: NAL006A | User Name: jtracey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6160:TCP" = 6160:TCP:*:Enabled:Seagull Driver Networking
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Documents and Settings\pcollins\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\pcollins\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Documents and Settings\pcollins\Local Settings\Application Data\CrossLoop\tvnserver.exe" = C:\Documents and Settings\pcollins\Local Settings\Application Data\CrossLoop\tvnserver.exe:*:Enabled:tvnserver.exe -- (GlavSoft LLC.)
"C:\Documents and Settings\pcollins\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe" = C:\Documents and Settings\pcollins\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing -- (CrossLoop)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Real\RealUpgrade\realupgrade.exe" = C:\Program Files\Real\RealUpgrade\realupgrade.exe:*:Disabled:RealUpgrade Launcher -- (RealNetworks, Inc.)
"C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe" = C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe:*:Disabled:Adobe Updater -- (Adobe Systems Incorporated)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\jtracey\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe" = C:\Documents and Settings\jtracey\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe:*:Enabled:WeatherEye
"C:\Documents and Settings\jtracey\Local Settings\Temp\RarSFX0\2343945.exe" = C:\Documents and Settings\jtracey\Local Settings\Temp\RarSFX0\2343945.exe:*:Enabled:2343945
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Java\Java Update\jucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jucheck.exe:*:Enabled:Java™ Update Checker -- (Sun Microsystems, Inc.)
"C:\Program Files\Real\RealUpgrade\realupgrade.exe" = C:\Program Files\Real\RealUpgrade\realupgrade.exe:*:Enabled:RealUpgrade Launcher -- (RealNetworks, Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\WINDOWS\system32\WgaTray.exe" = C:\WINDOWS\system32\WgaTray.exe:*:Disabled:Windows Genuine Advantage Notifications -- (Microsoft Corporation)
"C:\Program Files\Common Files\Java\Java Update\jaucheck.exe" = C:\Program Files\Common Files\Java\Java Update\jaucheck.exe:*:Disabled:Java™ Update Client Checker -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\jtracey\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe" = C:\Documents and Settings\jtracey\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe:*:Disabled:WeatherEye
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{5FF27D65-35E5-4855-B7ED-59BCFBC85776}" = AVG 2013
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6A35E74B-68AD-4054-B93A-FEB7B687114C}" = Kofax VirtualReScan 4.10
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{87C34154-DC92-4712-AEAC-A5B31401C74B}" = HP Scanjet N8400 series Utilities
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94DF3F23-B26F-42EF-8BC5-55EFE3F02D8F}" = Winbond TPM Device Driver
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AE840050-8473-4B45-A4CE-09E83CEB1186}" = Kofax VRS Update 2 for 4.10
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B9F203CB-F9CC-4472-989F-A480791B3402}" = HP Smart Document Scan Software
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBB226E-2289-4D29-8E5C-1331E7D71ED9}" = AVG 2013
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5E1BC1D-5955-44D2-A5F2-6BFCA659DDA1}" = Kofax TWAIN Data Source
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E845BEA5-82BE-4669-B367-747CBF6A7A80}" = Kofax VRS Update for HP OEM
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2013
"CrossLoop_is1" = CrossLoop 2.74
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Scanjet N8400 Document ISIS/TWAIN" = HP Scanjet N8400 Document ISIS/TWAIN
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor for Windows" = Lenovo System Toolbox
"PROSet" = Intel® Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2309195978-1724402022-2627459343-1255\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/26/2013 6:14:46 PM | Computer Name = NAL006A | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/27/2013 2:01:17 AM | Computer Name = NAL006A | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 8/27/2013 4:00:50 AM | Computer Name = NAL006A | Source = MsiInstaller | ID = 11321
Description = Product: Microsoft .NET Framework 1.1 -- Error 1321.The Installer
has insufficient privileges to modify this file: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe.

Error - 8/27/2013 4:00:51 AM | Computer Name = NAL006A | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error - 8/27/2013 4:00:52 AM | Computer Name = NAL006A | Source = NativeWrapper | ID = 5000
Description =

Error - 8/27/2013 8:28:59 AM | Computer Name = NAL006A | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 8/27/2013 8:46:58 AM | Computer Name = NAL006A | Source = MsiInstaller | ID = 11321
Description = Product: Microsoft .NET Framework 1.1 -- Error 1321.The Installer
has insufficient privileges to modify this file: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe.

Error - 8/27/2013 8:47:00 AM | Computer Name = NAL006A | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error - 8/27/2013 8:47:00 AM | Computer Name = NAL006A | Source = NativeWrapper | ID = 5000
Description =

Error - 8/27/2013 8:49:24 AM | Computer Name = NAL006A | Source = UserInit | ID = 1000
Description = Could not execute the following script installNableAgent.bat. The
system cannot find the file specified. .

[ System Events ]
Error - 8/26/2013 4:15:37 PM | Computer Name = NAL006A | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 8/26/2013 6:01:09 PM | Computer Name = NAL006A | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain NAL due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/26/2013 6:02:33 PM | Computer Name = NAL006A | Source = Service Control Manager | ID = 7000
Description = The Microsoft .NET Framework v1.1.4322 Update service failed to start
due to the following error: %%5

Error - 8/26/2013 6:02:33 PM | Computer Name = NAL006A | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 8/27/2013 12:05:21 AM | Computer Name = NAL006A | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain NAL due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/27/2013 4:01:11 AM | Computer Name = NAL006A | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error - 8/27/2013 8:28:56 AM | Computer Name = NAL006A | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain NAL due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 8/27/2013 8:47:01 AM | Computer Name = NAL006A | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error - 8/27/2013 8:50:15 AM | Computer Name = NAL006A | Source = Service Control Manager | ID = 7000
Description = The Microsoft .NET Framework v1.1.4322 Update service failed to start
due to the following error: %%5

Error - 8/27/2013 8:50:15 AM | Computer Name = NAL006A | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3


< End of report >


aswMBR

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-27 15:21:31
-----------------------------
15:21:31.593 OS Version: Windows 5.1.2600 Service Pack 3
15:21:31.593 Number of processors: 2 586 0x1706
15:21:31.593 ComputerName: NAL006A UserName: jtracey
15:21:33.718 Initialize success
15:34:20.224 AVAST engine defs: 13082701
15:35:26.333 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:35:26.395 Disk 0 Vendor: ST316081 4.CC Size: 152627MB BusType: 3
15:35:26.895 Disk 0 MBR read successfully
15:35:26.911 Disk 0 MBR scan
15:35:27.770 Disk 0 unknown MBR code
15:35:27.786 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 148993 MB offset 2048
15:35:28.926 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 3632 MB offset 305139712
15:35:29.239 Disk 0 scanning sectors +312578048
15:35:29.817 Disk 0 scanning C:\WINDOWS\system32\drivers
15:35:49.989 File: C:\WINDOWS\system32\drivers\serial.sys **INFECTED** Win32:Zeroot-B [Rtk]
15:36:03.801 Scan finished successfully
15:37:24.675 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jtracey\Desktop\MBR.dat"
15:37:24.690 The log file has been saved successfully to "C:\Documents and Settings\jtracey\Desktop\aswMBR.txt"



RKreport.txt log

RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : jtracey [Admin rights]
Mode : Scan -- Date : 08/27/2013 15:43:24
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160815AS +++++
--- User ---
[MBR] c4451a437fb987a4d7bd922feb58ebb2
[BSP] 93097fa21656e2538bcefc906b8007f2 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 148993 Mo
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 305139712 | Size: 3632 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3160815AS +++++
--- User ---
[MBR] 0c2864bbd260c505750bd4cfae6dd666
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7437 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08272013_154324.txt >>


AdwCleaner[RO].txt log

# AdwCleaner v3.001 - Report created 28/08/2013 at 08:06:03
# Updated 24/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : jtracey - NAL006A
# Running from : C:\Documents and Settings\jtracey\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc
Service Found : WebCakeUpdater

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\jtracey\Desktop\Optimizer Pro.lnk
Folder Found C:\DOCUME~1\msimpson.NAL\LOCALS~1\Temp\OpenCandy
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found C:\Documents and Settings\All Users\Start Menu\Programs\optimizer pro
Folder Found C:\Documents and Settings\dpeebles\IECompatCache
Folder Found C:\Documents and Settings\jtracey\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\jtracey\Application Data\optimizer pro
Folder Found C:\Documents and Settings\jtracey\Application Data\PriceGong
Folder Found C:\Documents and Settings\jtracey\Application Data\SearchProtect
Folder Found C:\Documents and Settings\jtracey\Application Data\Tepfel
Folder Found C:\Documents and Settings\jtracey\Local Settings\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\jtracey\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\jtracey\Local Settings\Application Data\KeyBar_1.8
Folder Found C:\Documents and Settings\mtracey\IECompatCache
Folder Found C:\Documents and Settings\redlcash\IECompatCache
Folder Found C:\Program Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\KeyBar_1.8
Folder Found C:\Program Files\optimizer pro
Folder Found C:\Program Files\PricePeep
Folder Found C:\Program Files\SearchProtect
Folder Found C:\Program Files\Tepfel

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\PricePeep
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\KeyBar_1.8
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D92C7A32-CAAC-46AD-8E48-E522E637F5F0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D92C7A32-CAAC-46AD-8E48-E522E637F5F0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Found : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\WebCakeIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Key Found : HKLM\Software\KeyBar_1.8
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{460E3041-AF15-45FF-9027-CC4508B0E007}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{917101F1-E1E6-4204-B144-E446480D9368}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ED31F84-C8B3-4926-B950-DFF74047FF79}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D92C7A32-CAAC-46AD-8E48-E522E637F5F0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.8 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9ED31F84-C8B3-4926-B950-DFF74047FF79}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3304783&octid=CT3304783&SearchSource=61&CUI=UN97200395718784369&UM=2&UP=SP43B3E5D8-1599-4093-9028-91F23D832BAF

*************************

AdwCleaner[R0].txt - [11483 octets] - [28/08/2013 08:06:03]

########## EOF - H:\AdwCleaner\AdwCleaner[R0].txt - [11544 octets] ###
  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Posted Image TDSSKiller

Please read carefully and follow these steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Double click the TDSSKiller.exe file to run the application

    Posted Image
  • Then click on Change parameters. A settings page will open.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The TDSSKiller log
  • 0

#9
mej_jeff

mej_jeff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the log file

11:17:39.0747 4584 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:17:40.0185 4584 ============================================================
11:17:40.0185 4584 Current date / time: 2013/08/28 11:17:40.0185
11:17:40.0185 4584 SystemInfo:
11:17:40.0185 4584
11:17:40.0185 4584 OS Version: 5.1.2600 ServicePack: 3.0
11:17:40.0185 4584 Product type: Workstation
11:17:40.0185 4584 ComputerName: NAL006A
11:17:40.0185 4584 UserName: jtracey
11:17:40.0185 4584 Windows directory: C:\WINDOWS
11:17:40.0185 4584 System windows directory: C:\WINDOWS
11:17:40.0185 4584 Processor architecture: Intel x86
11:17:40.0185 4584 Number of processors: 2
11:17:40.0185 4584 Page size: 0x1000
11:17:40.0185 4584 Boot type: Normal boot
11:17:40.0185 4584 ============================================================
11:17:42.0044 4584 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:17:42.0044 4584 Drive \Device\Harddisk1\DR3 - Size: 0x1D11B0000 (7.27 Gb), SectorSize: 0x200, Cylinders: 0x3B4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:17:42.0044 4584 ============================================================
11:17:42.0044 4584 \Device\Harddisk0\DR0:
11:17:42.0060 4584 MBR partitions:
11:17:42.0060 4584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12300800
11:17:42.0060 4584 \Device\Harddisk1\DR3:
11:17:42.0060 4584 MBR partitions:
11:17:42.0060 4584 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xE86E00
11:17:42.0060 4584 ============================================================
11:17:42.0106 4584 C: <-> \Device\Harddisk0\DR0\Partition1
11:17:42.0106 4584 ============================================================
11:17:42.0106 4584 Initialize success
11:17:42.0106 4584 ============================================================
11:20:45.0980 3776 ============================================================
11:20:45.0980 3776 Scan started
11:20:45.0980 3776 Mode: Manual; SigCheck; TDLFS;
11:20:45.0980 3776 ============================================================
11:20:46.0340 3776 ================ Scan system memory ========================
11:20:46.0355 3776 System memory - ok
11:20:46.0355 3776 ================ Scan services =============================
11:20:46.0527 3776 [ F2E8282F2D462DACA1ED8F1D8F94C21C ] A5AGU C:\WINDOWS\system32\DRIVERS\A5AGU.sys
11:20:47.0058 3776 A5AGU ( UnsignedFile.Multi.Generic ) - warning
11:20:47.0058 3776 A5AGU - detected UnsignedFile.Multi.Generic (1)
11:20:47.0074 3776 Abiosdsk - ok
11:20:47.0121 3776 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:20:49.0433 3776 abp480n5 - ok
11:20:49.0496 3776 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:20:49.0808 3776 ACPI - ok
11:20:49.0808 3776 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:20:49.0902 3776 ACPIEC - ok
11:20:50.0043 3776 [ A8E17F209DC9105254A096EDDE533B56 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:20:50.0355 3776 ADIHdAudAddService - ok
11:20:50.0699 3776 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:20:50.0793 3776 AdobeFlashPlayerUpdateSvc - ok
11:20:50.0886 3776 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:20:51.0183 3776 adpu160m - ok
11:20:51.0230 3776 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
11:20:51.0308 3776 AEAudio - ok
11:20:51.0371 3776 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:20:51.0465 3776 aec - ok
11:20:51.0496 3776 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:20:51.0590 3776 AFD - ok
11:20:51.0621 3776 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:20:51.0715 3776 agp440 - ok
11:20:51.0730 3776 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:20:51.0824 3776 agpCPQ - ok
11:20:51.0840 3776 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:20:51.0886 3776 Aha154x - ok
11:20:51.0886 3776 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:20:51.0965 3776 aic78u2 - ok
11:20:51.0980 3776 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:20:52.0058 3776 aic78xx - ok
11:20:52.0074 3776 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:20:52.0152 3776 Alerter - ok
11:20:52.0168 3776 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:20:52.0215 3776 ALG - ok
11:20:52.0246 3776 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
11:20:52.0324 3776 AliIde - ok
11:20:52.0340 3776 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:20:52.0433 3776 alim1541 - ok
11:20:52.0433 3776 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:20:52.0511 3776 amdagp - ok
11:20:52.0543 3776 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
11:20:52.0590 3776 amsint - ok
11:20:52.0636 3776 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:20:52.0683 3776 AppMgmt - ok
11:20:52.0699 3776 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:20:52.0793 3776 Arp1394 - ok
11:20:52.0824 3776 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
11:20:52.0918 3776 asc - ok
11:20:52.0949 3776 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:20:52.0996 3776 asc3350p - ok
11:20:52.0996 3776 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:20:53.0074 3776 asc3550 - ok
11:20:53.0215 3776 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:20:53.0261 3776 aspnet_state - ok
11:20:53.0293 3776 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:20:53.0386 3776 AsyncMac - ok
11:20:53.0402 3776 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:20:53.0480 3776 atapi - ok
11:20:53.0496 3776 Atdisk - ok
11:20:53.0527 3776 [ 629ECFAC73E13C3832EE56419BF7CDCA ] ATHFMWDL C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
11:20:53.0558 3776 ATHFMWDL ( UnsignedFile.Multi.Generic ) - warning
11:20:53.0558 3776 ATHFMWDL - detected UnsignedFile.Multi.Generic (1)
11:20:53.0558 3776 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:20:53.0636 3776 Atmarpc - ok
11:20:53.0683 3776 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:20:53.0777 3776 AudioSrv - ok
11:20:53.0824 3776 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:20:53.0902 3776 audstub - ok
11:20:54.0808 3776 [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
11:20:55.0933 3776 AVGIDSAgent - ok
11:20:55.0996 3776 [ 4D7E34E36E586EA26F171A258341BD80 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
11:20:56.0043 3776 AVGIDSDriver - ok
11:20:56.0074 3776 [ 7C8E88549BCDAAC965B1B724C175F7A9 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
11:20:56.0090 3776 AVGIDSHX - ok
11:20:56.0136 3776 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
11:20:56.0152 3776 AVGIDSShim - ok
11:20:56.0199 3776 [ 2018C4E9A40B122408763A5635CF14D9 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:20:56.0215 3776 Avgldx86 - ok
11:20:56.0246 3776 [ E2B9CF2CF787C6978E7CC898E9684E48 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
11:20:56.0261 3776 Avglogx - ok
11:20:56.0277 3776 [ 3F59750A3AA55C46663801E7C2FD1E2B ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:20:56.0293 3776 Avgmfx86 - ok
11:20:56.0324 3776 [ EDDE28E993496EE1DC3F0937DFF7BF28 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:20:56.0340 3776 Avgrkx86 - ok
11:20:56.0371 3776 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:20:56.0386 3776 Avgtdix - ok
11:20:56.0418 3776 [ BB83BDE5C9EB8A1B932D4A8374758EF8 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
11:20:56.0433 3776 avgtp - ok
11:20:56.0511 3776 [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
11:20:56.0558 3776 avgwd - ok
11:20:56.0605 3776 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:20:56.0699 3776 Beep - ok
11:20:56.0746 3776 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:20:56.0886 3776 BITS - ok
11:20:56.0949 3776 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:20:57.0152 3776 Browser - ok
11:20:57.0183 3776 catchme - ok
11:20:57.0246 3776 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:20:57.0386 3776 cbidf - ok
11:20:57.0402 3776 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:20:57.0480 3776 cbidf2k - ok
11:20:57.0496 3776 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:20:57.0574 3776 cd20xrnt - ok
11:20:57.0621 3776 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:20:57.0715 3776 Cdaudio - ok
11:20:57.0761 3776 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:20:57.0840 3776 Cdfs - ok
11:20:57.0871 3776 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:20:57.0980 3776 Cdrom - ok
11:20:57.0980 3776 Changer - ok
11:20:57.0996 3776 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:20:58.0074 3776 CiSvc - ok
11:20:58.0105 3776 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:20:58.0183 3776 ClipSrv - ok
11:20:58.0230 3776 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:20:58.0308 3776 clr_optimization_v2.0.50727_32 - ok
11:20:58.0402 3776 [ 2B9A15DFDC14B4ECB1E8FC13AE43E60F ] CltMngSvc C:\Program Files\SearchProtect\bin\CltMngSvc.exe
11:20:58.0418 3776 CltMngSvc - ok
11:20:58.0465 3776 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:20:58.0605 3776 CmBatt - ok
11:20:58.0652 3776 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:20:58.0746 3776 CmdIde - ok
11:20:58.0777 3776 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:20:58.0871 3776 Compbatt - ok
11:20:58.0871 3776 COMSysApp - ok
11:20:58.0902 3776 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:20:58.0996 3776 Cpqarray - ok
11:20:59.0043 3776 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:20:59.0121 3776 CryptSvc - ok
11:20:59.0168 3776 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:20:59.0261 3776 dac2w2k - ok
11:20:59.0261 3776 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:20:59.0340 3776 dac960nt - ok
11:20:59.0402 3776 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:20:59.0433 3776 DcomLaunch - ok
11:20:59.0496 3776 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:20:59.0590 3776 Dhcp - ok
11:20:59.0636 3776 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:20:59.0730 3776 Disk - ok
11:20:59.0777 3776 [ 5B149CCFE275F4DE0B4B8EC6B9F6821E ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS
11:20:59.0793 3776 DLABMFSM - ok
11:20:59.0808 3776 [ AD4CB3D783634C90A9D0CE360933A63C ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:20:59.0808 3776 DLABOIOM - ok
11:20:59.0824 3776 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:20:59.0824 3776 DLACDBHM - ok
11:20:59.0840 3776 [ 93D03238CC3F0EE3C0B3985D110EC575 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS
11:20:59.0855 3776 DLADResM - ok
11:20:59.0871 3776 [ 6A82F77C4A6F5235BF352F0028E2EF52 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:20:59.0886 3776 DLAIFS_M - ok
11:20:59.0886 3776 [ 0E6052C0ADA37504896A847231A3907D ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:20:59.0902 3776 DLAOPIOM - ok
11:20:59.0918 3776 [ 29670BB4E2B973C5B55A76107D4910B2 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:20:59.0933 3776 DLAPoolM - ok
11:20:59.0933 3776 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
11:20:59.0949 3776 DLARTL_M - ok
11:20:59.0949 3776 [ 6B087732B86C1D866D69DBBE463EA90A ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:20:59.0965 3776 DLAUDFAM - ok
11:20:59.0980 3776 [ BBEECB95F2841AE4A3E3690D46D7153D ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:20:59.0996 3776 DLAUDF_M - ok
11:20:59.0996 3776 dmadmin - ok
11:21:00.0043 3776 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:21:00.0199 3776 dmboot - ok
11:21:00.0199 3776 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:21:00.0324 3776 dmio - ok
11:21:00.0355 3776 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:21:00.0465 3776 dmload - ok
11:21:00.0496 3776 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:21:00.0590 3776 dmserver - ok
11:21:00.0621 3776 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:21:00.0715 3776 DMusic - ok
11:21:00.0761 3776 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:21:00.0840 3776 Dnscache - ok
11:21:00.0886 3776 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:21:00.0996 3776 Dot3svc - ok
11:21:01.0027 3776 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:21:01.0105 3776 dpti2o - ok
11:21:01.0168 3776 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:21:01.0246 3776 drmkaud - ok
11:21:01.0293 3776 [ 83106585494D5EB96F59187200C144BD ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:21:01.0308 3776 DRVMCDB - ok
11:21:01.0308 3776 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:21:01.0324 3776 DRVNDDM - ok
11:21:01.0371 3776 [ 4CAE156AE69B3B9FA4F610225FD3F415 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
11:21:01.0386 3776 e1kexpress - ok
11:21:01.0418 3776 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:21:01.0496 3776 EapHost - ok
11:21:01.0527 3776 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:21:01.0621 3776 ERSvc - ok
11:21:01.0683 3776 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:21:01.0699 3776 Eventlog - ok
11:21:01.0746 3776 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:21:01.0777 3776 EventSystem - ok
11:21:01.0839 3776 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:21:01.0918 3776 Fastfat - ok
11:21:01.0964 3776 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:21:02.0027 3776 FastUserSwitchingCompatibility - ok
11:21:02.0074 3776 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:21:02.0183 3776 Fdc - ok
11:21:02.0199 3776 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:21:02.0277 3776 Fips - ok
11:21:02.0324 3776 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:21:02.0402 3776 Flpydisk - ok
11:21:02.0418 3776 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:21:02.0511 3776 FltMgr - ok
11:21:02.0589 3776 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:21:02.0605 3776 FontCache3.0.0.0 - ok
11:21:02.0652 3776 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:21:02.0730 3776 Fs_Rec - ok
11:21:02.0761 3776 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:21:02.0839 3776 Ftdisk - ok
11:21:02.0902 3776 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:21:02.0996 3776 Gpc - ok
11:21:03.0011 3776 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:21:03.0105 3776 HDAudBus - ok
11:21:03.0152 3776 [ E4A123AD734A3731D29EBD3A01B3E535 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
11:21:03.0214 3776 HECI - ok
11:21:03.0308 3776 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:21:03.0402 3776 helpsvc - ok
11:21:03.0464 3776 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:21:03.0558 3776 HidServ - ok
11:21:03.0558 3776 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:21:03.0668 3776 HidUsb - ok
11:21:03.0683 3776 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:21:03.0761 3776 hkmsvc - ok
11:21:03.0808 3776 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
11:21:03.0886 3776 hpn - ok
11:21:03.0933 3776 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:21:03.0980 3776 HTTP - ok
11:21:04.0027 3776 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:21:04.0105 3776 HTTPFilter - ok
11:21:04.0168 3776 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
11:21:04.0246 3776 i2omgmt - ok
11:21:04.0261 3776 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:21:04.0371 3776 i2omp - ok
11:21:04.0371 3776 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:21:04.0464 3776 i8042prt - ok
11:21:04.0699 3776 [ F339B2E3A3F63CC14077D614A56A967B ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:21:05.0058 3776 ialm - ok
11:21:05.0105 3776 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:21:05.0121 3776 iaStor - ok
11:21:05.0230 3776 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:21:05.0277 3776 idsvc - ok
11:21:05.0339 3776 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:21:05.0464 3776 Imapi - ok
11:21:05.0511 3776 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:21:05.0605 3776 ImapiService - ok
11:21:05.0652 3776 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:21:05.0761 3776 ini910u - ok
11:21:05.0761 3776 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:21:05.0871 3776 IntelIde - ok
11:21:05.0886 3776 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:21:05.0980 3776 intelppm - ok
11:21:05.0980 3776 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:21:06.0058 3776 Ip6Fw - ok
11:21:06.0089 3776 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:21:06.0183 3776 IpFilterDriver - ok
11:21:06.0214 3776 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:21:06.0293 3776 IpInIp - ok
11:21:06.0324 3776 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:21:06.0402 3776 IpNat - ok
11:21:06.0433 3776 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:21:06.0511 3776 IPSec - ok
11:21:06.0527 3776 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:21:06.0605 3776 IRENUM - ok
11:21:06.0652 3776 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:21:06.0730 3776 isapnp - ok
11:21:06.0886 3776 [ DE5D05FD449798EF88CC34AD4B1E7F85 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:21:06.0918 3776 JavaQuickStarterService - ok
11:21:06.0949 3776 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:21:07.0027 3776 Kbdclass - ok
11:21:07.0089 3776 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:21:07.0168 3776 kbdhid - ok
11:21:07.0183 3776 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:21:07.0261 3776 kmixer - ok
11:21:07.0324 3776 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:21:07.0418 3776 KSecDD - ok
11:21:07.0449 3776 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:21:07.0527 3776 LanmanServer - ok
11:21:07.0589 3776 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:21:07.0621 3776 lanmanworkstation - ok
11:21:07.0636 3776 lbrtfdc - ok
11:21:07.0668 3776 [ 83CB0CEE3518D12EFF8064B4D72EB4BC ] LCILD C:\WINDOWS\system32\DRIVERS\LCILD.sys
11:21:07.0714 3776 LCILD - ok
11:21:07.0746 3776 [ 2DBA93208D324E6A670827FB222CA4A5 ] lcildfil C:\WINDOWS\system32\DRIVERS\lcildfil.sys
11:21:07.0777 3776 lcildfil - ok
11:21:07.0824 3776 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:21:07.0918 3776 LmHosts - ok
11:21:07.0933 3776 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
11:21:07.0949 3776 mbamchameleon - ok
11:21:07.0964 3776 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
11:21:07.0980 3776 MBAMProtector - ok
11:21:08.0043 3776 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:21:08.0074 3776 MBAMService - ok
11:21:08.0105 3776 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:21:08.0261 3776 Messenger - ok
11:21:08.0308 3776 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:21:08.0402 3776 mnmdd - ok
11:21:08.0449 3776 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:21:08.0527 3776 mnmsrvc - ok
11:21:08.0574 3776 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:21:08.0652 3776 Modem - ok
11:21:08.0699 3776 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:21:08.0777 3776 Mouclass - ok
11:21:08.0777 3776 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:21:08.0871 3776 mouhid - ok
11:21:08.0886 3776 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:21:08.0980 3776 MountMgr - ok
11:21:08.0996 3776 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:21:09.0074 3776 mraid35x - ok
11:21:09.0089 3776 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:21:09.0183 3776 MRxDAV - ok
11:21:09.0246 3776 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:21:09.0308 3776 MRxSmb - ok
11:21:09.0339 3776 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:21:09.0418 3776 MSDTC - ok
11:21:09.0433 3776 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:21:09.0527 3776 Msfs - ok
11:21:09.0527 3776 MSIServer - ok
11:21:09.0543 3776 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:21:09.0636 3776 MSKSSRV - ok
11:21:09.0668 3776 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:21:09.0746 3776 MSPCLOCK - ok
11:21:09.0777 3776 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:21:09.0855 3776 MSPQM - ok
11:21:09.0902 3776 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:21:09.0980 3776 mssmbios - ok
11:21:10.0043 3776 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:21:10.0074 3776 Mup - ok
11:21:10.0105 3776 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:21:10.0246 3776 napagent - ok
11:21:10.0293 3776 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:21:10.0418 3776 NDIS - ok
11:21:10.0480 3776 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:21:10.0527 3776 NdisTapi - ok
11:21:10.0543 3776 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:21:10.0636 3776 Ndisuio - ok
11:21:10.0668 3776 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:21:10.0746 3776 NdisWan - ok
11:21:10.0793 3776 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:21:10.0808 3776 NDProxy - ok
11:21:10.0871 3776 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:21:10.0949 3776 NetBIOS - ok
11:21:10.0964 3776 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:21:11.0058 3776 NetBT - ok
11:21:11.0121 3776 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:21:11.0199 3776 NetDDE - ok
11:21:11.0199 3776 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:21:11.0277 3776 NetDDEdsdm - ok
11:21:11.0371 3776 [ 2CED37D677E307E3B79FDD961CB21C2B ] NetFxUpdate_v1.1.4322 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
11:21:12.0058 3776 Suspicious file (NoAccess): C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe. md5: 2CED37D677E307E3B79FDD961CB21C2B
11:21:12.0058 3776 NetFxUpdate_v1.1.4322 ( LockedFile.Multi.Generic ) - warning
11:21:12.0058 3776 NetFxUpdate_v1.1.4322 - detected LockedFile.Multi.Generic (1)
11:21:12.0121 3776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:21:12.0246 3776 Netlogon - ok
11:21:12.0293 3776 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:21:12.0418 3776 Netman - ok
11:21:12.0777 3776 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:21:12.0808 3776 NetTcpPortSharing - ok
11:21:12.0839 3776 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:21:12.0933 3776 NIC1394 - ok
11:21:12.0980 3776 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:21:13.0011 3776 Nla - ok
11:21:13.0089 3776 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:21:13.0168 3776 Npfs - ok
11:21:13.0277 3776 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:21:14.0089 3776 Ntfs - ok
11:21:14.0230 3776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:21:14.0308 3776 NtLmSsp - ok
11:21:14.0449 3776 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:21:14.0793 3776 NtmsSvc - ok
11:21:14.0839 3776 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
11:21:14.0886 3776 NuidFltr - ok
11:21:14.0918 3776 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:21:15.0058 3776 Null - ok
11:21:15.0105 3776 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:21:15.0246 3776 NwlnkFlt - ok
11:21:15.0277 3776 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:21:15.0418 3776 NwlnkFwd - ok
11:21:15.0730 3776 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:21:15.0886 3776 ohci1394 - ok
11:21:16.0027 3776 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:21:16.0152 3776 ose - ok
11:21:16.0230 3776 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:21:16.0371 3776 Parport - ok
11:21:16.0402 3776 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:21:16.0543 3776 PartMgr - ok
11:21:16.0574 3776 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:21:16.0683 3776 ParVdm - ok
11:21:16.0714 3776 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:21:16.0855 3776 PCI - ok
11:21:16.0855 3776 PCIDump - ok
11:21:16.0902 3776 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:21:17.0246 3776 PCIIde - ok
11:21:17.0293 3776 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:21:17.0433 3776 Pcmcia - ok
11:21:17.0433 3776 PDCOMP - ok
11:21:17.0449 3776 PDFRAME - ok
11:21:17.0449 3776 PDRELI - ok
11:21:17.0464 3776 PDRFRAME - ok
11:21:17.0511 3776 [ BD71F603C9AA0754C96E7557EE0001F9 ] pelmouse C:\WINDOWS\system32\DRIVERS\pelmouse.sys
11:21:17.0574 3776 pelmouse - ok
11:21:17.0621 3776 [ 25C36DCCBE713F62BD9D24DD5C554B4E ] pelusblf C:\WINDOWS\system32\DRIVERS\pelusblf.sys
11:21:17.0636 3776 pelusblf - ok
11:21:17.0683 3776 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
11:21:17.0777 3776 perc2 - ok
11:21:17.0808 3776 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:21:17.0886 3776 perc2hib - ok
11:21:17.0933 3776 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:21:17.0949 3776 PlugPlay - ok
11:21:17.0996 3776 [ DEDEF40E1D05842639491365CB2C069E ] pmem C:\WINDOWS\System32\drivers\pmemnt.sys
11:21:18.0011 3776 pmem ( UnsignedFile.Multi.Generic ) - warning
11:21:18.0011 3776 pmem - detected UnsignedFile.Multi.Generic (1)
11:21:18.0027 3776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:21:18.0105 3776 PolicyAgent - ok
11:21:18.0152 3776 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:21:18.0277 3776 PptpMiniport - ok
11:21:18.0293 3776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:21:18.0371 3776 ProtectedStorage - ok
11:21:18.0433 3776 [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
11:21:18.0449 3776 psadd - ok
11:21:18.0449 3776 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:21:18.0558 3776 PSched - ok
11:21:18.0558 3776 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:21:18.0636 3776 Ptilink - ok
11:21:18.0714 3776 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:21:18.0730 3776 PxHelp20 - ok
11:21:18.0777 3776 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:21:18.0871 3776 ql1080 - ok
11:21:18.0871 3776 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:21:18.0949 3776 Ql10wnt - ok
11:21:18.0964 3776 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:21:19.0058 3776 ql12160 - ok
11:21:19.0058 3776 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:21:19.0168 3776 ql1240 - ok
11:21:19.0183 3776 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:21:19.0277 3776 ql1280 - ok
11:21:19.0293 3776 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:21:19.0371 3776 RasAcd - ok
11:21:19.0402 3776 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:21:19.0527 3776 RasAuto - ok
11:21:19.0543 3776 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:21:19.0636 3776 Rasl2tp - ok
11:21:19.0668 3776 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:21:19.0761 3776 RasMan - ok
11:21:19.0761 3776 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:21:19.0871 3776 RasPppoe - ok
11:21:19.0871 3776 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:21:19.0949 3776 Raspti - ok
11:21:20.0011 3776 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:21:20.0105 3776 Rdbss - ok
11:21:20.0121 3776 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:21:20.0214 3776 RDPCDD - ok
11:21:20.0277 3776 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:21:20.0433 3776 rdpdr - ok
11:21:20.0480 3776 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:21:20.0558 3776 RDPWD - ok
11:21:20.0589 3776 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:21:20.0714 3776 RDSessMgr - ok
11:21:20.0761 3776 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:21:20.0839 3776 redbook - ok
11:21:20.0902 3776 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:21:21.0011 3776 RemoteAccess - ok
11:21:21.0074 3776 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:21:21.0152 3776 RemoteRegistry - ok
11:21:21.0308 3776 [ EB9EEB379848F356797EB9EF31114CA5 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
11:21:21.0433 3776 RoxMediaDB10 - ok
11:21:21.0496 3776 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:21:21.0589 3776 RpcLocator - ok
11:21:21.0636 3776 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:21:21.0652 3776 RpcSs - ok
11:21:21.0714 3776 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:21:21.0839 3776 RSVP - ok
11:21:21.0855 3776 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:21:21.0949 3776 SamSs - ok
11:21:21.0980 3776 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:21:22.0058 3776 SCardSvr - ok
11:21:22.0089 3776 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:21:22.0167 3776 Schedule - ok
11:21:22.0214 3776 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:21:22.0261 3776 Secdrv - ok
11:21:22.0308 3776 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:21:22.0402 3776 seclogon - ok
11:21:22.0417 3776 [ 4CF99D2938EF6B4869FBE0F3CFA351E5 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
11:21:22.0433 3776 SenFiltService - ok
11:21:22.0449 3776 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:21:22.0542 3776 SENS - ok
11:21:22.0589 3776 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:21:22.0683 3776 Serenum - ok
11:21:22.0792 3776 SessionLauncher - ok
11:21:22.0824 3776 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:21:22.0917 3776 Sfloppy - ok
11:21:22.0980 3776 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:21:23.0074 3776 SharedAccess - ok
11:21:23.0089 3776 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:21:23.0121 3776 ShellHWDetection - ok
11:21:23.0121 3776 Simbad - ok
11:21:23.0136 3776 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:21:23.0246 3776 sisagp - ok
11:21:23.0261 3776 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:21:23.0292 3776 Sparrow - ok
11:21:23.0339 3776 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:21:23.0433 3776 splitter - ok
11:21:23.0480 3776 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:21:23.0589 3776 Spooler - ok
11:21:23.0636 3776 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:21:23.0699 3776 sr - ok
11:21:23.0746 3776 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:21:23.0777 3776 srservice - ok
11:21:23.0824 3776 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:21:23.0871 3776 Srv - ok
11:21:23.0886 3776 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:21:23.0917 3776 SSDPSRV - ok
11:21:23.0964 3776 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:21:24.0058 3776 stisvc - ok
11:21:24.0089 3776 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:21:24.0105 3776 stllssvr - ok
11:21:24.0136 3776 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:21:24.0230 3776 swenum - ok
11:21:24.0246 3776 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:21:24.0339 3776 swmidi - ok
11:21:24.0339 3776 SwPrv - ok
11:21:24.0355 3776 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
11:21:24.0433 3776 symc810 - ok
11:21:24.0433 3776 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:21:24.0527 3776 symc8xx - ok
11:21:24.0542 3776 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:21:24.0621 3776 sym_hi - ok
11:21:24.0621 3776 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:21:24.0699 3776 sym_u3 - ok
11:21:24.0714 3776 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:21:24.0792 3776 sysaudio - ok
11:21:24.0839 3776 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:21:24.0917 3776 SysmonLog - ok
11:21:24.0964 3776 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:21:25.0058 3776 TapiSrv - ok
11:21:25.0121 3776 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:21:25.0183 3776 Tcpip - ok
11:21:25.0246 3776 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:21:25.0355 3776 TDPIPE - ok
11:21:25.0355 3776 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:21:25.0464 3776 TDTCP - ok
11:21:25.0511 3776 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:21:25.0621 3776 TermDD - ok
11:21:25.0683 3776 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:21:25.0808 3776 TermService - ok
11:21:25.0839 3776 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:21:25.0855 3776 Themes - ok
11:21:25.0902 3776 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:21:25.0933 3776 TlntSvr - ok
11:21:25.0996 3776 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
11:21:26.0074 3776 TosIde - ok
11:21:26.0105 3776 [ 82FED3FEA9BCD77FC870A1E4C8B62870 ] TPM C:\WINDOWS\system32\DRIVERS\tpm.sys
11:21:26.0167 3776 TPM - ok
11:21:26.0214 3776 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:21:26.0339 3776 TrkWks - ok
11:21:26.0605 3776 [ 7694DCA064D0B7E0D1A6972BB9C71B39 ] tvnserver C:\Documents and Settings\pcollins\Local Settings\Application Data\CrossLoop\tvnserver.exe
11:21:26.0667 3776 tvnserver ( UnsignedFile.Multi.Generic ) - warning
11:21:26.0667 3776 tvnserver - detected UnsignedFile.Multi.Generic (1)
11:21:26.0730 3776 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
11:21:26.0777 3776 tvtfilter - ok
11:21:26.0824 3776 [ F2BACC1B7ADFECBA363275E7330AB5C1 ] TVTI2C C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
11:21:26.0824 3776 TVTI2C - ok
11:21:26.0902 3776 [ 930B8B8EF659A714CF1C755928B8850C ] tvtumon C:\WINDOWS\system32\DRIVERS\tvtumon.sys
11:21:26.0933 3776 tvtumon - ok
11:21:26.0964 3776 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:21:27.0058 3776 Udfs - ok
11:21:27.0105 3776 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
11:21:27.0136 3776 ultra - ok
11:21:27.0152 3776 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:21:27.0246 3776 Update - ok
11:21:27.0292 3776 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:21:27.0355 3776 upnphost - ok
11:21:27.0386 3776 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:21:27.0480 3776 UPS - ok
11:21:27.0527 3776 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:21:27.0605 3776 usbccgp - ok
11:21:27.0652 3776 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:21:27.0746 3776 usbehci - ok
11:21:27.0792 3776 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:21:27.0871 3776 usbhub - ok
11:21:27.0933 3776 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:21:28.0042 3776 usbprint - ok
11:21:28.0074 3776 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:21:28.0183 3776 usbscan - ok
11:21:28.0214 3776 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:21:28.0292 3776 USBSTOR - ok
11:21:28.0339 3776 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:21:28.0433 3776 usbuhci - ok
11:21:28.0449 3776 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:21:28.0574 3776 VgaSave - ok
11:21:28.0636 3776 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:21:28.0730 3776 viaagp - ok
11:21:28.0746 3776 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:21:28.0824 3776 ViaIde - ok
11:21:28.0855 3776 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:21:28.0933 3776 VolSnap - ok
11:21:28.0996 3776 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:21:29.0042 3776 VSS - ok
11:21:29.0121 3776 [ 8754BA5FCC85325C229ADCB72087706E ] vToolbarUpdater15.4.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
11:21:29.0183 3776 vToolbarUpdater15.4.0 - ok
11:21:29.0230 3776 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:21:29.0324 3776 W32Time - ok
11:21:29.0386 3776 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:21:29.0464 3776 Wanarp - ok
11:21:29.0527 3776 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:21:29.0542 3776 Wdf01000 - ok
11:21:29.0558 3776 WDICA - ok
11:21:29.0589 3776 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:21:29.0699 3776 wdmaud - ok
11:21:29.0761 3776 [ 7D66C7460240C5FA7DA4E775DF9FF328 ] WebCakeUpdater C:\Program Files\Tepfel\WebCakeDesktop.Updater.exe
11:21:29.0777 3776 WebCakeUpdater - ok
11:21:29.0824 3776 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:21:29.0902 3776 WebClient - ok
11:21:30.0011 3776 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:21:30.0105 3776 winmgmt - ok
11:21:30.0167 3776 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:21:30.0292 3776 WmdmPmSN - ok
11:21:30.0386 3776 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:21:30.0449 3776 Wmi - ok
11:21:30.0496 3776 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:21:30.0589 3776 WmiAcpi - ok
11:21:30.0636 3776 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:21:30.0746 3776 WmiApSrv - ok
11:21:30.0855 3776 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:21:30.0933 3776 WMPNetworkSvc - ok
11:21:30.0980 3776 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:21:31.0089 3776 wscsvc - ok
11:21:31.0105 3776 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:21:31.0214 3776 wuauserv - ok
11:21:31.0261 3776 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:21:31.0324 3776 WudfPf - ok
11:21:31.0339 3776 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:21:31.0386 3776 WudfRd - ok
11:21:31.0417 3776 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:21:31.0464 3776 WudfSvc - ok
11:21:31.0527 3776 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:21:31.0636 3776 WZCSVC - ok
11:21:31.0652 3776 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:21:31.0761 3776 xmlprov - ok
11:21:31.0761 3776 ================ Scan global ===============================
11:21:31.0808 3776 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:21:31.0855 3776 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:21:31.0902 3776 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:21:31.0917 3776 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:21:31.0917 3776 [Global] - ok
11:21:31.0917 3776 ================ Scan MBR ==================================
11:21:31.0949 3776 [ 9DBB54B6E944112B454C0A386A97FEF3 ] \Device\Harddisk0\DR0
11:21:32.0230 3776 \Device\Harddisk0\DR0 - ok
11:21:32.0230 3776 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
11:21:34.0511 3776 \Device\Harddisk1\DR3 - ok
11:21:34.0511 3776 ================ Scan VBR ==================================
11:21:34.0542 3776 [ 61775B06E151E2D96C3F1ED8FC08DD0E ] \Device\Harddisk0\DR0\Partition1
11:21:34.0542 3776 \Device\Harddisk0\DR0\Partition1 - ok
11:21:34.0542 3776 [ 76755EEC6B8F2F87D42C484A261FA4AA ] \Device\Harddisk1\DR3\Partition1
11:21:34.0542 3776 \Device\Harddisk1\DR3\Partition1 - ok
11:21:34.0542 3776 ============================================================
11:21:34.0542 3776 Scan finished
11:21:34.0542 3776 ============================================================
11:21:34.0652 0480 Detected object count: 5
11:21:34.0652 0480 Actual detected object count: 5
11:21:49.0417 0480 A5AGU ( UnsignedFile.Multi.Generic ) - skipped by user
11:21:49.0417 0480 A5AGU ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:21:49.0417 0480 ATHFMWDL ( UnsignedFile.Multi.Generic ) - skipped by user
11:21:49.0417 0480 ATHFMWDL ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:21:49.0417 0480 NetFxUpdate_v1.1.4322 ( LockedFile.Multi.Generic ) - skipped by user
11:21:49.0417 0480 NetFxUpdate_v1.1.4322 ( LockedFile.Multi.Generic ) - User select action: Skip
11:21:49.0433 0480 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
11:21:49.0433 0480 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:21:49.0433 0480 tvnserver ( UnsignedFile.Multi.Generic ) - skipped by user
11:21:49.0433 0480 tvnserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:22:49.0089 2308 ============================================================
11:22:49.0089 2308 Scan started
11:22:49.0089 2308 Mode: Manual; SigCheck; TDLFS;
11:22:49.0089 2308 ============================================================
11:22:49.0167 2308 ================ Scan system memory ========================
11:22:49.0167 2308 System memory - ok
11:22:49.0167 2308 ================ Scan services =============================
11:22:49.0386 2308 [ F2E8282F2D462DACA1ED8F1D8F94C21C ] A5AGU C:\WINDOWS\system32\DRIVERS\A5AGU.sys
11:22:49.0776 2308 A5AGU ( UnsignedFile.Multi.Generic ) - warning
11:22:49.0776 2308 A5AGU - detected UnsignedFile.Multi.Generic (1)
11:22:49.0792 2308 Abiosdsk - ok
11:22:49.0839 2308 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:22:49.0917 2308 abp480n5 - ok
11:22:49.0948 2308 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:22:50.0042 2308 ACPI - ok
11:22:50.0058 2308 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:22:50.0151 2308 ACPIEC - ok
11:22:50.0198 2308 [ A8E17F209DC9105254A096EDDE533B56 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:22:50.0261 2308 ADIHdAudAddService - ok
11:22:50.0417 2308 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:22:50.0433 2308 AdobeFlashPlayerUpdateSvc - ok
11:22:50.0479 2308 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:22:50.0573 2308 adpu160m - ok
11:22:50.0620 2308 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
11:22:50.0636 2308 AEAudio - ok
11:22:50.0698 2308 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:22:50.0792 2308 aec - ok
11:22:50.0854 2308 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:22:50.0870 2308 AFD - ok
11:22:50.0886 2308 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
11:22:50.0995 2308 agp440 - ok
11:22:51.0011 2308 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:22:51.0120 2308 agpCPQ - ok
11:22:51.0120 2308 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:22:51.0151 2308 Aha154x - ok
11:22:51.0167 2308 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:22:51.0292 2308 aic78u2 - ok
11:22:51.0292 2308 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:22:51.0370 2308 aic78xx - ok
11:22:51.0401 2308 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:22:51.0511 2308 Alerter - ok
11:22:51.0526 2308 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:22:51.0573 2308 ALG - ok
11:22:51.0604 2308 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
11:22:51.0683 2308 AliIde - ok
11:22:51.0714 2308 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:22:51.0792 2308 alim1541 - ok
11:22:51.0792 2308 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:22:51.0870 2308 amdagp - ok
11:22:51.0901 2308 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
11:22:51.0948 2308 amsint - ok
11:22:51.0979 2308 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:22:52.0042 2308 AppMgmt - ok
11:22:52.0073 2308 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:22:52.0167 2308 Arp1394 - ok
11:22:52.0198 2308 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
11:22:52.0276 2308 asc - ok
11:22:52.0308 2308 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:22:52.0339 2308 asc3350p - ok
11:22:52.0339 2308 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:22:52.0448 2308 asc3550 - ok
11:22:52.0589 2308 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:22:52.0604 2308 aspnet_state - ok
11:22:52.0604 2308 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:22:52.0698 2308 AsyncMac - ok
11:22:52.0729 2308 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:22:52.0808 2308 atapi - ok
11:22:52.0808 2308 Atdisk - ok
11:22:52.0839 2308 [ 629ECFAC73E13C3832EE56419BF7CDCA ] ATHFMWDL C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
11:22:52.0854 2308 ATHFMWDL ( UnsignedFile.Multi.Generic ) - warning
11:22:52.0854 2308 ATHFMWDL - detected UnsignedFile.Multi.Generic (1)
11:22:52.0886 2308 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:22:52.0979 2308 Atmarpc - ok
11:22:53.0026 2308 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:22:53.0151 2308 AudioSrv - ok
11:22:53.0214 2308 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:22:53.0276 2308 audstub - ok
11:22:54.0214 2308 [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
11:22:54.0370 2308 AVGIDSAgent - ok
11:22:54.0401 2308 [ 4D7E34E36E586EA26F171A258341BD80 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
11:22:54.0433 2308 AVGIDSDriver - ok
11:22:54.0495 2308 [ 7C8E88549BCDAAC965B1B724C175F7A9 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
11:22:54.0511 2308 AVGIDSHX - ok
11:22:54.0558 2308 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
11:22:54.0573 2308 AVGIDSShim - ok
11:22:54.0620 2308 [ 2018C4E9A40B122408763A5635CF14D9 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:22:54.0636 2308 Avgldx86 - ok
11:22:54.0683 2308 [ E2B9CF2CF787C6978E7CC898E9684E48 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
11:22:54.0698 2308 Avglogx - ok
11:22:54.0714 2308 [ 3F59750A3AA55C46663801E7C2FD1E2B ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:22:54.0729 2308 Avgmfx86 - ok
11:22:54.0761 2308 [ EDDE28E993496EE1DC3F0937DFF7BF28 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:22:54.0761 2308 Avgrkx86 - ok
11:22:54.0792 2308 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:22:54.0808 2308 Avgtdix - ok
11:22:54.0839 2308 [ BB83BDE5C9EB8A1B932D4A8374758EF8 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
11:22:54.0854 2308 avgtp - ok
11:22:54.0933 2308 [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
11:22:54.0948 2308 avgwd - ok
11:22:54.0995 2308 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:22:55.0089 2308 Beep - ok
11:22:55.0136 2308 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:22:55.0245 2308 BITS - ok
11:22:55.0292 2308 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:22:55.0370 2308 Browser - ok
11:22:55.0386 2308 catchme - ok
11:22:55.0464 2308 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:22:55.0573 2308 cbidf - ok
11:22:55.0573 2308 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:22:55.0651 2308 cbidf2k - ok
11:22:55.0667 2308 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:22:55.0729 2308 cd20xrnt - ok
11:22:55.0745 2308 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:22:55.0854 2308 Cdaudio - ok
11:22:55.0901 2308 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:22:55.0964 2308 Cdfs - ok
11:22:55.0995 2308 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:22:56.0058 2308 Cdrom - ok
11:22:56.0073 2308 Changer - ok
11:22:56.0120 2308 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:22:56.0183 2308 CiSvc - ok
11:22:56.0214 2308 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:22:56.0308 2308 ClipSrv - ok
11:22:56.0354 2308 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:22:56.0370 2308 clr_optimization_v2.0.50727_32 - ok
11:22:56.0464 2308 [ 2B9A15DFDC14B4ECB1E8FC13AE43E60F ] CltMngSvc C:\Program Files\SearchProtect\bin\CltMngSvc.exe
11:22:56.0479 2308 CltMngSvc - ok
11:22:56.0511 2308 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:22:56.0604 2308 CmBatt - ok
11:22:56.0620 2308 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:22:56.0714 2308 CmdIde - ok
11:22:56.0761 2308 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:22:56.0854 2308 Compbatt - ok
11:22:56.0854 2308 COMSysApp - ok
11:22:56.0870 2308 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:22:56.0948 2308 Cpqarray - ok
11:22:56.0995 2308 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:22:57.0073 2308 CryptSvc - ok
11:22:57.0120 2308 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:22:57.0214 2308 dac2w2k - ok
11:22:57.0214 2308 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:22:57.0323 2308 dac960nt - ok
11:22:57.0370 2308 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:22:57.0417 2308 DcomLaunch - ok
11:22:57.0495 2308 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:22:57.0573 2308 Dhcp - ok
11:22:57.0620 2308 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:22:57.0698 2308 Disk - ok
11:22:57.0745 2308 [ 5B149CCFE275F4DE0B4B8EC6B9F6821E ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS
11:22:57.0761 2308 DLABMFSM - ok
11:22:57.0776 2308 [ AD4CB3D783634C90A9D0CE360933A63C ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:22:57.0776 2308 DLABOIOM - ok
11:22:57.0792 2308 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:22:57.0792 2308 DLACDBHM - ok
11:22:57.0823 2308 [ 93D03238CC3F0EE3C0B3985D110EC575 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS
11:22:57.0839 2308 DLADResM - ok
11:22:57.0870 2308 [ 6A82F77C4A6F5235BF352F0028E2EF52 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:22:57.0886 2308 DLAIFS_M - ok
11:22:57.0886 2308 [ 0E6052C0ADA37504896A847231A3907D ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:22:57.0901 2308 DLAOPIOM - ok
11:22:57.0933 2308 [ 29670BB4E2B973C5B55A76107D4910B2 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:22:57.0948 2308 DLAPoolM - ok
11:22:57.0948 2308 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
11:22:57.0979 2308 DLARTL_M - ok
11:22:57.0979 2308 [ 6B087732B86C1D866D69DBBE463EA90A ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:22:57.0995 2308 DLAUDFAM - ok
11:22:57.0995 2308 [ BBEECB95F2841AE4A3E3690D46D7153D ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:22:58.0011 2308 DLAUDF_M - ok
11:22:58.0011 2308 dmadmin - ok
11:22:58.0058 2308 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:22:58.0167 2308 dmboot - ok
11:22:58.0167 2308 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:22:58.0276 2308 dmio - ok
11:22:58.0323 2308 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:22:58.0417 2308 dmload - ok
11:22:58.0448 2308 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:22:58.0526 2308 dmserver - ok
11:22:58.0542 2308 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:22:58.0636 2308 DMusic - ok
11:22:58.0698 2308 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:22:58.0714 2308 Dnscache - ok
11:22:58.0745 2308 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:22:58.0839 2308 Dot3svc - ok
11:22:58.0886 2308 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:22:58.0948 2308 dpti2o - ok
11:22:59.0011 2308 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:22:59.0073 2308 drmkaud - ok
11:22:59.0089 2308 [ 83106585494D5EB96F59187200C144BD ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:22:59.0120 2308 DRVMCDB - ok
11:22:59.0120 2308 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:22:59.0136 2308 DRVNDDM - ok
11:22:59.0182 2308 [ 4CAE156AE69B3B9FA4F610225FD3F415 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
11:22:59.0198 2308 e1kexpress - ok
11:22:59.0229 2308 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:22:59.0323 2308 EapHost - ok
11:22:59.0339 2308 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:22:59.0417 2308 ERSvc - ok
11:22:59.0479 2308 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:22:59.0495 2308 Eventlog - ok
11:22:59.0526 2308 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:22:59.0542 2308 EventSystem - ok
11:22:59.0604 2308 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:22:59.0682 2308 Fastfat - ok
11:22:59.0729 2308 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:22:59.0776 2308 FastUserSwitchingCompatibility - ok
11:22:59.0792 2308 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:22:59.0886 2308 Fdc - ok
11:22:59.0917 2308 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:22:59.0979 2308 Fips - ok
11:23:00.0026 2308 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:23:00.0136 2308 Flpydisk - ok
11:23:00.0151 2308 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:23:00.0229 2308 FltMgr - ok
11:23:00.0386 2308 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:23:00.0386 2308 FontCache3.0.0.0 - ok
11:23:00.0417 2308 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:23:00.0511 2308 Fs_Rec - ok
11:23:00.0526 2308 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:23:00.0604 2308 Ftdisk - ok
11:23:00.0651 2308 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:23:00.0745 2308 Gpc - ok
11:23:00.0776 2308 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:23:00.0870 2308 HDAudBus - ok
11:23:00.0932 2308 [ E4A123AD734A3731D29EBD3A01B3E535 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
11:23:00.0964 2308 HECI - ok
11:23:01.0073 2308 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:23:01.0167 2308 helpsvc - ok
11:23:01.0214 2308 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:23:01.0292 2308 HidServ - ok
11:23:01.0307 2308 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:23:01.0386 2308 HidUsb - ok
11:23:01.0432 2308 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:23:01.0495 2308 hkmsvc - ok
11:23:01.0542 2308 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
11:23:01.0620 2308 hpn - ok
11:23:01.0651 2308 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:23:01.0667 2308 HTTP - ok
11:23:01.0698 2308 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:23:01.0823 2308 HTTPFilter - ok
11:23:01.0870 2308 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
11:23:01.0932 2308 i2omgmt - ok
11:23:01.0964 2308 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:23:02.0057 2308 i2omp - ok
11:23:02.0057 2308 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:23:02.0136 2308 i8042prt - ok
11:23:02.0370 2308 [ F339B2E3A3F63CC14077D614A56A967B ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:23:02.0542 2308 ialm - ok
11:23:02.0604 2308 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:23:02.0636 2308 iaStor - ok
11:23:02.0745 2308 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:23:02.0776 2308 idsvc - ok
11:23:02.0823 2308 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:23:02.0917 2308 Imapi - ok
11:23:02.0979 2308 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:23:03.0057 2308 ImapiService - ok
11:23:03.0120 2308 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:23:03.0198 2308 ini910u - ok
11:23:03.0214 2308 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:23:03.0276 2308 IntelIde - ok
11:23:03.0307 2308 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:23:03.0386 2308 intelppm - ok
11:23:03.0386 2308 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:23:03.0479 2308 Ip6Fw - ok
11:23:03.0511 2308 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:23:03.0604 2308 IpFilterDriver - ok
11:23:03.0636 2308 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:23:03.0698 2308 IpInIp - ok
11:23:03.0729 2308 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:23:03.0792 2308 IpNat - ok
11:23:03.0823 2308 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:23:03.0886 2308 IPSec - ok
11:23:03.0901 2308 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:23:03.0932 2308 IRENUM - ok
11:23:03.0995 2308 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:23:04.0073 2308 isapnp - ok
11:23:04.0229 2308 [ DE5D05FD449798EF88CC34AD4B1E7F85 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:23:04.0245 2308 JavaQuickStarterService - ok
11:23:04.0276 2308 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:23:04.0370 2308 Kbdclass - ok
11:23:04.0432 2308 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:23:04.0495 2308 kbdhid - ok
11:23:04.0526 2308 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:23:04.0620 2308 kmixer - ok
11:23:04.0667 2308 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:23:04.0682 2308 KSecDD - ok
11:23:04.0729 2308 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:23:04.0745 2308 LanmanServer - ok
11:23:04.0807 2308 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:23:04.0839 2308 lanmanworkstation - ok
11:23:04.0839 2308 lbrtfdc - ok
11:23:04.0870 2308 [ 83CB0CEE3518D12EFF8064B4D72EB4BC ] LCILD C:\WINDOWS\system32\DRIVERS\LCILD.sys
11:23:04.0886 2308 LCILD - ok
11:23:04.0917 2308 [ 2DBA93208D324E6A670827FB222CA4A5 ] lcildfil C:\WINDOWS\system32\DRIVERS\lcildfil.sys
11:23:04.0948 2308 lcildfil - ok
11:23:04.0995 2308 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:23:05.0073 2308 LmHosts - ok
11:23:05.0104 2308 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
11:23:05.0120 2308 mbamchameleon - ok
11:23:05.0136 2308 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
11:23:05.0151 2308 MBAMProtector - ok
11:23:05.0214 2308 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:23:05.0261 2308 MBAMService - ok
11:23:05.0292 2308 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:23:05.0401 2308 Messenger - ok
11:23:05.0432 2308 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:23:05.0526 2308 mnmdd - ok
11:23:05.0557 2308 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:23:05.0636 2308 mnmsrvc - ok
11:23:05.0682 2308 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:23:05.0761 2308 Modem - ok
11:23:05.0807 2308 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:23:05.0901 2308 Mouclass - ok
11:23:05.0917 2308 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:23:05.0979 2308 mouhid - ok
11:23:05.0995 2308 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:23:06.0073 2308 MountMgr - ok
11:23:06.0089 2308 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:23:06.0167 2308 mraid35x - ok
11:23:06.0182 2308 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:23:06.0292 2308 MRxDAV - ok
11:23:06.0354 2308 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:23:06.0386 2308 MRxSmb - ok
11:23:06.0417 2308 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:23:06.0495 2308 MSDTC - ok
11:23:06.0511 2308 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:23:06.0589 2308 Msfs - ok
11:23:06.0589 2308 MSIServer - ok
11:23:06.0620 2308 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:23:06.0698 2308 MSKSSRV - ok
11:23:06.0761 2308 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:23:06.0823 2308 MSPCLOCK - ok
11:23:06.0839 2308 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:23:06.0917 2308 MSPQM - ok
11:23:06.0979 2308 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:23:07.0042 2308 mssmbios - ok
11:23:07.0089 2308 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:23:07.0104 2308 Mup - ok
11:23:07.0151 2308 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:23:07.0245 2308 napagent - ok
11:23:07.0307 2308 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:23:07.0401 2308 NDIS - ok
11:23:07.0464 2308 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:23:07.0479 2308 NdisTapi - ok
11:23:07.0511 2308 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:23:07.0589 2308 Ndisuio - ok
11:23:07.0620 2308 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:23:07.0698 2308 NdisWan - ok
11:23:07.0745 2308 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:23:07.0776 2308 NDProxy - ok
11:23:07.0839 2308 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:23:07.0917 2308 NetBIOS - ok
11:23:07.0948 2308 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:23:08.0042 2308 NetBT - ok
11:23:08.0073 2308 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:23:08.0167 2308 NetDDE - ok
11:23:08.0167 2308 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:23:08.0245 2308 NetDDEdsdm - ok
11:23:08.0323 2308 [ 2CED37D677E307E3B79FDD961CB21C2B ] NetFxUpdate_v1.1.4322 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
11:23:08.0339 2308 Suspicious file (NoAccess): C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe. md5: 2CED37D677E307E3B79FDD961CB21C2B
11:23:08.0339 2308 NetFxUpdate_v1.1.4322 ( LockedFile.Multi.Generic ) - warning
11:23:08.0339 2308 NetFxUpdate_v1.1.4322 - detected LockedFile.Multi.Generic (1)
11:23:08.0386 2308 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:23:08.0464 2308 Netlogon - ok
11:23:08.0526 2308 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:23:08.0604 2308 Netman - ok
11:23:08.0682 2308 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:23:08.0682 2308 NetTcpPortSharing - ok
11:23:08.0729 2308 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:23:08.0807 2308 NIC1394 - ok
11:23:08.0870 2308 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:23:08.0901 2308 Nla - ok
11:23:08.0964 2308 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:23:09.0057 2308 Npfs - ok
11:23:09.0104 2308 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:23:09.0182 2308 Ntfs - ok
11:23:09.0198 2308 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:23:09.0276 2308 NtLmSsp - ok
11:23:09.0339 2308 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:23:09.0417 2308 NtmsSvc - ok
11:23:09.0448 2308 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
11:23:09.0464 2308 NuidFltr - ok
11:23:09.0479 2308 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:23:09.0557 2308 Null - ok
11:23:09.0589 2308 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:23:09.0667 2308 NwlnkFlt - ok
11:23:09.0667 2308 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:23:09.0729 2308 NwlnkFwd - ok
11:23:09.0745 2308 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:23:09.0823 2308 ohci1394 - ok
11:23:09.0901 2308 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:23:09.0932 2308 ose - ok
11:23:09.0979 2308 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:23:10.0073 2308 Parport - ok
11:23:10.0089 2308 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:23:10.0167 2308 PartMgr - ok
11:23:10.0182 2308 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:23:10.0276 2308 ParVdm - ok
11:23:10.0292 2308 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:23:10.0401 2308 PCI - ok
11:23:10.0417 2308 PCIDump - ok
11:23:10.0432 2308 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:23:10.0511 2308 PCIIde - ok
11:23:10.0542 2308 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:23:10.0636 2308 Pcmcia - ok
11:23:10.0636 2308 PDCOMP - ok
11:23:10.0651 2308 PDFRAME - ok
11:23:10.0651 2308 PDRELI - ok
11:23:10.0651 2308 PDRFRAME - ok
11:23:10.0682 2308 [ BD71F603C9AA0754C96E7557EE0001F9 ] pelmouse C:\WINDOWS\system32\DRIVERS\pelmouse.sys
11:23:10.0714 2308 pelmouse - ok
11:23:10.0761 2308 [ 25C36DCCBE713F62BD9D24DD5C554B4E ] pelusblf C:\WINDOWS\system32\DRIVERS\pelusblf.sys
11:23:10.0776 2308 pelusblf - ok
11:23:10.0792 2308 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
11:23:10.0870 2308 perc2 - ok
11:23:10.0870 2308 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:23:10.0948 2308 perc2hib - ok
11:23:10.0964 2308 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:23:10.0979 2308 PlugPlay - ok
11:23:11.0026 2308 [ DEDEF40E1D05842639491365CB2C069E ] pmem C:\WINDOWS\System32\drivers\pmemnt.sys
11:23:11.0042 2308 pmem ( UnsignedFile.Multi.Generic ) - warning
11:23:11.0042 2308 pmem - detected UnsignedFile.Multi.Generic (1)
11:23:11.0057 2308 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:23:11.0136 2308 PolicyAgent - ok
11:23:11.0182 2308 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:23:11.0276 2308 PptpMiniport - ok
11:23:11.0292 2308 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:23:11.0370 2308 ProtectedStorage - ok
11:23:11.0417 2308 [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
11:23:11.0432 2308 psadd - ok
11:23:11.0448 2308 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:23:11.0542 2308 PSched - ok
11:23:11.0542 2308 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:23:11.0620 2308 Ptilink - ok
11:23:11.0667 2308 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:23:11.0682 2308 PxHelp20 - ok
11:23:11.0729 2308 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:23:11.0807 2308 ql1080 - ok
11:23:11.0823 2308 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:23:11.0886 2308 Ql10wnt - ok
11:23:11.0917 2308 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:23:11.0979 2308 ql12160 - ok
11:23:11.0995 2308 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:23:12.0073 2308 ql1240 - ok
11:23:12.0073 2308 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:23:12.0151 2308 ql1280 - ok
11:23:12.0167 2308 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:23:12.0245 2308 RasAcd - ok
11:23:12.0276 2308 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:23:12.0386 2308 RasAuto - ok
11:23:12.0401 2308 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:23:12.0479 2308 Rasl2tp - ok
11:23:12.0511 2308 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:23:12.0573 2308 RasMan - ok
11:23:12.0589 2308 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:23:12.0667 2308 RasPppoe - ok
11:23:12.0667 2308 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:23:12.0761 2308 Raspti - ok
11:23:12.0823 2308 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:23:12.0932 2308 Rdbss - ok
11:23:12.0979 2308 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:23:13.0042 2308 RDPCDD - ok
11:23:13.0089 2308 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:23:13.0182 2308 rdpdr - ok
11:23:13.0229 2308 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:23:13.0261 2308 RDPWD - ok
11:23:13.0292 2308 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:23:13.0370 2308 RDSessMgr - ok
11:23:13.0417 2308 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:23:13.0495 2308 redbook - ok
11:23:13.0542 2308 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:23:13.0636 2308 RemoteAccess - ok
11:23:13.0682 2308 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:23:13.0776 2308 RemoteRegistry - ok
11:23:13.0901 2308 [ EB9EEB379848F356797EB9EF31114CA5 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
11:23:13.0932 2308 RoxMediaDB10 - ok
11:23:13.0995 2308 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:23:14.0089 2308 RpcLocator - ok
11:23:14.0120 2308 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:23:14.0151 2308 RpcSs - ok
11:23:14.0198 2308 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:23:14.0276 2308 RSVP - ok
11:23:14.0292 2308 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:23:14.0386 2308 SamSs - ok
11:23:14.0401 2308 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:23:14.0495 2308 SCardSvr - ok
11:23:14.0526 2308 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:23:14.0604 2308 Schedule - ok
11:23:14.0651 2308 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:23:14.0698 2308 Secdrv - ok
11:23:14.0745 2308 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:23:14.0807 2308 seclogon - ok
11:23:14.0839 2308 [ 4CF99D2938EF6B4869FBE0F3CFA351E5 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
11:23:14.0886 2308 SenFiltService - ok
11:23:14.0886 2308 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:23:14.0964 2308 SENS - ok
11:23:15.0011 2308 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:23:15.0089 2308 Serenum - ok
11:23:15.0198 2308 SessionLauncher - ok
11:23:15.0229 2308 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:23:15.0339 2308 Sfloppy - ok
11:23:15.0401 2308 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:23:15.0495 2308 SharedAccess - ok
11:23:15.0511 2308 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:23:15.0542 2308 ShellHWDetection - ok
11:23:15.0542 2308 Simbad - ok
11:23:15.0557 2308 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:23:15.0636 2308 sisagp - ok
11:23:15.0636 2308 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:23:15.0682 2308 Sparrow - ok
11:23:15.0714 2308 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:23:15.0776 2308 splitter - ok
11:23:15.0839 2308 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:23:15.0839 2308 Spooler - ok
11:23:15.0901 2308 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:23:15.0948 2308 sr - ok
11:23:15.0995 2308 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:23:16.0042 2308 srservice - ok
11:23:16.0073 2308 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:23:16.0120 2308 Srv - ok
11:23:16.0136 2308 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:23:16.0182 2308 SSDPSRV - ok
11:23:16.0245 2308 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:23:16.0323 2308 stisvc - ok
11:23:16.0370 2308 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:23:16.0386 2308 stllssvr - ok
11:23:16.0432 2308 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:23:16.0511 2308 swenum - ok
11:23:16.0526 2308 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:23:16.0604 2308 swmidi - ok
11:23:16.0604 2308 SwPrv - ok
11:23:16.0636 2308 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
11:23:16.0698 2308 symc810 - ok
11:23:16.0698 2308 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:23:16.0792 2308 symc8xx - ok
11:23:16.0823 2308 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:23:16.0932 2308 sym_hi - ok
11:23:16.0932 2308 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:23:17.0011 2308 sym_u3 - ok
11:23:17.0026 2308 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:23:17.0120 2308 sysaudio - ok
11:23:17.0151 2308 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:23:17.0229 2308 SysmonLog - ok
11:23:17.0276 2308 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:23:17.0370 2308 TapiSrv - ok
11:23:17.0432 2308 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:23:17.0495 2308 Tcpip - ok
11:23:17.0542 2308 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:23:17.0636 2308 TDPIPE - ok
11:23:17.0636 2308 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:23:17.0714 2308 TDTCP - ok
11:23:17.0776 2308 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:23:17.0839 2308 TermDD - ok
11:23:17.0901 2308 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:23:18.0011 2308 TermService - ok
11:23:18.0042 2308 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:23:18.0057 2308 Themes - ok
11:23:18.0104 2308 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:23:18.0151 2308 TlntSvr - ok
11:23:18.0198 2308 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
11:23:18.0260 2308 TosIde - ok
11:23:18.0307 2308 [ 82FED3FEA9BCD77FC870A1E4C8B62870 ] TPM C:\WINDOWS\system32\DRIVERS\tpm.sys
11:23:18.0339 2308 TPM - ok
11:23:18.0385 2308 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:23:18.0464 2308 TrkWks - ok
11:23:18.0714 2308 [ 7694DCA064D0B7E0D1A6972BB9C71B39 ] tvnserver C:\Documents and Settings\pcollins\Local Settings\Application Data\CrossLoop\tvnserver.exe
11:23:18.0729 2308 tvnserver ( UnsignedFile.Multi.Generic ) - warning
11:23:18.0729 2308 tvnserver - detected UnsignedFile.Multi.Generic (1)
11:23:18.0776 2308 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
11:23:18.0792 2308 tvtfilter - ok
11:23:18.0854 2308 [ F2BACC1B7ADFECBA363275E7330AB5C1 ] TVTI2C C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
11:23:18.0870 2308 TVTI2C - ok
11:23:18.0932 2308 [ 930B8B8EF659A714CF1C755928B8850C ] tvtumon C:\WINDOWS\system32\DRIVERS\tvtumon.sys
11:23:18.0932 2308 tvtumon - ok
11:23:18.0995 2308 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:23:19.0089 2308 Udfs - ok
11:23:19.0104 2308 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
11:23:19.0151 2308 ultra - ok
11:23:19.0167 2308 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:23:19.0245 2308 Update - ok
11:23:19.0307 2308 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:23:19.0339 2308 upnphost - ok
11:23:19.0370 2308 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:23:19.0464 2308 UPS - ok
11:23:19.0479 2308 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:23:19.0557 2308 usbccgp - ok
11:23:19.0620 2308 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:23:19.0714 2308 usbehci - ok
11:23:19.0745 2308 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:23:19.0823 2308 usbhub - ok
11:23:19.0870 2308 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:23:19.0948 2308 usbprint - ok
11:23:19.0979 2308 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:23:20.0089 2308 usbscan - ok
11:23:20.0120 2308 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:23:20.0182 2308 USBSTOR - ok
11:23:20.0229 2308 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:23:20.0339 2308 usbuhci - ok
11:23:20.0370 2308 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:23:20.0448 2308 VgaSave - ok
11:23:20.0510 2308 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:23:20.0604 2308 viaagp - ok
11:23:20.0635 2308 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:23:20.0714 2308 ViaIde - ok
11:23:20.0745 2308 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:23:20.0807 2308 VolSnap - ok
11:23:20.0870 2308 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:23:20.0901 2308 VSS - ok
11:23:20.0995 2308 [ 8754BA5FCC85325C229ADCB72087706E ] vToolbarUpdater15.4.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
11:23:21.0042 2308 vToolbarUpdater15.4.0 - ok
11:23:21.0104 2308 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:23:21.0198 2308 W32Time - ok
11:23:21.0245 2308 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:23:21.0307 2308 Wanarp - ok
11:23:21.0370 2308 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:23:21.0401 2308 Wdf01000 - ok
11:23:21.0401 2308 WDICA - ok
11:23:21.0432 2308 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:23:21.0526 2308 wdmaud - ok
11:23:21.0604 2308 [ 7D66C7460240C5FA7DA4E775DF9FF328 ] WebCakeUpdater C:\Program Files\Tepfel\WebCakeDesktop.Updater.exe
11:23:21.0635 2308 WebCakeUpdater - ok
11:23:21.0682 2308 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:23:21.0776 2308 WebClient - ok
11:23:21.0870 2308 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:23:21.0948 2308 winmgmt - ok
11:23:22.0010 2308 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:23:22.0010 2308 WmdmPmSN - ok
11:23:22.0057 2308 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:23:22.0104 2308 Wmi - ok
11:23:22.0120 2308 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:23:22.0198 2308 WmiAcpi - ok
11:23:22.0229 2308 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:23:22.0339 2308 WmiApSrv - ok
11:23:22.0448 2308 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:23:22.0510 2308 WMPNetworkSvc - ok
11:23:22.0573 2308 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:23:22.0651 2308 wscsvc - ok
11:23:22.0667 2308 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:23:22.0760 2308 wuauserv - ok
11:23:22.0792 2308 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:23:22.0807 2308 WudfPf - ok
11:23:22.0823 2308 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:23:22.0854 2308 WudfRd - ok
11:23:22.0901 2308 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:23:22.0917 2308 WudfSvc - ok
11:23:22.0964 2308 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:23:23.0057 2308 WZCSVC - ok
11:23:23.0104 2308 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:23:23.0167 2308 xmlprov - ok
11:23:23.0182 2308 ================ Scan global ===============================
11:23:23.0229 2308 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:23:23.0276 2308 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:23:23.0292 2308 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:23:23.0323 2308 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:23:23.0323 2308 [Global] - ok
11:23:23.0323 2308 ================ Scan MBR ==================================
11:23:23.0354 2308 [ 9DBB54B6E944112B454C0A386A97FEF3 ] \Device\Harddisk0\DR0
11:23:23.0620 2308 \Device\Harddisk0\DR0 - ok
11:23:23.0620 2308 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
11:23:25.0870 2308 \Device\Harddisk1\DR3 - ok
11:23:25.0870 2308 ================ Scan VBR ==================================
11:23:25.0870 2308 [ 61775B06E151E2D96C3F1ED8FC08DD0E ] \Device\Harddisk0\DR0\Partition1
11:23:25.0870 2308 \Device\Harddisk0\DR0\Partition1 - ok
11:23:25.0885 2308 [ 76755EEC6B8F2F87D42C484A261FA4AA ] \Device\Harddisk1\DR3\Partition1
11:23:25.0885 2308 \Device\Harddisk1\DR3\Partition1 - ok
11:23:25.0885 2308 ============================================================
11:23:25.0885 2308 Scan finished
11:23:25.0885 2308 ============================================================
11:23:25.0885 5184 Detected object count: 5
11:23:25.0885 5184 Actual detected object count: 5
11:23:37.0214 5184 A5AGU ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:37.0214 5184 A5AGU ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:23:37.0214 5184 ATHFMWDL ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:37.0214 5184 ATHFMWDL ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:23:37.0214 5184 NetFxUpdate_v1.1.4322 ( LockedFile.Multi.Generic ) - skipped by user
11:23:37.0214 5184 NetFxUpdate_v1.1.4322 ( LockedFile.Multi.Generic ) - User select action: Skip
11:23:37.0214 5184 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:37.0214 5184 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:23:37.0214 5184 tvnserver ( UnsignedFile.Multi.Generic ) - skipped by user
11:23:37.0214 5184 tvnserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:23:40.0120 5844 Deinitialize success
  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks. We seem to have an infected driver file but no rootkits. So that is good. Let's see if we can find an uninfected copy of the driver. We are going to run a customized OTL scan. This should produce a short log with very specific results. Please read the instructions carefully as I have changed the settings.


Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

/md5start
C:\WINDOWS\system32\drivers\serial.sys
/md5stop


2. Re-open Posted Imageon the desktop. To do that:
  • Double click the OTL icon.
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the greyed out None button at the top of the console (It's just under the Posted Image button).<---Very Important
  • Click the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new OTL.txt log
  • 0

Advertisements


#11
mej_jeff

mej_jeff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the most recent OTL log file.

OTL logfile created on: 8/29/2013 8:55:20 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jtracey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

876.04 Mb Total Physical Memory | 62.63 Mb Available Physical Memory | 7.15% Memory free
2.07 Gb Paging File | 1.22 Gb Available in Paging File | 58.93% Paging File free
Paging file location(s): C:\pagefile.sys 1308 2616 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.50 Gb Total Space | 98.42 Gb Free Space | 67.64% Space Free | Partition Type: NTFS
Drive E: | 7.26 Gb Total Space | 7.16 Gb Free Space | 98.64% Space Free | Partition Type: FAT32
Drive H: | 253.90 Gb Total Space | 71.91 Gb Free Space | 28.32% Space Free | Partition Type: NTFS
Drive I: | 279.48 Gb Total Space | 185.05 Gb Free Space | 66.21% Space Free | Partition Type: NTFS
Drive Y: | 278.46 Gb Total Space | 28.33 Gb Free Space | 10.17% Space Free | Partition Type: NTFS

Computer Name: NAL006A | User Name: jtracey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< >

< >

< >

< End of report >
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Well that didn't work quite like I planned it. Sorry, but I screwed up the directive. Let's try it again.


Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

/md5start
serial.sys
/md5stop


2. Re-open Posted Imageon the desktop. To do that:
  • Double click the OTL icon.
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the greyed out None button at the top of the console (It's just under the Posted Image button).<---Very Important
  • Click the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new OTL.txt log
  • 0

#13
mej_jeff

mej_jeff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the most recent log

OTL logfile created on: 8/29/2013 1:01:47 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\jtracey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

876.04 Mb Total Physical Memory | 484.14 Mb Available Physical Memory | 55.26% Memory free
2.07 Gb Paging File | 1.53 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): C:\pagefile.sys 1308 2616 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.50 Gb Total Space | 98.41 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
Drive E: | 7.26 Gb Total Space | 7.16 Gb Free Space | 98.64% Space Free | Partition Type: FAT32
Drive H: | 253.90 Gb Total Space | 71.36 Gb Free Space | 28.10% Space Free | Partition Type: NTFS
Drive I: | 279.48 Gb Total Space | 184.97 Gb Free Space | 66.18% Space Free | Partition Type: NTFS
Drive Y: | 278.46 Gb Total Space | 96.54 Gb Free Space | 34.67% Space Free | Partition Type: NTFS

Computer Name: NAL006A | User Name: jtracey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: SERIAL.SYS >
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:serial.sys
[2008/04/14 07:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:serial.sys
[2008/04/14 07:00:00 | 000,064,512 | ---- | M] () MD5=1B51562F85751AE3DE33A28862BE6F09 -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/14 07:00:00 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\RRbackups\FR\UF\WINDOWS\system32\drivers\serial.sys

< >

< >

< >

< End of report >
  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks. That was what I wanted.


Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console (XP only)

    Posted Image
  • ComboFix will then extract it's files before beginning the scan.

    Posted Image
  • When the scan begins you will see a window like the image below. Although the program states that the scan typically doesn't take more than 10 minutes there are 50 stages or so that it goes through. On a severely infected machine it can take much longer so please be patient.

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The ComboFix.txt log
  • 0

#15
mej_jeff

mej_jeff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
After 50 minutes, the screen still shows only the initial scanning for infected files message. Does this indicate a problem?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP