Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
34 replies to this topic

#1 medovic

medovic

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 04 September 2012 - 02:21 PM

Hello, thank you for your help. Google redirects my searches regularly, and recently my computer has become very slow. I have run Malwarebytes, AVG, Hitman Pro, and Microsoft Windows Malicious Software Removal Tool and they have cleaned a few things. The problem still persists. My email account was also compromised recently and spam email was sent to my recent contacts from my address. I have since changed my password.


I have attached ark.txt and attach.txt and here is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Medovic at 6:00:59 on 2012-09-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2891 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080904
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080904
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAA1ADcAMwA2ADUAMwAzADQALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEALQBEAEQAVAArADAA"&"prod=90"&"ver=9.0.894
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285650251734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{27813A5B-1196-4CC1-8F6F-62EEED84D844} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\Medovic\application data\mozilla\firefox\profiles\w517w3dj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-3-2 105832]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-31 655944]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2008-9-9 1373480]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-31 22344]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S2 srv1344;srv1344;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S2 srv418;srv418;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S2 srvDA4;srvDA4;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 htcusbnet;HTC USB-NDIS miniport;c:\windows\system32\drivers\htcusbnet.sys [2012-9-3 130048]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-20 114144]
.
=============== Created Last 30 ================
.
2012-09-03 20:07:06 130048 ----a-w- c:\windows\system32\drivers\htcusbnet.sys
2012-09-03 20:06:04 -------- d-----w- c:\program files\HTC
2012-09-03 20:04:29 -------- d-----w- C:\Temp
2012-08-29 17:54:53 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-08-17 00:02:02 -------- d-----w- c:\documents and settings\Medovic\application data\AVG2012
2012-08-17 00:00:34 -------- d--h--w- C:\$AVG
.
==================== Find3M ====================
.
2012-08-15 05:16:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 05:16:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 6:02:01.01 ===============

Attached Files


Edited by medovic, 04 September 2012 - 02:46 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 04 September 2012 - 06:43 PM

Hello medovic,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.


Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 medovic

medovic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 04 September 2012 - 07:04 PM

Hello fireman4it and thank you very much for your help. It is greatly appreciated. Yes I do have a USB Flash Drive.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 04 September 2012 - 08:05 PM

1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 medovic

medovic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 04 September 2012 - 10:48 PM

My machine is running a little faster, however Google is still redirecting.

I have attached the TDSSKiller log and Combofix log because they are too big and the forum won't allow copy paste.

Attached Files


Edited by medovic, 04 September 2012 - 11:14 PM.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 05 September 2012 - 04:25 PM

Hello,

Can you please tell me if it is redirecting in all your browsers or just one of them. IE, Firefox , Chrome?

1.
Re-run TddsKiller and please select quarantine or delete for the following ONLY.

18:38:10.0031 3636 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:38:10.0031 3636 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip



2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

3.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

4.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.



Things to include in your next reply::
TdssKiller log
Roguekiller log
Eset Log
yorkyt. log
How is your machine running now?

Edited by fireman4it, 05 September 2012 - 04:25 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 medovic

medovic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 06 September 2012 - 11:10 AM

Hey fireman, it seemed to only be redirecting in Firefox, but I think that is fixed now. Here are the logs. My computer is still running slow. Internet is very slow, and so is startup.
I ran AVG, Malwarebytes, and Hitman at the end of all of this and it didn't find anything. Thanks again for your help.

RKreport:

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Hemal Patel [Admin rights]
Mode : Scan -- Date : 09/05/2012 17:02:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY FF] w517w3dj.default\ : -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320421ASG +++++
--- User ---
[MBR] a1bb0b68b40cb8b9b93eadb1e8e399e6
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 305133 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



ESETScan:


C:\Documents and Settings\Hemal Patel\Application Data\Mozilla\Firefox\Profiles\w517w3dj.default\extensions\zwkkbcsqoe@zwkkbcsqoe.org.xpi JS/Redirector.NBX trojan deleted - quarantined
C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\{B7BAC886-7AB7-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\52\640f9e74-63bbed06 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\6acfc7ba-26a0e43d multiple threats deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Hemal Patel\Application Data\Mozilla\Firefox\Profiles\w517w3dj.default\extensions\{8dc08be6-6238-4a10-b1d9-903766ca9ea9}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\Hemal Patel\Application Data\Mozilla\Firefox\Profiles\w517w3dj.default\extensions\{ff2a99e0-e3a3-42bb-aef4-39b484b14a2e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP996\A0227868.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP996\A0227869.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.09.2012_16.26.45\tdlfs0000\tsk0002.dta a variant of Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.09.2012_16.26.45\tdlfs0000\tsk0005.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.09.2012_16.26.45\tdlfs0000\tsk0006.dta a variant of Win32/Rootkit.Kryptik.EB trojan cleaned by deleting - quarantined

Attached Files


Edited by medovic, 06 September 2012 - 03:05 PM.


#8 medovic

medovic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 06 September 2012 - 11:11 AM

2012-09-06 01:13:23: ****************************************************
2012-09-06 01:13:23: Starting UP ... v 0.0.0.220
2012-09-06 01:13:23: ****************************************************
2012-09-06 01:13:23: Stop TPSRV returns: 2
2012-09-06 01:13:38: Listing processes...
2012-09-06 01:13:38: :[System Process]:0
2012-09-06 01:13:38: :System:4
2012-09-06 01:13:38: :smss.exe:1172
2012-09-06 01:13:38: :csrss.exe:1276
2012-09-06 01:13:38: :winlogon.exe:1320
2012-09-06 01:13:38: :services.exe:1384
2012-09-06 01:13:38: :lsass.exe:1396
2012-09-06 01:13:38: :svchost.exe:1640
2012-09-06 01:13:38: :svchost.exe:1700
2012-09-06 01:13:38: :svchost.exe:1744
2012-09-06 01:13:38: :svchost.exe:136
2012-09-06 01:13:38: :svchost.exe:220
2012-09-06 01:13:38: :WLTRYSVC.EXE:400
2012-09-06 01:13:38: :BCMWLTRY.EXE:416
2012-09-06 01:13:38: :spoolsv.exe:616
2012-09-06 01:13:38: :scardsvr.exe:704
2012-09-06 01:13:38: :svchost.exe:964
2012-09-06 01:13:38: :avgwdsvc.exe:996
2012-09-06 01:13:38: :mDNSResponder.exe:1020
2012-09-06 01:13:38: :jqs.exe:284
2012-09-06 01:13:38: :mbamservice.exe:1144
2012-09-06 01:13:38: :NicConfigSvc.exe:1444
2012-09-06 01:13:38: :nvsvc32.exe:1808
2012-09-06 01:13:38: :PSIService.exe:1912
2012-09-06 01:13:38: :svchost.exe:572
2012-09-06 01:13:38: :Wacom_Tablet.exe:652
2012-09-06 01:13:38: :tcsd_win32.exe:768
2012-09-06 01:13:38: :TdmService.exe:1848
2012-09-06 01:13:38: :TosBtSrv.exe:2268
2012-09-06 01:13:38: :nmsrvc.exe:2548
2012-09-06 01:13:38: :alg.exe:2580
2012-09-06 01:13:38: :wmiprvse.exe:936
2012-09-06 01:13:38: :wmiprvse.exe:4092
2012-09-06 01:13:38: :Wacom_TabletUser.exe:2980
2012-09-06 01:13:38: :Wacom_Tablet.exe:780
2012-09-06 01:13:38: :explorer.exe:2800
2012-09-06 01:13:38: :SynTPEnh.exe:2340
2012-09-06 01:13:38: :rundll32.exe:3532
2012-09-06 01:13:38: :WLTRAY.EXE:144
2012-09-06 01:13:38: :nmctxth.exe:2204
2012-09-06 01:13:38: :nmapp.exe:544
2012-09-06 01:13:38: :avgtray.exe:656
2012-09-06 01:13:38: :ctfmon.exe:3528
2012-09-06 01:13:38: :TosBtMng.exe:2752
2012-09-06 01:13:38: :TosA2dp.exe:384
2012-09-06 01:13:38: :TosBtHid.exe:3976
2012-09-06 01:13:38: :TosBtHSP.exe:1612
2012-09-06 01:13:38: :TosAVRC.exe:2180
2012-09-06 01:13:38: :svchost.exe:2344
2012-09-06 01:13:38: :wuauclt.exe:2660
2012-09-06 01:13:38: :yorkyt.exe:2964
2012-09-06 01:13:38:
2012-09-06 01:13:38: Setting restore point
2012-09-06 01:14:21: Determining autonomous or dropped mode...
2012-09-06 01:14:21: Autonomus mode
2012-09-06 01:14:21: Installing drivers...
2012-09-06 01:14:37: Checking that it installed...
2012-09-06 01:14:37: Driver is installed...
2012-09-06 01:14:37: cmd.exe /c start "C:\Documents and Settings\Hemal Patel\Desktop\yorkyt.exe"
2012-09-06 01:14:40: Restarting...
2012-09-06 01:31:31: ****************************************************
2012-09-06 01:31:31: Starting UP ... v 0.0.0.220
2012-09-06 01:31:31: ****************************************************
2012-09-06 01:31:33: Stop TPSRV returns: 2
2012-09-06 01:31:48: Listing processes...
2012-09-06 01:31:48: :[System Process]:0
2012-09-06 01:31:48: :System:4
2012-09-06 01:31:48: :smss.exe:1300
2012-09-06 01:31:48: :csrss.exe:1460
2012-09-06 01:31:48: :winlogon.exe:1520
2012-09-06 01:31:48: :services.exe:1608
2012-09-06 01:31:48: :lsass.exe:1628
2012-09-06 01:31:48: :svchost.exe:1880
2012-09-06 01:31:48: :svchost.exe:1972
2012-09-06 01:31:48: :svchost.exe:2016
2012-09-06 01:31:48: :svchost.exe:764
2012-09-06 01:31:48: :svchost.exe:672
2012-09-06 01:31:48: :WLTRYSVC.EXE:572
2012-09-06 01:31:48: :BCMWLTRY.EXE:1116
2012-09-06 01:31:48: :spoolsv.exe:1212
2012-09-06 01:31:48: :scardsvr.exe:1244
2012-09-06 01:31:48: :svchost.exe:1356
2012-09-06 01:31:48: :avgwdsvc.exe:1540
2012-09-06 01:31:48: :mDNSResponder.exe:1632
2012-09-06 01:31:48: :jqs.exe:1828
2012-09-06 01:31:48: :NicConfigSvc.exe:768
2012-09-06 01:31:48: :nvsvc32.exe:708
2012-09-06 01:31:48: :PSIService.exe:676
2012-09-06 01:31:48: :avgrsx.exe:1968
2012-09-06 01:31:48: :avgnsx.exe:612
2012-09-06 01:31:48: :avgemcx.exe:588
2012-09-06 01:31:48: :avgcsrvx.exe:1368
2012-09-06 01:31:48: :svchost.exe:2092
2012-09-06 01:31:48: :Wacom_Tablet.exe:2196
2012-09-06 01:31:48: :tcsd_win32.exe:2464
2012-09-06 01:31:48: :TosBtSrv.exe:2744
2012-09-06 01:31:48: :dllhost.exe:2784
2012-09-06 01:31:48: :nmsrvc.exe:2948
2012-09-06 01:31:48: :avgidsagent.exe:3444
2012-09-06 01:31:48: :wuauclt.exe:3464
2012-09-06 01:31:48: :wmiprvse.exe:3584
2012-09-06 01:31:48: :dllhost.exe:3728
2012-09-06 01:31:48: :alg.exe:3024
2012-09-06 01:31:48: :wmiprvse.exe:3096
2012-09-06 01:31:48: :msdtc.exe:784
2012-09-06 01:31:48: :Wacom_Tablet.exe:780
2012-09-06 01:31:48: :explorer.exe:1248
2012-09-06 01:31:48: :yorkyt.exe:3900
2012-09-06 01:31:48: :wuauclt.exe:3836
2012-09-06 01:31:48: :SynTPEnh.exe:3188
2012-09-06 01:31:48: :nwiz.exe:2920
2012-09-06 01:31:48:
2012-09-06 01:31:48: RUN mode
2012-09-06 01:31:48: Determining autonomous or dropped mode...
2012-09-06 01:31:48: Autonomus mode
2012-09-06 01:31:50: Waiting for Explorer.exe...
2012-09-06 01:32:20: Launching parsers...
2012-09-06 01:32:38: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\KDCOM.DLL KDCOM.DLL
2012-09-06 01:32:38: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\BOOTVID.DLL BOOTVID.DLL
2012-09-06 01:32:38: ... Failed to identify driver B41CB3AA2E0AAE024B4FB316FE440BE4, using metod 2...
2012-09-06 01:32:38: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DASBOOT.SYS
2012-09-06 01:32:38: ... Failed to identify driver 12DCA4373B9B0B3CFE505B0025BEB952, using metod 2...
2012-09-06 01:32:38: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DASBOOTD.SYS
2012-09-06 01:32:38: ... Failed to identify driver 718FB269AF435683E8ADBD5D2B36CF1A, using metod 2...
2012-09-06 01:32:38: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DASBOOTK.SYS
2012-09-06 01:32:38: ... Failed to identify driver C91F0B434B6F95A7EEC71361D166DFBF, using metod 2...
2012-09-06 01:32:38: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DASBOOTI.SYS
2012-09-06 01:32:38: ... Failed to identify driver F0B3EFFD3D114C5ABC75BA81302AFCFF, using metod 2...
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DASBOOTS.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS ACPI.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS WMILIB.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS PCI.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS ISAPNP.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\COMPBATT.SYS COMPBATT.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\BATTC.SYS BATTC.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS PCIIDE.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\PCIIDEX.SYS PCIIDEX.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\MOUNTMGR.SYS MOUNTMGR.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS FTDISK.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS DMIO.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\PARTMGR.SYS PARTMGR.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS VOLSNAP.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS ATAPI.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS SCSIDISK.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\CLASSPNP.SYS CLASSPNP.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS FLTMGR.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\SR.SYS SR.SYS
2012-09-06 01:32:39: ... Failed to identify driver 0EE93AB799D1CB4EC90B36F3612FE907, using metod 2...
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DLACDBHM.SYS
2012-09-06 01:32:39: ... Failed to identify driver 5D3B71BB2BB0009D65D290E2EF374BD3, using metod 2...
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DRVMCDB.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\PXHELP20.SYS PXHELP20.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\KSECDD.SYS KSECDD.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\NTFS.SYS NTFS.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\NDIS.SYS NDIS.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\PBADRV.SYS PBADRV.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\OHCI1394.SYS OHCI1394.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\1394BUS.SYS 1394BUS.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\MUP.SYS MUP.SYS
2012-09-06 01:32:39: ... Failed to identify driver 998242A4EDE6992396A90585CC121F2C, using metod 2...
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DASBOOTF.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\AVGRKX86.SYS AVGRKX86.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\AVGIDSHX.SYS IDSFRHR.SYS
2012-09-06 01:32:39: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\NIC1394.SYS NIC1394.SYS
2012-09-06 01:32:39: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS INTELPPM.SYS
2012-09-06 01:32:39: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\VIDEOPRT.SYS VIDEOPRT.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS NV4_MINI.SYS
2012-09-06 01:32:40: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\USBPORT.SYS USBPORT.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS USBUHCI.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS USBEHCI.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\HDAUDBUS.SYS HDAUDBUS.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\BCMWL5.SYS BCMWL5.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\B57XP32.SYS B57XP32.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\SDBUS.SYS SDBUS.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\RIMMPTSK.SYS RIMMPTSK.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\RIMSPTSK.SYS RIMSPTSK.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\RIXDPTSK.SYS RIXDPTSK.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS I8042PRT.SYS
2012-09-06 01:32:40: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\USBD.SYS USBD.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\SYNTP.SYS SYNTP.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS MOUCLASS.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS KBDCLASS.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS IMAPI.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS CDROM.SYS
2012-09-06 01:32:40: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\KS.SYS KS.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS REDBOOK.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\CMBATT.SYS CMBATT.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\WMIACPI.SYS WMIACPI.SYS
2012-09-06 01:32:40: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\HIDPARSE.SYS HIDPARSE.SYS
2012-09-06 01:32:40: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\HIDCLASS.SYS HIDCLASS.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\WACOMVHID.SYS WACOMVHID.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\WACOMVKHID.SYS WACOMVHID.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS AUDSTUB.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS RASL2TP.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS NDISTAPI.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS NDISWAN.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS RASPPPOE.SYS
2012-09-06 01:32:40: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\TDI.SYS TDI.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS RASPPTP.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS PSCHED.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS MSGPC.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS PTILINK.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS RASPTI.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS RDPDR.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS TERMDD.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS SWENUM.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS UPDATE.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS SMBIOS.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\WAVEFDE.SYS WAVEFDE.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS MOUHID.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\WACOMMOUSEFILTER.SYS WACOMMOUSEFILTER.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\KBDHID.SYS KBDHID.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\NDPROXY.SYS NDPROXY.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS USBHUB.SYS
2012-09-06 01:32:40: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DRMK.SYS DRMK.SYS
2012-09-06 01:32:40: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\PORTCLS.SYS PORTCLS.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\STHDA.SYS STHDA.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\HSFHWAZL.SYS HSF_HWAZL.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.SYS HSF_DP.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.SYS HSF_CNXT.SYS
2012-09-06 01:32:40: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\MODEM.SYS MODEM.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\SFLOPPY.SYS SFLOPPY.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\I2OMGMT.SYS I2OFLTR.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\AVGMFX86.SYS AVGMFX86.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\CDAUDIO.SYS CDAUDIO.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS FS_REC.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS NULL.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS BEEP.SYS
2012-09-06 01:32:41: ... Failed to identify driver 336AE18F0912EF4FBE5518849E004D74, using metod 2...
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\DLARTL_M.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS VGA.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS VIDEOSIM.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS RDPCDD.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\MSFS.SYS MSFS.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\NPFS.SYS NPFS.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS RASACD.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS IPSEC.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\USBCCGP.SYS USBCCGP.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS TCPIP.SYS
2012-09-06 01:32:41: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\SMCLIB.SYS SMCLIB.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\OZ776.SYS OZ776.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\AVGTDIX.SYS AVGTDIX.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS IPNAT.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS WANARP.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.SYS USBAUDIO.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\ARP1394.SYS ARP1394.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS NETBT.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS HIDUSB.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS WS2IFSL.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS AFD.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS NETBIOS.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS SERIAL.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\TOSRFUSB.SYS TOSRFUSB.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\TOSRFCOM.SYS TOSRFCOM.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS RDBSS.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS MRXSMB.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\TOSRFBD.SYS TOSRFBD.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\FIPS.SYS FIPS.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\AVGLDX86.SYS AVGLDX86.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\TOSRFHID.SYS TOSRFHID.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\TOSRFBNP.SYS TOSRFBNP.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\TOSRFNDS.SYS TOSRFBNEP.SYS
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS APPDRV.[VXD,SYS]
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\CDFS.SYS CDFS.SYS
2012-09-06 01:32:41: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS WMILIB.SYS
2012-09-06 01:32:41: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS ATAPI.SYS
2012-09-06 01:32:41: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DXAPI.SYS DXAPI.SYS
2012-09-06 01:32:41: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\WATCHDOG.SYS WATCHDOG.SYS
2012-09-06 01:32:41: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\WIN32K.SYS WIN32K.SYS
2012-09-06 01:32:41: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DXGTHK.SYS DXGTHK.SYS
2012-09-06 01:32:41: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\DXG.SYS DXG.SYS
2012-09-06 01:32:41: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\NV4_DISP.DLL NV4_DISP.DLL
2012-09-06 01:32:41: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\VGA.DLL VGA.DLL
2012-09-06 01:32:41: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\ATMFD.DLL ATMFD.DLL
2012-09-06 01:32:41: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\WAVXDMGR.SYS SCANNER.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\SYSTEM32\DRIVERS\MBAM.SYS MBAM.SYS
2012-09-06 01:32:42: ... Failed to identify driver C591BA9F96F40A1FD6494DAFDCD17185, using metod 2...
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\DRVNDDM.SYS
2012-09-06 01:32:42: ... Failed to identify driver 87413B94AE1FABC117C4E8AE6725134E, using metod 2...
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\DLADRESM.SYS
2012-09-06 01:32:42: ... Failed to identify driver 766A148235BE1C0039C974446E4C0EDC, using metod 2...
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\DLAIFS_M.SYS
2012-09-06 01:32:42: ... Failed to identify driver 38267CCA177354F1C64450A43A4F7627, using metod 2...
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\DLAOPIOM.SYS
2012-09-06 01:32:42: ... Failed to identify driver FD363369FD313B46B5AEAB1A688B52E9, using metod 2...
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\DLAPOOLM.SYS
2012-09-06 01:32:42: ... Failed to identify driver A0500678A33802D8954153839301D539, using metod 2...
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\DLABMFSM.SYS
2012-09-06 01:32:42: ... Failed to identify driver B8D2F68CAC54D46281399F9092644794, using metod 2...
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\DLABOIOM.SYS
2012-09-06 01:32:42: ... Failed to identify driver FD85F682C1CC2A7CA878C7A448E6D87E, using metod 2...
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\DLAUDFAM.SYS
2012-09-06 01:32:42: ... Failed to identify driver AF389CE587B6BF5BBDCD6F6ABE5EABC0, using metod 2...
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\DLAUDF_M.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS NDISUIO.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\PNARP.SYS PNARP.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\PURENDIS.SYS PURENDIS.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS MRXDAV.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\AVGIDSSHIMX.SYS IDSSHIM.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS SRV.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\MDMXSDK.SYS MDMXSDK.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\AVGIDSFILTERX.SYS IDSFILTER.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\AVGIDSDRIVERX.SYS IDSDRIVER.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS HTTP.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS WDMAUD.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS SYSAUDIO.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS SPLITTER.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS AEC.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS SWMIDI.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS DMUSIC.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS KMIXER.SYS
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS DRMKAUD.SYS
2012-09-06 01:32:42: ... Failed to identify driver B3C157A66ECDBCD3570E2DA139225589, using metod 2...
2012-09-06 01:32:42: Looking at \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\DRIVERS\PRSBDRVR.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\nic1394.sys NIC1394.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ntdll.dll NTDLL.DLL
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\intelppm.sys INTELPPM.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\nv4_mini.sys NV4_MINI.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\videoprt.sys VIDEOPRT.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\usbuhci.sys USBUHCI.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\usbport.sys USBPORT.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\usbehci.sys USBEHCI.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\hdaudbus.sys HDAUDBUS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\BCMWL5.SYS BCMWL5.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\b57xp32.sys B57XP32.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\sdbus.sys SDBUS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\rimmptsk.sys RIMMPTSK.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\rimsptsk.sys RIMSPTSK.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\rixdptsk.sys RIXDPTSK.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\i8042prt.sys I8042PRT.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\SynTP.sys SYNTP.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\usbd.sys USBD.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\mouclass.sys MOUCLASS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\kbdclass.sys KBDCLASS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\imapi.sys IMAPI.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\cdrom.sys CDROM.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\redbook.sys REDBOOK.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\ks.sys KS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\cmbatt.sys CMBATT.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\wmiacpi.sys WMIACPI.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\wacomvhid.sys WACOMVHID.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\hidclass.sys HIDCLASS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\hidparse.sys HIDPARSE.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\WacomVKHid.sys WACOMVHID.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\audstub.sys AUDSTUB.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\rasl2tp.sys RASL2TP.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\ndistapi.sys NDISTAPI.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\ndiswan.sys NDISWAN.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\raspppoe.sys RASPPPOE.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\raspptp.sys RASPPTP.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\tdi.sys TDI.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\psched.sys PSCHED.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\msgpc.sys MSGPC.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\ptilink.sys PTILINK.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\raspti.sys RASPTI.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\rdpdr.sys RDPDR.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\termdd.sys TERMDD.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\swenum.sys SWENUM.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\update.sys UPDATE.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\mssmbios.sys SMBIOS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\WaveFDE.sys WAVEFDE.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\mouhid.sys MOUHID.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\wacommousefilter.sys WACOMMOUSEFILTER.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\kbdhid.sys KBDHID.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\ndproxy.sys NDPROXY.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\usbhub.sys USBHUB.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\sthda.sys STHDA.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\portcls.sys PORTCLS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\drmk.sys DRMK.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\HSFHWAZL.sys HSF_HWAZL.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\HSF_DPV.sys HSF_DP.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\HSF_CNXT.sys HSF_CNXT.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\modem.sys MODEM.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\sfloppy.sys SFLOPPY.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\i2omgmt.sys I2OFLTR.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\avgmfx86.sys AVGMFX86.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\cdaudio.sys CDAUDIO.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\fs_rec.sys FS_REC.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\null.sys NULL.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\beep.sys BEEP.SYS
2012-09-06 01:32:42: ... Failed to identify driver 336AE18F0912EF4FBE5518849E004D74, using metod 2...
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\DLARTL_M.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\vga.sys VGA.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\mnmdd.sys VIDEOSIM.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\rdpcdd.sys RDPCDD.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\msfs.sys MSFS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\npfs.sys NPFS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\rasacd.sys RASACD.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\ipsec.sys IPSEC.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\usbccgp.sys USBCCGP.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\tcpip.sys TCPIP.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\oz776.sys OZ776.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\smclib.sys SMCLIB.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\avgtdix.sys AVGTDIX.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\ipnat.sys IPNAT.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\wanarp.sys WANARP.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\USBAUDIO.sys USBAUDIO.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\arp1394.sys ARP1394.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\netbt.sys NETBT.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\hidusb.sys HIDUSB.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\ws2ifsl.sys WS2IFSL.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\afd.sys AFD.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\netbios.sys NETBIOS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\serial.sys SERIAL.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\tosrfusb.sys TOSRFUSB.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\tosrfcom.sys TOSRFCOM.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\rdbss.sys RDBSS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\mrxsmb.sys MRXSMB.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\tosrfbd.sys TOSRFBD.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\fips.sys FIPS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\avgldx86.sys AVGLDX86.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\Tosrfhid.sys TOSRFHID.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\tosrfbnp.sys TOSRFBNP.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\tosrfnds.sys TOSRFBNEP.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\APPDRV.SYS APPDRV.[VXD,SYS]
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\smss.exe SMSS.EXE
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\autochk.exe AUTOCHK.EXE
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgrsx.exe AVGRS.EXE
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgsysx.dll AVGSYS.DLL
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgntopensslx.dll AVGNTOPENSSL.DLL
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avglogx.dll AVGLOG.DLL
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\cdfs.sys CDFS.SYS
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\csrsrv.dll CSRSRV.DLL
2012-09-06 01:32:42: Looking at \Device\HarddiskVolume2\WINDOWS\system32\url.dll URL.DLL
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\imagehlp.dll IMAGEHLP.DLL
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\urlmon.dll URLMON.DLL
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\advapi32.dll ADVAPI32.DLL
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\comdlg32.dll COMDLG32.DLL
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\gdi32.dll GDI32
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\kernel32.dll KERNEL32
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\lz32.dll LZ32.DLL
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ole32.dll OLE32.DLL
2012-09-06 01:32:43: ... Failed to identify driver 1B2BE5777F69A71778F52FFEE1C798D6, using metod 2...
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\oleaut32.dll
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\olecli32.dll OLECLI32.DLL
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\olecnv32.dll OLECNV32.DLL
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\olesvr32.dll OLESVR32.DLL
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\olethk32.dll OLETHK32.DLL
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rpcrt4.dll RPCRT4.DLL
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ieframe.dll IEFRAME.DLL
2012-09-06 01:32:43: Looking at \Device\HarddiskVolume2\WINDOWS\system32\shell32.dll SHELL32.DLL
2012-09-06 01:32:44: Looking at \Device\HarddiskVolume2\WINDOWS\system32\user32.dll USER32
2012-09-06 01:32:44: Looking at \Device\HarddiskVolume2\WINDOWS\system32\version.dll VERSION.DLL
2012-09-06 01:32:44: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wininet.dll WININET.DLL
2012-09-06 01:32:44: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wldap32.dll WLDAP32.DLL
2012-09-06 01:32:44: Looking at \Device\HarddiskVolume2\WINDOWS\system32\comctl32.dll COMCTL32.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\shlwapi.dll SHLWAPI.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msvcrt.dll MSVCRT.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mpr.dll MPR.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ntvdm.exe NTVDM.EXE
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wow32.dll WOW32.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\secur32.dll SECURITY.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\iertutil.dll IERTUTIL.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\normaliz.dll NORMALIZ.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\apphelp.dll APPHELP
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\userenv.dll USERENV.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\atapi.sys ATAPI.SYS
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\wmilib.sys WMILIB.SYS
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgchjwx.dll CHJWSDK.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgcclix.dll AVGCCLI.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\win32k.sys WIN32K.SYS
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\dxapi.sys DXAPI.SYS
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\watchdog.sys WATCHDOG.SYS
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\csrss.exe CSRSS.EXE
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\basesrv.dll BASESRV
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\winsrv.dll WINSRV.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\dxg.sys DXG.SYS
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\dxgthk.sys DXGTHK.SYS
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\nv4_disp.dll NV4_DISP.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\sfcfiles.dll SFCFILES.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\vga.dll VGA.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\winlogon.exe WINLOGON.EXE
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\authz.dll AUTHZ.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\crypt32.dll CRYPT32.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msasn1.dll MSASN1.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\nddeapi.dll NDDEAPI.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgcslx.dll AVGCSL.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\profmap.dll USERENV.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\netapi32.dll NETAPI32.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\psapi.dll PSAPI
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\regapi.dll REGAPI.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgcfgx.dll AVGCFG.DLL
2012-09-06 01:32:45: Looking at \Device\HarddiskVolume2\WINDOWS\system32\setupapi.dll SETUPAPI.DLL
2012-09-06 01:32:46: Looking at \Device\HarddiskVolume2\WINDOWS\system32\winsta.dll WINSTA.DLL
2012-09-06 01:32:46: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wintrust.dll WINTRUST.DLL
2012-09-06 01:32:46: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ws2_32.dll WS2_32.DLL
2012-09-06 01:32:46: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ws2help.dll WS2HELP.DLL
2012-09-06 01:32:46: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll ATL80.DLL
2012-09-06 01:32:46: Looking at \Device\HarddiskVolume2\WINDOWS\system32\imm32.dll IMM32
2012-09-06 01:32:46: Looking at \Device\HarddiskVolume2\WINDOWS\system32\kbdus.dll KBDUS.DLL
2012-09-06 01:32:46: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll MFC80.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll MSVCR80.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll MSVCP80.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll MSVCM80.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mscoree.dll MSCOREE.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgcmgr.exe AVGCMGR.EXE
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\atmfd.dll ATMFD.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgwdsvc.exe AVGWDSVC.EXE
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgwd.dll AVGWD.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msctfime.ime MSCTFIME.IME
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgemcx.exe AVGEMC.EXE
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msgina.dll MSGINA.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\odbc32.dll ODBC32
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\sxs.dll SXS.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgsched.dll AVGSCHED.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll COMCTL32.DLL
2012-09-06 01:32:47: ... Failed to identify driver 5A5CFF37F1BD0F86B9BDAAD7A9445882, using metod 2...
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\WindowsShell.Manifest
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\odbcint.dll ODBCINT
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\shsvcs.dll SHSVCS.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\sfc.dll SFC.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\sfc_os.dll SFC.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgtray.exe AVGTRAY.EXE
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\services.exe SERVICES.EXE
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\lsass.exe LSASS.EXE
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ncobjapi.dll NCOBJAPI.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msvcp60.dll MSVCP60.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\scesrv.dll SCESRV
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\lsasrv.dll LSASRV.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\umpnpmgr.dll UMPNPMGR.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ntdsapi.dll NTDSAPI.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\dnsapi.dll DNSAPI
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\shimeng.dll SHIMENGINEDLL(IAT)
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\samlib.dll SAMLIB.DLL
2012-09-06 01:32:47: ... Failed to identify driver EA9EE60B408878E5F2012F9C783836DB, using metod 2...
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\AppPatch\acadproc.dll J%PRODUCTNAME
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\samsrv.dll SAMSRV.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\cryptdll.dll CRYPTDLL.DLL
2012-09-06 01:32:47: ... Failed to identify driver 310C15FD8358B2C4CD7A5B98A112883F, using metod 2...
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\AppPatch\acgenral.dll J%PRODUCTNAME
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\winmm.dll WINMM.DLL
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msacm32.dll MSFLTR32.ACM
2012-09-06 01:32:47: Looking at \Device\HarddiskVolume2\WINDOWS\system32\uxtheme.dll UXTHEME.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll MFC90U.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msapsspc.dll MSAPSSPC.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msvcrt40.dll MSVCRT40.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\schannel.dll SCHANNEL.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\digest.dll DIGEST.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msnsspc.dll MSNSSPC.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msprivs.dll MSPRIV.DLL
2012-09-06 01:32:48: ... Failed to identify driver 5D76C3FB736514E1D7C88791E7322784, using metod 2...
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\WindowsLogon.manifest
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\kerberos.dll KERBEROS.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msv1_0.dll MSV1_0.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\iphlpapi.dll IPHLPAPI.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\netlogon.dll NETLOGON.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\w32time.dll W32TIME.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wdigest.dll WDIGEST.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msvfw32.dll MSVFW32.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rsaenh.dll RSAENH.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msctf.dll MSCTF.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wvauth.dll WVAUTH.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\winscard.dll WINSCARD.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wtsapi32.dll WTSAPI32.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\biolsp.dll BIOLSP.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\d3d9.dll D3D9.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\activeds.dll ADS
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\adsldpc.dll ADSLDPC
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\atl.dll ATL.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\scecli.dll SCECLI
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\WavxDMgr.sys SCANNER.SYS
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\mbam.sys MBAM.SYS
2012-09-06 01:32:48: ... Failed to identify driver C591BA9F96F40A1FD6494DAFDCD17185, using metod 2...
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\DRVNDDM.SYS
2012-09-06 01:32:48: ... Failed to identify driver 87413B94AE1FABC117C4E8AE6725134E, using metod 2...
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\DLADResM.SYS
2012-09-06 01:32:48: ... Failed to identify driver 766A148235BE1C0039C974446E4C0EDC, using metod 2...
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\DLAIFS_M.SYS
2012-09-06 01:32:48: ... Failed to identify driver 38267CCA177354F1C64450A43A4F7627, using metod 2...
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\DLAOPIOM.SYS
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\logonui.exe LOGONUI.EXE
2012-09-06 01:32:48: ... Failed to identify driver FD363369FD313B46B5AEAB1A688B52E9, using metod 2...
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\DLAPoolM.SYS
2012-09-06 01:32:48: ... Failed to identify driver A0500678A33802D8954153839301D539, using metod 2...
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\DLABMFSM.SYS
2012-09-06 01:32:48: ... Failed to identify driver B8D2F68CAC54D46281399F9092644794, using metod 2...
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\DLABOIOM.SYS
2012-09-06 01:32:48: ... Failed to identify driver FD85F682C1CC2A7CA878C7A448E6D87E, using metod 2...
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\DLAUDFAM.SYS
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\duser.dll DUSER.DLL
2012-09-06 01:32:48: ... Failed to identify driver AF389CE587B6BF5BBDCD6F6ABE5EABC0, using metod 2...
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\DLAUDF_M.SYS
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msimg32.dll GDIEXT
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\svchost.exe SVCHOST.EXE
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\oleacc.dll OLEACC.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ntmarta.dll NTMARTA.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rpcss.dll RPCSS.DLL
2012-09-06 01:32:48: Looking at \Device\HarddiskVolume2\WINDOWS\system32\eventlog.dll EVENTLOG.DLL
2012-09-06 01:32:48: ... Failed to identify driver F137A0CA70003DB20448D540651FA003, using metod 2...
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\clbcatq.dll
2012-09-06 01:32:49: ... Failed to identify driver 1280A158C722FA95A80FB7AEBE78FA7D, using metod 2...
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\comres.dll
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\shgina.dll SHGINA.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\xpsp2res.dll XPSP2RES.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mswsock.dll MSWSOCK.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\hnetcfg.dll HNETCFG.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wshtcpip.dll WSHTCPIP.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\winrnr.dll WINRNR
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll MDNSNSP.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rasadhlp.dll RASADHLP.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\ndisuio.sys NDISUIO.SYS
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\cscdll.dll CSCDLL.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\pnarp.sys PNARP.SYS
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\purendis.sys PURENDIS.SYS
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\dimsntfy.dll DIMSNTFY.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\dnsrslvr.dll DNSRSLVR.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\dhcpcsvc.dll DHCPCSVC.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wlnotify.dll WLNOTIFY.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\winspool.drv WINSPOOL.DRV
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\Resources\Themes\Luna\luna.msstyles LUNA.MST
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\WgaLogon.dll WGALOGON.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\lmhsvc.dll LMHSVC.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wzcsvc.dll WZCSVC.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rtutils.dll RTUTILS.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wmi.dll WMI.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\eapolqec.dll EAPOLQEC.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msxml3.dll MSXML3.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\qutil.dll QUTIL.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\dot3api.dll DOT3API.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msxml3r.dll MSXML3R.DLL
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\esent.dll ESENT.DLL
2012-09-06 01:32:49: ... Failed to identify driver BCD7DB5C2FD6BFB59416F125DDE077FF, using metod 2...
2012-09-06 01:32:49: Looking at \Device\HarddiskVolume2\WINDOWS\system32\WLTRYSVC.EXE
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rastls.dll RASTLS.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\system32\cryptui.dll CRYPTUI.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\system32\BCMLogon.dll BCMLOGON.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mprapi.dll MPRAPI.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll MSVCR80.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rasapi32.dll RASAPI32.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rasman.dll RASMAN.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\system32\tapi32.dll TAPI32.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80.dll MFC80.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\system32\riched20.dll RICHED20.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mlang.dll MLANG.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll MFC80ENU.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\system32\raschap.dll RASCHAP.DLL
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mpnotify.exe MPNOTIFY.EXE
2012-09-06 01:32:50: Looking at \Device\HarddiskVolume2\WINDOWS\system32\xmlprovi.dll XMLPROVI.DLL
2012-09-06 01:32:52: Looking at \Device\HarddiskVolume2\WINDOWS\system32\BCMWLTRY.EXE BCMWLTRY.EXE
2012-09-06 01:32:52: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wzcsapi.dll WZCSAPI.DLL
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\cfgmgr32.dll CFGMGR32.DLL
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\powrprof.dll POWRPROF.DLL
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\schedsvc.dll SCHEDSVC.DLL
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msidle.dll MSIDLE.DLL
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\spoolsv.exe SPOOLSV.EXE
2012-09-06 01:32:53: ... Failed to identify driver AE5C2908126DE1A2C4CAC5EACFB57602, using metod 2...
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\bcm1xsup.dll
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\audiosrv.dll AUDIOSRV.DLL
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\bcmwlpkt.dll PACKET.DLL
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\scardsvr.exe SCARDSVR.EXE
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll MSVCP80.DLL
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wkssvc.dll WKSSVC.DLL
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wsock32.dll WSOCK32.DLL
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\mrxdav.sys MRXDAV.SYS
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\BCMWLNPF.SYS NPF.SYS
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\webclnt.dll DAVSVC.DLL
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wltrynt.dll WLTRYNT.DLL
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\avgidsshimx.sys IDSSHIM.SYS
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll ATL80.DLL
2012-09-06 01:32:53: ... Failed to identify driver D4991D98F2DB73C60D042F1AEF79EFAE, using metod 2...
2012-09-06 01:32:53: Looking at \Device\HarddiskVolume2\WINDOWS\system32\es.dll
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll MSVCR90.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\Bonjour\mDNSResponder.exe MDNSRESPONDER.EXE
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\cryptsvc.dll CRYPTSVC.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\certcli.dll CERTCLI
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\Java\jre6\bin\jqs.exe JQS.EXE
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ersvc.dll ERSVC.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll PCHSVC.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\Java\jre6\bin\msvcr71.dll MSVCR71.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\hidserv.dll HIDSERV.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\hid.dll HID.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\pdh.dll PDH.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\odbcbcp.dll ODBCBCP
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgclitx.dll AVGCLIT.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\srvsvc.dll SRVSVC.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\netmsg.dll NETMSG.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe MBAMSERVICE.EXE
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\srv.sys SRV.SYS
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgidpsdkx.dll AVGIDPSDKX.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\Malwarebytes' Anti-Malware\mbam.dll MBAM.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll MSVCP90.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\perfos.dll PERFOS.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\perfdisk.dll PERFDISK.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgwdwsc.dll AVGWDWSC.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll MBAMNET.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgnsx.exe AVGNS.EXE
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll MBAMCORE.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\mdmxsdk.sys MDMXSDK.SYS
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\netman.dll NETMAN.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\Dell\QuickSet\NicConfigSvc.exe NICCONFIGSVC.EXE
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\oledlg.dll OLEDLG.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgcorex.dll CORESDK.DLL
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\nvsvc32.exe NVSVC32.EXE
2012-09-06 01:32:54: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ipsecsvc.dll IPSECSVC.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\PSIService.exe PSISERVI.EXE
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wbemprox.dll WBEMPROX.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\netshell.dll NETSHELL.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\oakley.dll OAKLEY.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wbemcomn.dll WBEMCOMN.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\winipsec.dll WINIPSEC.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\credui.dll CREDUI.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\pstorsvc.dll PROTECTEDSTORAGESERVER
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\dot3dlg.dll DOT3DLG.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\psbase.dll PSBASE.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\onex.dll ONEX.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\eappcfg.dll EAPPCFG.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\eappprxy.dll EAPPPRXY.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\dssenh.dll DSSENH.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\PSIKey.dll PSIKEY.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgntsqlitex.dll AVGNTSQLITE.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgcsrvx.exe AVGCSRV.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\seclogon.dll SECLOGON.EXE
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\regsvc.dll REGSVC.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\sensapi.dll SENSAPI.DLL
2012-09-06 01:32:55: Looking at \Device\HarddiskVolume2\WINDOWS\system32\sens.dll SENS.DLL
2012-09-06 01:32:57: ... Failed to identify driver 579BA0A911FF5EA70CB604CD3B744B0A, using metod 2...
2012-09-06 01:32:57: Looking at \Device\HarddiskVolume2\Program Files\Skype\Updater\Updater.exe ,PRODUCTNAME
2012-09-06 01:32:58: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgcertx.dll AVGCERT.DLL
2012-09-06 01:32:58: Looking at \Device\HarddiskVolume2\WINDOWS\system32\srsvc.dll SERVICE.DLL
2012-09-06 01:32:58: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wiaservc.dll WIASERVC.DLL
2012-09-06 01:32:58: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgchclx.dll AVGCHCL.DLL
2012-09-06 01:32:58: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mscms.dll MSCMS.DLL
2012-09-06 01:32:58: Looking at \Device\HarddiskVolume2\WINDOWS\system32\Wacom_Tablet.exe WACOM_TABLET.EXE
2012-09-06 01:32:58: Looking at \Device\HarddiskVolume2\WINDOWS\system32\actxprxy.dll ACTXPRXY.DLL
2012-09-06 01:32:58: Looking at \Device\HarddiskVolume2\WINDOWS\system32\tapisrv.dll TAPISRV.EXE
2012-09-06 01:32:58: Looking at \Device\HarddiskVolume2\WINDOWS\system32\shfolder.dll SHFOLDER.DLL
2012-09-06 01:32:58: Looking at \Device\HarddiskVolume2\WINDOWS\system32\spoolss.dll SPOOLSS.DLL
2012-09-06 01:32:58: ... Failed to identify driver 23B506262493F1A521683EE88C5FBF60, using metod 2...
2012-09-06 01:32:58: Looking at \Device\HarddiskVolume2\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
2012-09-06 01:32:58: Looking at \Device\HarddiskVolume2\WINDOWS\system32\localspl.dll LOCALSPL.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\nvcpl.dll NVCPL.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\cnbjmon.dll CNBJMON.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\tpmddl.dll TPMLIB.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\E_FLBFCA.DLL EBPMONB.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\E_FLBBIA.DLL EBPMONB.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\fxsmon.dll FXSMON.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\fxsevent.dll FXSEVENT.DLL
2012-09-06 01:32:59: ... Failed to identify driver A27D803B21F24A5CFB775944EA4CB130, using metod 2...
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\pjlmon.dll PJLMON.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\tcpmon.dll TCPMON.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\TBTMon.dll TBTMON.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\TosBtHcrpAPI.dll TOSBTHCRPAPI.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll MSVCM80.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\TosBtAPI.dll TOSBTAPI.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\nvapi.dll NVAPI.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\TosBdAPI.dll TOSBDAPI.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\tbtmon98Language.dll TBTMON98LANGUAGE.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\usbmon.dll DYNAMON.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll PRINTFILTERPIPELINEPRXY.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\win32spl.dll WIN32SPL.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\netrap.dll NETRAP.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\system32\inetpp.dll INETPP.DLL
2012-09-06 01:32:59: Looking at \Device\HarddiskVolume2\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MSCORWKS.DLL
2012-09-06 01:33:00: Looking at \Device\HarddiskVolume2\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe TOSBTSRV.EXE
2012-09-06 01:33:00: Looking at \Device\HarddiskVolume2\WINDOWS\system32\dllhost.exe DLLHOST.EXE
2012-09-06 01:33:00: Looking at \Device\HarddiskVolume2\WINDOWS\system32\trkwks.dll TRKWKS.DLL
2012-09-06 01:33:00: Looking at \Device\HarddiskVolume2\WINDOWS\system32\nvdisps.dll NVDISPS.DLL
2012-09-06 01:33:00: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\avgidsfilterx.sys IDSFILTER.SYS
2012-09-06 01:33:00: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wmisvc.dll WMISVC.DLL
2012-09-06 01:33:00: Looking at \Device\HarddiskVolume2\WINDOWS\system32\fxssvc.exe FXSSVC.EXE
2012-09-06 01:33:00: Looking at \Device\HarddiskVolume2\WINDOWS\system32\vssapi.dll VSSAPI.DLL
2012-09-06 01:33:00: Looking at \Device\HarddiskVolume2\WINDOWS\system32\fxstiff.dll FXSTIFF.DLL
2012-09-06 01:33:00: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wuauserv.dll WUAUSERV.DLL
2012-09-06 01:33:00: ... Failed to identify driver ED0C0DF222209E43AD9AFBF3FE87DDE0, using metod 2...
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\comsvcs.dll
2012-09-06 01:33:01: ... Failed to identify driver 690D97864735E8ECD87F55777E266690, using metod 2...
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\colbact.dll
2012-09-06 01:33:01: ... Failed to identify driver 36795A645EAA47FE31D2A8F136A2C69B, using metod 2...
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mtxclu.dll
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\fxsapi.dll FXSAPI.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\clusapi.dll CLUSAPI
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\resutils.dll RESUTILS
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\fxst30.dll FXST30.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe NMSRVC.EXE
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\fxsroute.dll FXSROUTE.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wuaueng.dll WUAUENG.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\winhttp.dll WINHTTP.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\cabinet.dll CABINET.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mspatcha.dll MSPATCHA.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\browser.dll BROWSER.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\cryptnet.dll CRYPTNET.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\unimdm.tsp UNIMDM.TSP
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\uniplat.dll UNIPLAT.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll NMSRVCLB.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\unimdmat.dll UNIMDMAT.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\modemui.dll MODEMUI.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\kmddsp.tsp KMDDSP.TSP
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\avgidsdriverx.sys IDSDRIVER.SYS
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ipnathlp.dll IPNATHLP.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wscsvc.dll WSCSVC.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Pure Networks Shared\Platform\nmagnt.dll NMAGNT.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msi.dll MSI.DLL
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ndptsp.tsp NDPROXY.TSP
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ipconf.tsp IPCONF.TSP
2012-09-06 01:33:01: Looking at \Device\HarddiskVolume2\WINDOWS\system32\h323.tsp H323.TSP
2012-09-06 01:33:02: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Pure Networks Shared\Platform\nmcore.dll NMCORE.DLL
2012-09-06 01:33:02: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wbemcore.dll WBEMCORE.DLL
2012-09-06 01:33:02: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\esscli.dll ESSCLI.DLL
2012-09-06 01:33:02: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\fastprox.dll FASTPROX.DLL
2012-09-06 01:33:02: Looking at \Device\HarddiskVolume2\WINDOWS\system32\hidphone.tsp HIDPHONE.TSP
2012-09-06 01:33:04: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll CFIREWALLCOM.DLL
2012-09-06 01:33:04: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wbemsvc.dll WBEMSVC.DLL
2012-09-06 01:33:06: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll CANTIVIRUSCOM.DLL
2012-09-06 01:33:06: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wmiutils.dll WMIUTILS.DLL
2012-09-06 01:33:06: Looking at \Device\HarddiskVolume2\WINDOWS\system32\regsvr32.exe REGSVR32.EXE
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wups.dll WUPS.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\repdrvfs.dll REPDRVFS.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wups2.dll WUPS2.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wlanapi.dll WLANAPI.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wmiprvsd.dll WMIPRVSD.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wbemess.dll WBEMESS.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgidsagent.exe AVGIDSAGENT.EXE
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wuauclt.exe WUAUCLT.EXE
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Pure Networks Shared\Platform\nmrasv.dll NMRASERVICE.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgopensslx.dll AVGNTOPENSSL.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wuapi.dll WUAPI.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wmiprvse.exe WMIPRVSE.EXE
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\ncprov.dll NCOBJAPI.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wbemcons.dll WBEMCONS
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\cimwin32.dll CIMWIN32.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\framedyn.dll FRAMEDYN.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\netcfgx.dll NETCFGX.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\upnp.dll UPNP.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ssdpapi.dll SSDPAPI.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rasmans.dll RASMANS.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgxpl.dll AVGXPL.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\security.dll SECURITY.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wmipcima.dll WMIPCIMA.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\termsrv.dll TERMSRV.EXE
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\regedit.exe REGEDIT.EXE
2012-09-06 01:33:07: ... Failed to identify driver 17E0CF9C8CBB717D05948656BCD86EFA, using metod 2...
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\txflog.dll
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\icaapi.dll ICAAPI.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\http.sys HTTP.SYS
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mstlsapi.dll MSTLSAPI.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\aclui.dll ACLUI.DLL
2012-09-06 01:33:07: ... Failed to identify driver AE3470D2BF8F16FD93FA54167B87172D, using metod 2...
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\xolehlp.dll
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rastapi.dll RASTAPI.DLL
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\alg.exe ALG.EXE
2012-09-06 01:33:07: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ssdpsrv.dll SSDPSRV.DLL
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ulib.dll ULIB.DLL
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wmiprov.dll MOFD.DLL
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rasppp.dll RASPPP.DLL
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\clb.dll CLB
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ntlsapi.dll NTLSAPI.DLL
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Pure Networks Shared\Platform\Linksys.dll LINKSYS.DLL
2012-09-06 01:33:08: ... Failed to identify driver 92E1A82CA4B048D1D970CBEA1A097F6E, using metod 2...
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msdtcprx.dll
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rasqec.dll RASQEC.DLL
2012-09-06 01:33:08: ... Failed to identify driver A137F1470499A205ABBB9AAFB3B6F2B1, using metod 2...
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msdtc.exe
2012-09-06 01:33:08: ... Failed to identify driver 31E6A08C6DFB167E15F53B12E57F3F52, using metod 2...
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msdtctm.dll
2012-09-06 01:33:08: ... Failed to identify driver F0D371D357790601C4A03B25F6AD09F8, using metod 2...
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msdtclog.dll
2012-09-06 01:33:08: ... Failed to identify driver 2B8B64AA14F817BDF3E3204FB041A61D, using metod 2...
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mtxoci.dll
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\advpack.dll ADVPACK.DLL
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avgadvisorx.dll AVGADVISORX.DLL
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\snmpapi.dll SNMPAPI.DLL
2012-09-06 01:33:08: ... Failed to identify driver 28CDB50D882D3BAD993D25BE596307EA, using metod 2...
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\catsrv.dll
2012-09-06 01:33:08: ... Failed to identify driver 846300110A32ACDEE7CB60E54C7F693A, using metod 2...
2012-09-06 01:33:08: Looking at \Device\HarddiskVolume2\WINDOWS\system32\catsrvut.dll
2012-09-06 01:33:08: ... Failed to identify driver 5ED071407F58C1BE06AE8D251D6CCC6C, using metod 2...
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mfcsubs.dll
2012-09-06 01:33:09: ... Failed to identify driver 33B37BB0C69F2DBD19277220435590BE, using metod 2...
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\clbcatex.dll
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msxml4r.dll MSXML4R.DLL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\cscui.dll CSCUI.DLL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\dpcdll.dll DPCDLL.DLL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wdmaud.drv WDMAUD.DRV
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\wdmaud.sys WDMAUD.SYS
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\sysaudio.sys SYSAUDIO.SYS
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\splitter.sys SPLITTER.SYS
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\userinit.exe USERINIT.EXE
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\aec.sys AEC.SYS
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\swmidi.sys SWMIDI.SYS
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\dmusic.sys DMUSIC.SYS
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\WTablet\Wacom_TabletUser.exe WACOM_TABLETUSER.EXE
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\kmixer.sys KMIXER.SYS
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\drmkaud.sys DRMKAUD.SYS
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\explorer.exe EXPLORER.EXE
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msacm32.drv MSACM32.ACM
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\WgaTray.exe WGATRAY.EXE
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\midimap.dll MIDIMAP.DLL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\browseui.dll BROWSEUI.DLL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\shdocvw.dll SHDOCVW.DLL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\LegitCheckControl.DLL LEGITCHECKCONTROL.DLL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wucltui.dll WUCLTUI.DLL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\licwmi.dll LICWMI.DLL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wucltui.dll.mui WUCLTUI.DLL.MUI
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\licdll.dll LICDLL.DLL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\desk.cpl DESK.CPL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\themeui.dll THEMEUI.DLL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\cmd.exe CMD.EXE
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msxml6.dll MSXML6.DLL
2012-09-06 01:33:09: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msxml6r.dll MSXML6R.DLL
2012-09-06 01:33:16: ... Failed to identify driver C0484E445BBF648E5709E95E07E26B92, using metod 2...
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\Documents and Settings\Hemal Patel\Desktop\yorkyt.exe
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msimtf.dll MSIMTF.DLL
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\Program Files\Windows Media Player\wmpband.dll WMDBAND.DLL
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wbem\wbemdisp.dll WBEMDISP.DLL
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ntshrui.dll NTSHRUI.DLL
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\net.exe NET.EXE
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\verclsid.exe VERCLSID.EXE
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\net1.exe NET1.EXE
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\linkinfo.dll LINKINFO.DLL
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\imapi.exe IMAPI.EXE
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\webcheck.dll WEBCHECK.DLL
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\Program Files\Synaptics\SynTP\SynTPEnh.exe SYNTPENH.EXE
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\stobject.dll STOBJECT.DLL
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\batmeter.dll BATMETER.DLL
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\WPDShServiceObj.dll WPDSHSERVICEOBJ.DLL
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\mydocs.dll MYDOCS.DLL
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\SynCOM.dll SYNCOM.DLL
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rasdlg.dll RASDLG.DLL
2012-09-06 01:33:17: Looking at \Device\HarddiskVolume2\WINDOWS\system32\SynTPAPI.dll SYNTPAPI.DLL
2012-09-06 01:33:18: Looking at \Device\HarddiskVolume2\Program Files\Roxio\Drag-to-Disc\Shellex.dll SHELLEX.DLL
2012-09-06 01:33:18: ... Failed to identify driver E44834AB592429DB79E9F143F24768F1, using metod 2...
2012-09-06 01:33:18: Looking at \Device\HarddiskVolume2\WINDOWS\system32\nwiz.exe NWIZ.EXE
2012-09-06 01:33:18: ... Failed to identify driver 134ED3545846AC07664F7581A40A2ED1, using metod 2...
2012-09-06 01:33:18: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
2012-09-06 01:33:18: Looking at \Device\HarddiskVolume2\Program Files\Roxio\Drag-to-Disc\ShellRes.DLL SHELLEX.DLL
2012-09-06 01:33:18: Looking at \Device\HarddiskVolume2\WINDOWS\system32\PortableDeviceTypes.dll PORTABLEDEVICETYPES.DLL
2012-09-06 01:33:18: Looking at \Device\HarddiskVolume2\WINDOWS\system32\rundll32.exe RUNDLL.EXE
2012-09-06 01:33:18: Looking at \Device\HarddiskVolume2\WINDOWS\system32\PortableDeviceApi.dll PORTABLEDEVICEAPI.DLL
2012-09-06 01:33:18: Looking at \Device\HarddiskVolume2\WINDOWS\system32\nvmctray.dll NVMCTRAY.DLL
2012-09-06 01:33:18: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wzcdlg.dll WZCDLG.DLL
2012-09-06 01:33:19: ... Failed to identify driver 05D3A44958327099E2E460AEE5454A17, using metod 2...
2012-09-06 01:33:19: Looking at \Device\HarddiskVolume2\WINDOWS\system32\nview.dll NVIEW.DLL
2012-09-06 01:33:19: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Pure Networks Shared\Platform\11.2.09195.1.nmcorePS.dll NMCOREPS.DLL
2012-09-06 01:33:19: Looking at \Device\HarddiskVolume2\WINDOWS\system32\nvwddi.dll NVWDDI.DLL
2012-09-06 01:33:19: Looking at \Device\HarddiskVolume2\WINDOWS\system32\fxsst.dll FXSST.DLL
2012-09-06 01:33:19: Looking at \Device\HarddiskVolume2\WINDOWS\system32\WLTRAY.EXE WLTRAY.EXE
2012-09-06 01:33:19: Looking at \Device\HarddiskVolume2\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ITSECMNG.EXE
2012-09-06 01:33:19: ... Failed to identify driver 4D8172EF27D522AEFEB113F85A177872, using metod 2...
2012-09-06 01:33:19: Looking at \Device\HarddiskVolume2\WINDOWS\system32\preflib.dll
2012-09-06 01:33:19: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe NMCTXTH.EXE
2012-09-06 01:33:19: Looking at \Device\HarddiskVolume2\Program Files\Synaptics\SynTP\DellTpad.exe SYNDELL.EXE
2012-09-06 01:33:19: Looking at \Device\HarddiskVolume2\Program Files\Pure Networks\Network Magic\nmapp.exe NMAPP.EXE
2012-09-06 01:33:19: Looking at \Device\HarddiskVolume2\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe ACROSPEEDLAUNCH.EXE
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ADOBEARM.EXE
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe MBAMGUI.EXE
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ctfmon.exe CTFMON.EXE
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msisip.dll MSISIP.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\wshext.dll WSHEXT.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll MFC90ENU.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\msutb.dll MSUTB.DLL
2012-09-06 01:33:20: ... Failed to identify driver D8555A09D5862497F4156E9E4CCC808B, using metod 2...
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\Temp\yt\run.bat
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Program Files\AVG\AVG2012\avglngx.dll AVGLNG.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\ime\sptip.dll SPTIP.DLL
2012-09-06 01:33:20: ... Failed to identify driver A46EBBB46AB289960F7268B948DB1349, using metod 2...
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
2012-09-06 01:33:20: ... Failed to identify driver 2CD77B980B2CC3D655589A2E315AAB57, using metod 2...
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\Temp\yt\nemesiscmd.exe
2012-09-06 01:33:20: ... Failed to identify driver 529584EC24AB8643D97E43EB2C0BFA6F, using metod 2...
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\custom.conf
2012-09-06 01:33:20: ... Failed to identify driver BEC3EFCD14F03E0966045EB0C69393A2, using metod 2...
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\manifest.conf
2012-09-06 01:33:20: ... Failed to identify driver C632AA7E677EB248378A12B3A826513C, using metod 2...
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\database.conf
2012-09-06 01:33:20: ... Failed to identify driver 9CAF0F71DB072512197D4878F5584751, using metod 2...
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\build.conf
2012-09-06 01:33:20: ... Failed to identify driver 0B33F3F974CA9BF1C11C78F386A481CE, using metod 2...
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\news.conf
2012-09-06 01:33:20: ... Failed to identify driver 459A04CCA068CAB8799C2F84068C222D, using metod 2...
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\Temp\yt\PRSBLib.dll
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\httpapi.dll HTTPAPI.DLL
2012-09-06 01:33:20: ... Failed to identify driver C634AFCB0EA281F43DC007BFD8999418, using metod 2...
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\config.conf
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\w3ssl.dll W3SSL.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\riched32.dll RICHED32.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe ACRORD32.EXE
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\strmfilt.dll STREAMFILT.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\firewall.cpl FIREWALL.CPL
2012-09-06 01:33:20: ... Failed to identify driver B3C157A66ECDBCD3570E2DA139225589, using metod 2...
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drivers\PRSBDrvr.sys
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe TOSBTMNG.EXE
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\drprov.dll DRPROV.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\ntlanman.dll NTLANMAN.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Pure Networks Shared\Platform\nmctxthl.dll NMCTXTHL.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\netui0.dll NETUI0.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Program Files\Toshiba\Bluetooth Toshiba Stack\TosCpsAPI.dll TOSCPSAPI.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\netui1.dll NETUI1.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Program Files\Toshiba\Bluetooth Toshiba Stack\ECHelper.dll ECHELPER.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\davclnt.dll DAVCLNT.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\WINDOWS\system32\LCWizard.dll LCWIZARD.DLL
2012-09-06 01:33:20: Looking at \Device\HarddiskVolume2\Program Files\Common Files\Pure Networks Shared\Platform\nmctxt.dll NMCTXT.DLL
2012-09-06 01:33:20: ---------------------------------------------------------------------
2012-09-06 01:33:20: Found Service: Alerter
2012-09-06 01:33:20: Real Path: C:\WINDOWS\system32\alrsvc.dll
2012-09-06 01:33:20: Display Name: Alerter
2012-09-06 01:33:20: Description: Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:20: ServiceDLL: system32\alrsvc.dll
2012-09-06 01:33:20: File size: 17408
2012-09-06 01:33:20: DLL File name: alrsvc.dll
2012-09-06 01:33:20: Original File Name: ALRSVC.DLL
2012-09-06 01:33:20: Company:
2012-09-06 01:33:20: Mod/Cre/Acc time: 20080413171149 20040811150001 20120906004407
2012-09-06 01:33:21: ---------------------------------------------------------------------
2012-09-06 01:33:21: Found Service: AppMgmt
2012-09-06 01:33:21: Real Path: C:\WINDOWS\System32\appmgmts.dll
2012-09-06 01:33:21: Display Name: Application Management
2012-09-06 01:33:21: Description: Provides software installation services such as Assign, Publish, and Remove.
2012-09-06 01:33:21: ServiceDLL: System32\appmgmts.dll
2012-09-06 01:33:21: File size: 167936
2012-09-06 01:33:21: DLL File name: appmgmts.dll
2012-09-06 01:33:21: Original File Name: appmgmts.dll
2012-09-06 01:33:21: Company:
2012-09-06 01:33:21: Mod/Cre/Acc time: 20080413171149 20040811150001 20120906004409
2012-09-06 01:33:21: ---------------------------------------------------------------------
2012-09-06 01:33:21: Found Service: AudioSrv
2012-09-06 01:33:21: Real Path: C:\WINDOWS\System32\audiosrv.dll
2012-09-06 01:33:21: Display Name: Windows Audio
2012-09-06 01:33:21: Description: Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

2012-09-06 01:33:21: ServiceDLL: System32\audiosrv.dll
2012-09-06 01:33:21: File size: 42496
2012-09-06 01:33:21: DLL File name: audiosrv.dll
2012-09-06 01:33:21: Original File Name: audiosrv.dll
2012-09-06 01:33:21: Company:
2012-09-06 01:33:21: Mod/Cre/Acc time: 20080413171150 20040811150001 20120906004417
2012-09-06 01:33:23: ---------------------------------------------------------------------
2012-09-06 01:33:23: Found Service: BITS
2012-09-06 01:33:23: Real Path: C:\WINDOWS\system32\qmgr.dll
2012-09-06 01:33:23: Display Name: Background Intelligent Transfer Service
2012-09-06 01:33:23: Description: Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
2012-09-06 01:33:23: ServiceDLL: system32\qmgr.dll
2012-09-06 01:33:23: File size: 409088
2012-09-06 01:33:23: DLL File name: qmgr.dll
2012-09-06 01:33:23: Original File Name: qmgr.dll
2012-09-06 01:33:23: Company:
2012-09-06 01:33:23: Mod/Cre/Acc time: 20080413171203 20040811151254 20120906004752
2012-09-06 01:33:23: ---------------------------------------------------------------------
2012-09-06 01:33:23: Found Service: Browser
2012-09-06 01:33:23: Real Path: C:\WINDOWS\System32\browser.dll
2012-09-06 01:33:23: Display Name: Computer Browser
2012-09-06 01:33:23: Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:23: ServiceDLL: System32\browser.dll
2012-09-06 01:33:23: File size: 78336
2012-09-06 01:33:23: DLL File name: browser.dll
2012-09-06 01:33:23: Original File Name: browser.dll
2012-09-06 01:33:23: Company:
2012-09-06 01:33:23: Mod/Cre/Acc time: 20120706065851 20040811150002 20120906004427
2012-09-06 01:33:23: ---------------------------------------------------------------------
2012-09-06 01:33:23: Found Service: CryptSvc
2012-09-06 01:33:23: Real Path: C:\WINDOWS\System32\cryptsvc.dll
2012-09-06 01:33:23: Display Name: CryptSvc
2012-09-06 01:33:23: Description: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:23: ServiceDLL: System32\cryptsvc.dll
2012-09-06 01:33:23: File size: 62464
2012-09-06 01:33:23: DLL File name: cryptsvc.dll
2012-09-06 01:33:23: Original File Name: cryptsvc.dll
2012-09-06 01:33:23: Company:
2012-09-06 01:33:23: Mod/Cre/Acc time: 20080413171151 20040811150004 20120906004439
2012-09-06 01:33:23: ---------------------------------------------------------------------
2012-09-06 01:33:23: Found Service: DcomLaunch
2012-09-06 01:33:23: Real Path: C:\WINDOWS\system32\rpcss.dll
2012-09-06 01:33:23: Display Name: DCOM Server Process Launcher
2012-09-06 01:33:23: Description: Provides launch functionality for DCOM services.
2012-09-06 01:33:23: ServiceDLL: system32\rpcss.dll
2012-09-06 01:33:23: File size: 401408
2012-09-06 01:33:23: DLL File name: rpcss.dll
2012-09-06 01:33:23: Original File Name: rpcss.dll
2012-09-06 01:33:23: Company:
2012-09-06 01:33:23: Mod/Cre/Acc time: 20090209051048 20040811150029 20120906011423
2012-09-06 01:33:23: ---------------------------------------------------------------------
2012-09-06 01:33:23: Found Service: Dhcp
2012-09-06 01:33:23: Real Path: C:\WINDOWS\System32\dhcpcsvc.dll
2012-09-06 01:33:23: Display Name: DHCP Client
2012-09-06 01:33:23: Description: Manages network configuration by registering and updating IP addresses and DNS names.
2012-09-06 01:33:23: ServiceDLL: System32\dhcpcsvc.dll
2012-09-06 01:33:23: File size: 126976
2012-09-06 01:33:23: DLL File name: dhcpcsvc.dll
2012-09-06 01:33:23: Original File Name: dhcpcsvc.dll
2012-09-06 01:33:23: Company:
2012-09-06 01:33:23: Mod/Cre/Acc time: 20080413171151 20040811150004 20120906005558
2012-09-06 01:33:23: ---------------------------------------------------------------------
2012-09-06 01:33:23: Found Service: dmserver
2012-09-06 01:33:23: Real Path: C:\WINDOWS\System32\dmserver.dll
2012-09-06 01:33:23: Display Name: Logical Disk Manager
2012-09-06 01:33:23: Description: Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:23: ServiceDLL: System32\dmserver.dll
2012-09-06 01:33:23: File size: 23552
2012-09-06 01:33:23: DLL File name: dmserver.dll
2012-09-06 01:33:23: Original File Name: dmserver.dll
2012-09-06 01:33:23: Company:
2012-09-06 01:33:23: Mod/Cre/Acc time: 20080413171152 20040811150005 20120906004532
2012-09-06 01:33:23: ---------------------------------------------------------------------
2012-09-06 01:33:23: Found Service: Dnscache
2012-09-06 01:33:23: Real Path: C:\WINDOWS\System32\dnsrslvr.dll
2012-09-06 01:33:23: Display Name: DNS Client
2012-09-06 01:33:23: Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:23: ServiceDLL: System32\dnsrslvr.dll
2012-09-06 01:33:23: File size: 45568
2012-09-06 01:33:23: DLL File name: dnsrslvr.dll
2012-09-06 01:33:23: Original File Name: dnsrslvr.dll
2012-09-06 01:33:23: Company:
2012-09-06 01:33:23: Mod/Cre/Acc time: 20090420101726 20040811150005 20120906004533
2012-09-06 01:33:24: ---------------------------------------------------------------------
2012-09-06 01:33:24: Found Service: Dot3svc
2012-09-06 01:33:24: Real Path: C:\WINDOWS\System32\dot3svc.dll
2012-09-06 01:33:24: Display Name: Wired AutoConfig
2012-09-06 01:33:24: Description: This service performs IEEE 802.1X authentication on Ethernet interfaces
2012-09-06 01:33:24: ServiceDLL: System32\dot3svc.dll
2012-09-06 01:33:24: File size: 132096
2012-09-06 01:33:24: DLL File name: dot3svc.dll
2012-09-06 01:33:24: Original File Name: dot3svc.dll
2012-09-06 01:33:24: Company:
2012-09-06 01:33:24: Mod/Cre/Acc time: 20080413171152 20080911143213 20120906004534
2012-09-06 01:33:24: ---------------------------------------------------------------------
2012-09-06 01:33:24: Found Service: EapHost
2012-09-06 01:33:24: Real Path: C:\WINDOWS\System32\eapsvc.dll
2012-09-06 01:33:24: Display Name: Extensible Authentication Protocol Service
2012-09-06 01:33:24: Description: Provides windows clients Extensible Authentication Protocol Service
2012-09-06 01:33:24: ServiceDLL: System32\eapsvc.dll
2012-09-06 01:33:24: File size: 33792
2012-09-06 01:33:24: DLL File name: eapsvc.dll
2012-09-06 01:33:24: Original File Name: eapsvc.dll
2012-09-06 01:33:24: Company:
2012-09-06 01:33:24: Mod/Cre/Acc time: 20080413171152 20080911143214 20120906004541
2012-09-06 01:33:24: ---------------------------------------------------------------------
2012-09-06 01:33:24: Found Service: ERSvc
2012-09-06 01:33:24: Real Path: C:\WINDOWS\System32\ersvc.dll
2012-09-06 01:33:24: Display Name: Error Reporting Service
2012-09-06 01:33:24: Description: Allows error reporting for services and applictions running in non-standard environments.
2012-09-06 01:33:24: ServiceDLL: System32\ersvc.dll
2012-09-06 01:33:24: File size: 23040
2012-09-06 01:33:24: DLL File name: ersvc.dll
2012-09-06 01:33:24: Original File Name: ERSVC.DLL
2012-09-06 01:33:24: Company:
2012-09-06 01:33:24: Mod/Cre/Acc time: 20080413171153 20040811150013 20120906004544
2012-09-06 01:33:24: !!!!!!!
2012-09-06 01:33:24: Found Service: EventSystem
2012-09-06 01:33:24: Real Path: C:\WINDOWS\system32\es.dll
2012-09-06 01:33:24: Display Name: COM+ Event System
2012-09-06 01:33:24: Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:24: ServiceDLL: system32\es.dll
2012-09-06 01:33:24: File size: 253952
2012-09-06 01:33:24: DLL File name: es.dll
2012-09-06 01:33:24: Original File Name:
2012-09-06 01:33:24: Company:
2012-09-06 01:33:24: Mod/Cre/Acc time: 20080707132658 20040811150013 20120906004544
2012-09-06 01:33:24: !!!!!!!!!
2012-09-06 01:33:24: ---------------------------------------------------------------------
2012-09-06 01:33:24: Found Service: FastUserSwitchingCompatibility
2012-09-06 01:33:24: Real Path: C:\WINDOWS\System32\shsvcs.dll
2012-09-06 01:33:24: Display Name: Fast User Switching Compatibility
2012-09-06 01:33:24: Description: Provides management for applications that require assistance in a multiple user environment.
2012-09-06 01:33:24: ServiceDLL: System32\shsvcs.dll
2012-09-06 01:33:24: File size: 135168
2012-09-06 01:33:24: DLL File name: shsvcs.dll
2012-09-06 01:33:24: Original File Name: SHSVCS.DLL
2012-09-06 01:33:24: Company:
2012-09-06 01:33:24: Mod/Cre/Acc time: 20090727161741 20040811150031 20120906004807
2012-09-06 01:33:24: ---------------------------------------------------------------------
2012-09-06 01:33:24: Found Service: HidServ
2012-09-06 01:33:24: Real Path: C:\WINDOWS\System32\hidserv.dll
2012-09-06 01:33:24: Display Name: HID Input Service
2012-09-06 01:33:24: Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:24: ServiceDLL: System32\hidserv.dll
2012-09-06 01:33:24: File size: 21504
2012-09-06 01:33:24: DLL File name: hidserv.dll
2012-09-06 01:33:24: Original File Name: HIDSERV.DLL
2012-09-06 01:33:24: Company:
2012-09-06 01:33:24: Mod/Cre/Acc time: 20080413171154 20080909171827 20120906004557
2012-09-06 01:33:24: ---------------------------------------------------------------------
2012-09-06 01:33:24: Found Service: hkmsvc
2012-09-06 01:33:24: Real Path: C:\WINDOWS\System32\kmsvc.dll
2012-09-06 01:33:24: Display Name: Health Key and Certificate Management Service
2012-09-06 01:33:24: Description: Manages health certificates and keys (used by NAP)
2012-09-06 01:33:24: ServiceDLL: System32\kmsvc.dll
2012-09-06 01:33:24: File size: 61440
2012-09-06 01:33:24: DLL File name: kmsvc.dll
2012-09-06 01:33:24: Original File Name: KmSvc.DLL
2012-09-06 01:33:24: Company:
2012-09-06 01:33:24: Mod/Cre/Acc time: 20080413171156 20080911143223 20120906004614
2012-09-06 01:33:24: ---------------------------------------------------------------------
2012-09-06 01:33:24: Found Service: HTTPFilter
2012-09-06 01:33:24: Real Path: C:\WINDOWS\System32\w3ssl.dll
2012-09-06 01:33:24: Display Name: HTTP SSL
2012-09-06 01:33:24: Description: This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:24: ServiceDLL: System32\w3ssl.dll
2012-09-06 01:33:24: File size: 15872
2012-09-06 01:33:24: DLL File name: w3ssl.dll
2012-09-06 01:33:24: Original File Name: w3ssl.dll
2012-09-06 01:33:24: Company:
2012-09-06 01:33:24: Mod/Cre/Acc time: 20080413171208 20040811150035 20120906004844
2012-09-06 01:33:24: ---------------------------------------------------------------------
2012-09-06 01:33:24: Found Service: lanmanserver
2012-09-06 01:33:24: Real Path: C:\WINDOWS\System32\srvsvc.dll
2012-09-06 01:33:24: Display Name: Server
2012-09-06 01:33:24: Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:24: ServiceDLL: System32\srvsvc.dll
2012-09-06 01:33:24: File size: 99840
2012-09-06 01:33:24: DLL File name: srvsvc.dll
2012-09-06 01:33:24: Original File Name: SRVSVC.DLL
2012-09-06 01:33:24: Company:
2012-09-06 01:33:24: Mod/Cre/Acc time: 20100826225743 20040811150034 20120906004812
2012-09-06 01:33:24: ---------------------------------------------------------------------
2012-09-06 01:33:24: Found Service: lanmanworkstation
2012-09-06 01:33:24: Real Path: C:\WINDOWS\System32\wkssvc.dll
2012-09-06 01:33:24: Display Name: Workstation
2012-09-06 01:33:24: Description: Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:24: ServiceDLL: System32\wkssvc.dll
2012-09-06 01:33:24: File size: 132096
2012-09-06 01:33:24: DLL File name: wkssvc.dll
2012-09-06 01:33:24: Original File Name: WKSSVC.DLL
2012-09-06 01:33:24: Company:
2012-09-06 01:33:24: Mod/Cre/Acc time: 20090609231449 20040811150038 20120906004855
2012-09-06 01:33:24: ---------------------------------------------------------------------
2012-09-06 01:33:24: Found Service: LmHosts
2012-09-06 01:33:24: Real Path: C:\WINDOWS\System32\lmhsvc.dll
2012-09-06 01:33:24: Display Name: TCP/IP NetBIOS Helper
2012-09-06 01:33:24: Description: Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
2012-09-06 01:33:24: ServiceDLL: System32\lmhsvc.dll
2012-09-06 01:33:24: File size: 13824
2012-09-06 01:33:24: DLL File name: lmhsvc.dll
2012-09-06 01:33:24: Original File Name: lmhsvc.dll
2012-09-06 01:33:24: Company:
2012-09-06 01:33:24: Mod/Cre/Acc time: 20080413171156 20040811150018 20120906004619
2012-09-06 01:33:25: ---------------------------------------------------------------------
2012-09-06 01:33:25: Found Service: Messenger
2012-09-06 01:33:25: Real Path: C:\WINDOWS\System32\msgsvc.dll
2012-09-06 01:33:25: Display Name: Messenger
2012-09-06 01:33:25: Description: Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:25: ServiceDLL: System32\msgsvc.dll
2012-09-06 01:33:25: File size: 33792
2012-09-06 01:33:25: DLL File name: msgsvc.dll
2012-09-06 01:33:25: Original File Name: msgsvc.dll
2012-09-06 01:33:25: Company:
2012-09-06 01:33:25: Mod/Cre/Acc time: 20080413171159 20040811150021 20120906004637
2012-09-06 01:33:25: ---------------------------------------------------------------------
2012-09-06 01:33:25: Found Service: napagent
2012-09-06 01:33:25: Real Path: C:\WINDOWS\System32\qagentrt.dll
2012-09-06 01:33:25: Display Name: Network Access Protection Agent
2012-09-06 01:33:26: Description: Allows windows clients to participate in Network Access Protection
2012-09-06 01:33:26: ServiceDLL: System32\qagentrt.dll
2012-09-06 01:33:26: File size: 291328
2012-09-06 01:33:26: DLL File name: qagentrt.dll
2012-09-06 01:33:26: Original File Name: QAgentRT.DLL
2012-09-06 01:33:26: Company:
2012-09-06 01:33:26: Mod/Cre/Acc time: 20080413171203 20080911143235 20120906004751
2012-09-06 01:33:26: ---------------------------------------------------------------------
2012-09-06 01:33:26: Found Service: Netman
2012-09-06 01:33:26: Real Path: C:\WINDOWS\System32\netman.dll
2012-09-06 01:33:26: Display Name: Network Connections
2012-09-06 01:33:26: Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
2012-09-06 01:33:26: ServiceDLL: System32\netman.dll
2012-09-06 01:33:26: File size: 198144
2012-09-06 01:33:26: DLL File name: netman.dll
2012-09-06 01:33:26: Original File Name: netman.dll
2012-09-06 01:33:26: Company:
2012-09-06 01:33:26: Mod/Cre/Acc time: 20080413171201 20040811150024 20120906005558
2012-09-06 01:33:26: ---------------------------------------------------------------------
2012-09-06 01:33:26: Found Service: Nla
2012-09-06 01:33:26: Real Path: C:\WINDOWS\System32\mswsock.dll
2012-09-06 01:33:26: Display Name: Network Location Awareness (NLA)
2012-09-06 01:33:26: Description: Collects and stores network configuration and location information, and notifies applications when this information changes.
2012-09-06 01:33:26: ServiceDLL: System32\mswsock.dll
2012-09-06 01:33:26: File size: 245248
2012-09-06 01:33:26: DLL File name: mswsock.dll
2012-09-06 01:33:26: Original File Name: mswsock.dll
2012-09-06 01:33:26: Company:
2012-09-06 01:33:26: Mod/Cre/Acc time: 20080620090247 20040811150023 20120906004647
2012-09-06 01:33:27: ---------------------------------------------------------------------
2012-09-06 01:33:27: Found Service: NtmsSvc
2012-09-06 01:33:27: Real Path: C:\WINDOWS\system32\ntmssvc.dll
2012-09-06 01:33:27: Display Name: Removable Storage
2012-09-06 01:33:27: Description:
2012-09-06 01:33:27: ServiceDLL: system32\ntmssvc.dll
2012-09-06 01:33:27: File size: 435200
2012-09-06 01:33:27: DLL File name: ntmssvc.dll
2012-09-06 01:33:27: Original File Name: ntmssvc.dll
2012-09-06 01:33:27: Company:
2012-09-06 01:33:27: Mod/Cre/Acc time: 20080413171202 20040811150025 20120906004656
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: RasAuto
2012-09-06 01:33:28: Real Path: C:\WINDOWS\System32\rasauto.dll
2012-09-06 01:33:28: Display Name: Remote Access Auto Connection Manager
2012-09-06 01:33:28: Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
2012-09-06 01:33:28: ServiceDLL: System32\rasauto.dll
2012-09-06 01:33:28: File size: 88576
2012-09-06 01:33:28: DLL File name: rasauto.dll
2012-09-06 01:33:28: Original File Name: rasauto.dll
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171203 20040811150029 20120906004755
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: RasMan
2012-09-06 01:33:28: Real Path: C:\WINDOWS\System32\rasmans.dll
2012-09-06 01:33:28: Display Name: Remote Access Connection Manager
2012-09-06 01:33:28: Description: Creates a network connection.
2012-09-06 01:33:28: ServiceDLL: System32\rasmans.dll
2012-09-06 01:33:28: File size: 186368
2012-09-06 01:33:28: DLL File name: rasmans.dll
2012-09-06 01:33:28: Original File Name: Rasmans.dll
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171203 20040811150029 20120906004755
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: RemoteAccess
2012-09-06 01:33:28: Real Path: C:\WINDOWS\System32\mprdim.dll
2012-09-06 01:33:28: Display Name: Routing and Remote Access
2012-09-06 01:33:28: Description: Offers routing services to businesses in local area and wide area network environments.
2012-09-06 01:33:28: ServiceDLL: System32\mprdim.dll
2012-09-06 01:33:28: File size: 53248
2012-09-06 01:33:28: DLL File name: mprdim.dll
2012-09-06 01:33:28: Original File Name: MPRDIM.DLL
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171157 20040811150020 20120906004628
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: RemoteRegistry
2012-09-06 01:33:28: Real Path: C:\WINDOWS\system32\regsvc.dll
2012-09-06 01:33:28: Display Name: Remote Registry
2012-09-06 01:33:28: Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:28: ServiceDLL: system32\regsvc.dll
2012-09-06 01:33:28: File size: 59904
2012-09-06 01:33:28: DLL File name: regsvc.dll
2012-09-06 01:33:28: Original File Name: REGSVC.DLL
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171204 20040811150029 20120906004757
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: RpcSs
2012-09-06 01:33:28: Real Path: C:\WINDOWS\System32\rpcss.dll
2012-09-06 01:33:28: Display Name: Remote Procedure Call (RPC)
2012-09-06 01:33:28: Description: Provides the endpoint mapper and other miscellaneous RPC services.
2012-09-06 01:33:28: ServiceDLL: System32\rpcss.dll
2012-09-06 01:33:28: File size: 401408
2012-09-06 01:33:28: DLL File name: rpcss.dll
2012-09-06 01:33:28: Original File Name: rpcss.dll
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20090209051048 20040811150029 20120906011423
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: Schedule
2012-09-06 01:33:28: Real Path: C:\WINDOWS\system32\schedsvc.dll
2012-09-06 01:33:28: Display Name: Task Scheduler
2012-09-06 01:33:28: Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:28: ServiceDLL: system32\schedsvc.dll
2012-09-06 01:33:28: File size: 192512
2012-09-06 01:33:28: DLL File name: schedsvc.dll
2012-09-06 01:33:28: Original File Name: schedsvc.dll
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171205 20040811151250 20120906004803
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: seclogon
2012-09-06 01:33:28: Real Path: C:\WINDOWS\System32\seclogon.dll
2012-09-06 01:33:28: Display Name: Secondary Logon
2012-09-06 01:33:28: Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:28: ServiceDLL: System32\seclogon.dll
2012-09-06 01:33:28: File size: 18944
2012-09-06 01:33:28: DLL File name: seclogon.dll
2012-09-06 01:33:28: Original File Name: SECLOGON.EXE
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171205 20040811150030 20120906004804
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: SENS
2012-09-06 01:33:28: Real Path: C:\WINDOWS\system32\sens.dll
2012-09-06 01:33:28: Display Name: System Event Notification
2012-09-06 01:33:28: Description: Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
2012-09-06 01:33:28: ServiceDLL: system32\sens.dll
2012-09-06 01:33:28: File size: 39424
2012-09-06 01:33:28: DLL File name: sens.dll
2012-09-06 01:33:28: Original File Name: sens.dll
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171205 20040811150030 20120906004805
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: SharedAccess
2012-09-06 01:33:28: Real Path: C:\WINDOWS\System32\ipnathlp.dll
2012-09-06 01:33:28: Display Name: Windows Firewall/Internet Connection Sharing (ICS)
2012-09-06 01:33:28: Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
2012-09-06 01:33:28: ServiceDLL: System32\ipnathlp.dll
2012-09-06 01:33:28: File size: 331264
2012-09-06 01:33:28: DLL File name: ipnathlp.dll
2012-09-06 01:33:28: Original File Name: IPNATHLP.DLL
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171155 20040811150017 20120906004606
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: ShellHWDetection
2012-09-06 01:33:28: Real Path: C:\WINDOWS\System32\shsvcs.dll
2012-09-06 01:33:28: Display Name: Shell Hardware Detection
2012-09-06 01:33:28: Description: Provides notifications for AutoPlay hardware events.
2012-09-06 01:33:28: ServiceDLL: System32\shsvcs.dll
2012-09-06 01:33:28: File size: 135168
2012-09-06 01:33:28: DLL File name: shsvcs.dll
2012-09-06 01:33:28: Original File Name: SHSVCS.DLL
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20090727161741 20040811150031 20120906004807
2012-09-06 01:33:28: !!!!!!!
2012-09-06 01:33:28: Found Service: srservice
2012-09-06 01:33:28: Real Path: C:\WINDOWS\system32\srsvc.dll
2012-09-06 01:33:28: Display Name: System Restore Service
2012-09-06 01:33:28: Description: Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
2012-09-06 01:33:28: ServiceDLL: system32\srsvc.dll
2012-09-06 01:33:28: File size: 171008
2012-09-06 01:33:28: DLL File name: srsvc.dll
2012-09-06 01:33:28: Original File Name: SERVICE.DLL
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171207 20040811151252 20120906004812
2012-09-06 01:33:28: !!!!!!!!!
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: SSDPSRV
2012-09-06 01:33:28: Real Path: C:\WINDOWS\System32\ssdpsrv.dll
2012-09-06 01:33:28: Display Name: SSDP Discovery Service
2012-09-06 01:33:28: Description: Enables discovery of UPnP devices on your home network.
2012-09-06 01:33:28: ServiceDLL: System32\ssdpsrv.dll
2012-09-06 01:33:28: File size: 71680
2012-09-06 01:33:28: DLL File name: ssdpsrv.dll
2012-09-06 01:33:28: Original File Name: ssdpsrv.dll
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171207 20040811150034 20120906004813
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: stisvc
2012-09-06 01:33:28: Real Path: C:\WINDOWS\system32\wiaservc.dll
2012-09-06 01:33:28: Display Name: Windows Image Acquisition (WIA)
2012-09-06 01:33:28: Description: Provides image acquisition services for scanners and cameras.
2012-09-06 01:33:28: ServiceDLL: system32\wiaservc.dll
2012-09-06 01:33:28: File size: 333824
2012-09-06 01:33:28: DLL File name: wiaservc.dll
2012-09-06 01:33:28: Original File Name: WIASERVC.DLL
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171208 20040811150037 20120906004851
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: TapiSrv
2012-09-06 01:33:28: Real Path: C:\WINDOWS\System32\tapisrv.dll
2012-09-06 01:33:28: Display Name: Telephony
2012-09-06 01:33:28: Description: Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
2012-09-06 01:33:28: ServiceDLL: System32\tapisrv.dll
2012-09-06 01:33:28: File size: 249856
2012-09-06 01:33:28: DLL File name: tapisrv.dll
2012-09-06 01:33:28: Original File Name: TAPISRV.EXE
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171207 20040811150035 20120906004822
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: TermService
2012-09-06 01:33:28: Real Path: C:\WINDOWS\System32\termsrv.dll
2012-09-06 01:33:28: Display Name: Terminal Services
2012-09-06 01:33:28: Description: Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
2012-09-06 01:33:28: ServiceDLL: System32\termsrv.dll
2012-09-06 01:33:28: File size: 295424
2012-09-06 01:33:28: DLL File name: termsrv.dll
2012-09-06 01:33:28: Original File Name: termsrv.exe
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171207 20040811151127 20120906004825
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: Themes
2012-09-06 01:33:28: Real Path: C:\WINDOWS\System32\shsvcs.dll
2012-09-06 01:33:28: Display Name: Themes
2012-09-06 01:33:28: Description: Provides user experience theme management.
2012-09-06 01:33:28: ServiceDLL: System32\shsvcs.dll
2012-09-06 01:33:28: File size: 135168
2012-09-06 01:33:28: DLL File name: shsvcs.dll
2012-09-06 01:33:28: Original File Name: SHSVCS.DLL
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20090727161741 20040811150031 20120906004807
2012-09-06 01:33:28: ---------------------------------------------------------------------
2012-09-06 01:33:28: Found Service: TrkWks
2012-09-06 01:33:28: Real Path: C:\WINDOWS\system32\trkwks.dll
2012-09-06 01:33:28: Display Name: Distributed Link Tracking Client
2012-09-06 01:33:28: Description: Maintains links between NTFS files within a computer or across computers in a network domain.
2012-09-06 01:33:28: ServiceDLL: system32\trkwks.dll
2012-09-06 01:33:28: File size: 90112
2012-09-06 01:33:28: DLL File name: trkwks.dll
2012-09-06 01:33:28: Original File Name: trkwks.dll
2012-09-06 01:33:28: Company:
2012-09-06 01:33:28: Mod/Cre/Acc time: 20080413171207 20040811150035 20120906004831
2012-09-06 01:33:29: !!!!!!!
2012-09-06 01:33:29: Found Service: upnphost
2012-09-06 01:33:29: Real Path: C:\WINDOWS\System32\upnphost.dll
2012-09-06 01:33:29: Display Name: Universal Plug and Play Device Host
2012-09-06 01:33:29: Description: Provides support to host Universal Plug and Play devices.
2012-09-06 01:33:29: ServiceDLL: System32\upnphost.dll
2012-09-06 01:33:29: File size: 185856
2012-09-06 01:33:29: DLL File name: upnphost.dll
2012-09-06 01:33:29: Original File Name: unpnhost.dll
2012-09-06 01:33:29: Company:
2012-09-06 01:33:29: Mod/Cre/Acc time: 20080413171208 20040811150036 20120906004835
2012-09-06 01:33:29: !!!!!!!!!
2012-09-06 01:33:29: ---------------------------------------------------------------------
2012-09-06 01:33:29: Found Service: w32time
2012-09-06 01:33:29: Real Path: C:\WINDOWS\system32\w32time.dll
2012-09-06 01:33:29: Display Name: Windows Time
2012-09-06 01:33:29: Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:29: ServiceDLL: system32\w32time.dll
2012-09-06 01:33:29: File size: 175104
2012-09-06 01:33:29: DLL File name: w32time.dll
2012-09-06 01:33:29: Original File Name: w32time.dll
2012-09-06 01:33:29: Company:
2012-09-06 01:33:29: Mod/Cre/Acc time: 20080413171208 20040811150036 20120906004844
2012-09-06 01:33:29: !!!!!!!
2012-09-06 01:33:29: Found Service: WebClient
2012-09-06 01:33:29: Real Path: C:\WINDOWS\System32\webclnt.dll
2012-09-06 01:33:29: Display Name: WebClient
2012-09-06 01:33:29: Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:29: ServiceDLL: System32\webclnt.dll
2012-09-06 01:33:29: File size: 68096
2012-09-06 01:33:29: DLL File name: webclnt.dll
2012-09-06 01:33:29: Original File Name: davsvc.dll
2012-09-06 01:33:29: Company:
2012-09-06 01:33:29: Mod/Cre/Acc time: 20080413171208 20040811150037 20120906004850
2012-09-06 01:33:29: !!!!!!!!!
2012-09-06 01:33:29: ---------------------------------------------------------------------
2012-09-06 01:33:29: Found Service: winmgmt
2012-09-06 01:33:29: Real Path: C:\WINDOWS\system32\wbem\WMIsvc.dll
2012-09-06 01:33:29: Display Name: Windows Management Instrumentation
2012-09-06 01:33:29: Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
2012-09-06 01:33:29: ServiceDLL: system32\wbem\WMIsvc.dll
2012-09-06 01:33:29: File size: 144896
2012-09-06 01:33:29: DLL File name: WMIsvc.dll
2012-09-06 01:33:29: Original File Name: wmisvc.dll
2012-09-06 01:33:29: Company:
2012-09-06 01:33:29: Mod/Cre/Acc time: 20080413171209 20040811151125 20120906005418
2012-09-06 01:33:29: ---------------------------------------------------------------------
2012-09-06 01:33:29: Found Service: WmdmPmSN
2012-09-06 01:33:29: Real Path: C:\WINDOWS\system32\MsPMSNSv.dll
2012-09-06 01:33:29: Display Name: Portable Media Serial Number Service
2012-09-06 01:33:29: Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
2012-09-06 01:33:29: ServiceDLL: system32\MsPMSNSv.dll
2012-09-06 01:33:29: File size: 27136
2012-09-06 01:33:29: DLL File name: MsPMSNSv.dll
2012-09-06 01:33:29: Original File Name: MsPMSNSv.dll
2012-09-06 01:33:29: Company:
2012-09-06 01:33:29: Mod/Cre/Acc time: 20061018214716 20040811150052 20120906004640
2012-09-06 01:33:29: ---------------------------------------------------------------------
2012-09-06 01:33:29: Found Service: Wmi
2012-09-06 01:33:29: Real Path: C:\WINDOWS\System32\advapi32.dll
2012-09-06 01:33:29: Display Name: Windows Management Instrumentation Driver Extensions
2012-09-06 01:33:29: Description: Provides systems management information to and from drivers.
2012-09-06 01:33:29: ServiceDLL: System32\advapi32.dll
2012-09-06 01:33:29: File size: 617472
2012-09-06 01:33:29: DLL File name: advapi32.dll
2012-09-06 01:33:29: Original File Name: advapi32.dll
2012-09-06 01:33:29: Company:
2012-09-06 01:33:29: Mod/Cre/Acc time: 20090209051048 20040811150000 20120906011835
2012-09-06 01:33:29: ---------------------------------------------------------------------
2012-09-06 01:33:29: Found Service: wscsvc
2012-09-06 01:33:29: Real Path: C:\WINDOWS\system32\wscsvc.dll
2012-09-06 01:33:29: Display Name:
2012-09-06 01:33:29: Description:
2012-09-06 01:33:29: ServiceDLL: system32\wscsvc.dll
2012-09-06 01:33:29: File size: 80896
2012-09-06 01:33:29: DLL File name: wscsvc.dll
2012-09-06 01:33:29: Original File Name: wscsvc.dll
2012-09-06 01:33:29: Company:
2012-09-06 01:33:29: Mod/Cre/Acc time: 20080413171210 20040811150038 20120906004904
2012-09-06 01:33:29: ---------------------------------------------------------------------
2012-09-06 01:33:29: Found Service: wuauserv
2012-09-06 01:33:29: Real Path: C:\WINDOWS\system32\wuauserv.dll
2012-09-06 01:33:29: Display Name: Automatic Updates
2012-09-06 01:33:29: Description:
2012-09-06 01:33:29: ServiceDLL: system32\wuauserv.dll
2012-09-06 01:33:29: File size: 6656
2012-09-06 01:33:29: DLL File name: wuauserv.dll
2012-09-06 01:33:29: Original File Name: wuauserv.dll
2012-09-06 01:33:29: Company:
2012-09-06 01:33:29: Mod/Cre/Acc time: 20080413171211 20040811151255 20120906004909
2012-09-06 01:33:29: ---------------------------------------------------------------------
2012-09-06 01:33:29: Found Service: WudfSvc
2012-09-06 01:33:29: Real Path: C:\WINDOWS\System32\WUDFSvc.dll
2012-09-06 01:33:29: Display Name: Windows Driver Foundation - User-mode Driver Framework
2012-09-06 01:33:29: Description: Manages user-mode driver host processes
2012-09-06 01:33:29: ServiceDLL: System32\WUDFSvc.dll
2012-09-06 01:33:29: File size: 55808
2012-09-06 01:33:29: DLL File name: WUDFSvc.dll
2012-09-06 01:33:29: Original File Name: WUDFSvc.dll
2012-09-06 01:33:29: Company:
2012-09-06 01:33:29: Mod/Cre/Acc time: 20060928185614 20060928185614 20120906004909
2012-09-06 01:33:29: ---------------------------------------------------------------------
2012-09-06 01:33:29: Found Service: WZCSVC
2012-09-06 01:33:29: Real Path: C:\WINDOWS\System32\wzcsvc.dll
2012-09-06 01:33:29: Display Name: Wireless Zero Configuration
2012-09-06 01:33:29: Description: Provides automatic configuration for the 802.11 adapters
2012-09-06 01:33:29: ServiceDLL: System32\wzcsvc.dll
2012-09-06 01:33:29: File size: 483840
2012-09-06 01:33:29: DLL File name: wzcsvc.dll
2012-09-06 01:33:29: Original File Name: wzcsvc.dll
2012-09-06 01:33:29: Company:
2012-09-06 01:33:29: Mod/Cre/Acc time: 20080413171211 20040803225648 20120906004911
2012-09-06 01:33:30: ---------------------------------------------------------------------
2012-09-06 01:33:30: Found Service: xmlprov
2012-09-06 01:33:30: Real Path: C:\WINDOWS\System32\xmlprov.dll
2012-09-06 01:33:30: Display Name: Network Provisioning Service
2012-09-06 01:33:30: Description: Manages XML configuration files on a domain basis for automatic network provisioning.
2012-09-06 01:33:30: ServiceDLL: System32\xmlprov.dll
2012-09-06 01:33:30: File size: 129024
2012-09-06 01:33:30: DLL File name: xmlprov.dll
2012-09-06 01:33:30: Original File Name: xmlprov.dll
2012-09-06 01:33:30: Company:
2012-09-06 01:33:30: Mod/Cre/Acc time: 20080413171211 20040811150039 20120906004921
2012-09-06 01:33:30:
2012-09-06 01:33:30: Looking for SHELL key
2012-09-06 01:33:30: Now looking for bad DLL files in system32
2012-09-06 01:46:08: Folder: GAC
2012-09-06 01:46:08: Folder: GAC_32
2012-09-06 01:46:08: Folder: GAC_MSIL
2012-09-06 01:46:09: Folder: NativeImages1_v1.1.4322
2012-09-06 01:46:09: Folder: NativeImages_v2.0.50727_32
2012-09-06 01:46:09: Folder: temp
2012-09-06 01:46:09: Folder: tmp
2012-09-06 01:46:09: Checking for bad folder
2012-09-06 01:46:09: Found 1 folders.
2012-09-06 01:46:09: Checking C:\WINDOWS\assembly\tmp
2012-09-06 01:46:09: ... Folder test returns: 1
2012-09-06 01:46:09: Done with folder list in C:\WINDOWS\assembly\ tmp
2012-09-06 01:46:12: Checking for bad folder
2012-09-06 01:46:12: Found 224 folders.
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2079403$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2115168$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2121546$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2141007$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2158563$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2160329$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2229593$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2259922$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2279986$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2286198$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2296011$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2296199$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2345886$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2347290$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2360937$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2378111_WM9$
2012-09-06 01:46:12: ... Folder test returns: 1
2012-09-06 01:46:12: Checking C:\WINDOWS\$NtUninstallKB2387149$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2393802$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2412687$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2419632$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2423089$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2436673$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2440591$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2443105$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2443685$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2467659$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2476490$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2476687$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2478960$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2478971$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2479628$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2479943$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2481109$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2483185$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2485376$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2485663$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2491683$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2503665$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2506212$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2507618$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2507938$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2508272$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2508429$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2509553$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2524375$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2535512$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2536276-v2$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2541763$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2544893$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2544893-v2$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2555917$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2562937$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2564958$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2566454$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2567053$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2567680$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2570222$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2570791$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2570947$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2584146$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2592799$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2598479$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2603381$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2607712$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2616676$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2618451$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2619339$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2620712$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2624667$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2631813$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2633952$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2641690$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2646524$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2653956$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2655992$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2659262$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2661637$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2676562$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2686509$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2691442$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2695962$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2698365$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2705219$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2707511$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2712808$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2718704$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2719985$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB2731847$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB835221WXP$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB896256$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB898461$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB904942$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB914440$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB915865$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB923561$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB923723$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB929399$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB931784$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB932823-v3$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB938464$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB938464-v2$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB938464_0$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB941569$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB946648$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB946648_0$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB950762$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB950974$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB950974_0$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB951066$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB951066_0$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB951072-v2$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB951376-v2$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB951698$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB951748$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB951748_0$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB951978$
2012-09-06 01:46:13: ... Folder test returns: 1
2012-09-06 01:46:13: Checking C:\WINDOWS\$NtUninstallKB952004$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB952069_WM9$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB952287$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB952287_0$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB952954$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB952954_0$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB953838$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB953839$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB954155_WM9$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB954211$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB954459$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB954600$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB955069$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB955759$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB955839$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB956391$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB956572$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB956744$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB956802$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB956803$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB956841$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB956844$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB957095$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB957097$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB958644$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB958687$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB958690$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB958869$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB959426$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB960225$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB960715$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB960803$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB960859$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB961118$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB961371$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB961373$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB961501$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB967715$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB968389$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB968537$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB968816_WM9$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB969059$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB969898$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB969947$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB970238$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB970430$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB970653-v3$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB971029$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB971468$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB971486$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB971557$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB971633$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB971657$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB971737$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB971961$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB972270$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB973346$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB973354$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB973507$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB973525$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB973540_WM9$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB973687$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB973815$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB973869$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB973904$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB974112$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB974318$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB974392$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB974571$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB975025$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB975467$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB975558_WM8$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB975560$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB975561$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB975562$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB975713$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB976098-v2$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB977165$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB977816$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB977914$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB978037$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB978251$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB978262$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB978338$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB978542$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB978601$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB978695_WM9$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB978706$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB979306$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB979309$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB979402_WM9$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB979482$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB979559$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB979683$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB979687$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB980195$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB980218$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB980232$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB980436$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB981322$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB981793$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB981852$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB981957$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB981997$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB982132$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB982214$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB982665$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Checking C:\WINDOWS\$NtUninstallKB982802$
2012-09-06 01:46:14: ... Folder test returns: 1
2012-09-06 01:46:14: Done with folder list in C:\WINDOWS\ $NTuninstallKB*
2012-09-06 01:46:19: Some drivers where replaced. We need to enforce...
2012-09-06 01:46:19: Drivers replaced:
2012-09-06 01:46:19: B89CFBE8CB247B57D8C10ADAA66B462B

11028C6A84A967070CB1286550F2058F

2012-09-06 01:46:19: Autonomous mode, clearing out yt folder
2012-09-06 01:46:21: cmd.exe /c start "C:\Documents and Settings\Hemal Patel\Desktop\yorkyt.exe"
2012-09-06 01:47:12: Restarting...
2012-09-06 01:55:53: ****************************************************
2012-09-06 01:55:55: Starting UP ... v 0.0.0.220
2012-09-06 01:55:55: ****************************************************
2012-09-06 01:56:02: Stop TPSRV returns: 2
2012-09-06 01:56:17: Listing processes...
2012-09-06 01:56:17: :[System Process]:0
2012-09-06 01:56:17: :System:4
2012-09-06 01:56:17: :smss.exe:1172
2012-09-06 01:56:17: :csrss.exe:1272
2012-09-06 01:56:17: :winlogon.exe:1324
2012-09-06 01:56:17: :services.exe:1380
2012-09-06 01:56:17: :lsass.exe:1392
2012-09-06 01:56:17: :svchost.exe:1624
2012-09-06 01:56:17: :svchost.exe:1688
2012-09-06 01:56:17: :svchost.exe:1728
2012-09-06 01:56:17: :svchost.exe:2036
2012-09-06 01:56:17: :svchost.exe:200
2012-09-06 01:56:17: :WLTRYSVC.EXE:380
2012-09-06 01:56:17: :BCMWLTRY.EXE:408
2012-09-06 01:56:17: :spoolsv.exe:488
2012-09-06 01:56:17: :scardsvr.exe:720
2012-09-06 01:56:17: :svchost.exe:444
2012-09-06 01:56:17: :avgwdsvc.exe:1032
2012-09-06 01:56:17: :mDNSResponder.exe:1008
2012-09-06 01:56:17: :jqs.exe:1136
2012-09-06 01:56:17: :WgaTray.exe:1632
2012-09-06 01:56:17: :mbamservice.exe:1208
2012-09-06 01:56:17: :explorer.exe:1848
2012-09-06 01:56:17: :NicConfigSvc.exe:196
2012-09-06 01:56:17: :nvsvc32.exe:364
2012-09-06 01:56:17: :PSIService.exe:672
2012-09-06 01:56:17: :avgnsx.exe:660
2012-09-06 01:56:17: :avgemcx.exe:632
2012-09-06 01:56:17: :avgrsx.exe:616
2012-09-06 01:56:17: :svchost.exe:1872
2012-09-06 01:56:17: :Wacom_Tablet.exe:1884
2012-09-06 01:56:17: :avgcsrvx.exe:1904
2012-09-06 01:56:17: :yorkyt.exe:1916
2012-09-06 01:56:17: :tcsd_win32.exe:2128
2012-09-06 01:56:17: :Wacom_Tablet.exe:2220
2012-09-06 01:56:17: :SynTPEnh.exe:2676
2012-09-06 01:56:17: :rundll32.exe:2732
2012-09-06 01:56:17: :TosBtSrv.exe:2780
2012-09-06 01:56:17: :WLTRAY.EXE:2784
2012-09-06 01:56:17: :dllhost.exe:2852
2012-09-06 01:56:17: :nmctxth.exe:2940
2012-09-06 01:56:17: :nmapp.exe:2948
2012-09-06 01:56:17: :avgidsagent.exe:3000
2012-09-06 01:56:17: :reader_sl.exe:3020
2012-09-06 01:56:17: :avgtray.exe:3144
2012-09-06 01:56:17: :ctfmon.exe:3164
2012-09-06 01:56:17: :TosBtMng.exe:3184
2012-09-06 01:56:17: :nmsrvc.exe:3368
2012-09-06 01:56:17: :wuauclt.exe:3528
2012-09-06 01:56:17: :wmiprvse.exe:3920
2012-09-06 01:56:17: :TosA2dp.exe:4032
2012-09-06 01:56:17: :TosBtHid.exe:264
2012-09-06 01:56:17: :TosBtHSP.exe:1264
2012-09-06 01:56:17: :TosAVRC.exe:568
2012-09-06 01:56:17: :dllhost.exe:3768
2012-09-06 01:56:17: :wmiprvse.exe:3792
2012-09-06 01:56:17: :alg.exe:3564
2012-09-06 01:56:17: :msdtc.exe:2596
2012-09-06 01:56:17:
2012-09-06 01:56:17: Starting cleanup mode...
2012-09-06 01:57:37: ... Done with files, now folders
2012-09-06 01:59:47: All DONE

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 06 September 2012 - 10:37 PM

1.
  • Re-Run RogueKiller
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Delete
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

2.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 medovic

medovic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 06 September 2012 - 11:31 PM

Rogue Killer provided two logs. Found a proxy, suggested I use proxyfix, I have not used it yet.

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Hemal Patel [Admin rights]
Mode : Scan -- Date : 09/06/2012 21:22:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY FF] w517w3dj.default\ : -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320421ASG +++++
--- User ---
[MBR] a1bb0b68b40cb8b9b93eadb1e8e399e6
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 305133 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Hemal Patel [Admin rights]
Mode : Remove -- Date : 09/06/2012 21:25:01

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY FF] w517w3dj.default\ : -> NOT REMOVED, USE PROXYFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320421ASG +++++
--- User ---
[MBR] a1bb0b68b40cb8b9b93eadb1e8e399e6
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 305133 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

ADW Cleaner log:


# AdwCleaner v2.000 - Logfile created 09/06/2012 at 21:27:28
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Hemal Patel - HEMAL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Hemal Patel\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Headlight

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Documents and Settings\Hemal Patel\Application Data\Mozilla\Firefox\Profiles\w517w3dj.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [777 octets] - [06/09/2012 21:27:28]

########## EOF - C:\AdwCleaner[R1].txt - [836 octets] ##########

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 07 September 2012 - 02:05 PM

Hello,

Please run Rogue killer again. If it suggests running proxy fix please do so and post the logs.

Along with how the machine is running.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 medovic

medovic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 07 September 2012 - 02:20 PM

Machine still seems to be running very slow. Internet is a little slow, but no redirecting. My programs are running
very slow.

Here is the log:



RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Hemal Patel [Admin rights]
Mode : ProxyFix -- Date : 09/07/2012 12:16:41

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY FF] w517w3dj.default\ : -> DELETED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

Edited by medovic, 07 September 2012 - 02:49 PM.


#13 medovic

medovic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 07 September 2012 - 02:26 PM

Also found two new registry entries, I have recently updated windows, maybe that is the cause?


RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Hemal Patel [Admin rights]
Mode : Scan -- Date : 09/07/2012 12:12:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY FF] w517w3dj.default\ : -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320421ASG +++++
--- User ---
[MBR] a1bb0b68b40cb8b9b93eadb1e8e399e6
[BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 305133 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:16 AM

Posted 07 September 2012 - 04:03 PM

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)
Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 medovic

medovic
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 07 September 2012 - 04:29 PM

OTL logfile created on: 9/7/2012 2:15:07 PM - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Hemal Patel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 72.65% Memory free
5.34 Gb Paging File | 4.57 Gb Available in Paging File | 85.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.98 Gb Total Space | 229.21 Gb Free Space | 76.92% Space Free | Partition Type: NTFS

Computer Name: HEMAL | User Name: Hemal Patel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/07 14:13:45 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hemal Patel\Desktop\OTL.exe
PRC - [2012/09/06 23:03:49 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/29 10:54:53 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/12/26 14:28:46 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 10:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2008/02/22 08:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/01/22 18:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008/01/09 08:38:44 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/11/08 20:50:10 | 001,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/10/29 12:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/10/04 16:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/09/28 14:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/09/07 11:40:34 | 000,132,392 | -H-- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2007/09/07 11:40:04 | 001,373,480 | -H-- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2006/11/02 17:40:12 | 000,174,656 | -H-- | M] () -- C:\WINDOWS\system32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/07 01:41:53 | 009,813,704 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012/08/29 10:54:52 | 002,242,528 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/09/16 17:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/01/20 15:09:40 | 000,466,944 | -H-- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2007/10/09 02:17:44 | 000,139,264 | -H-- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2007/10/09 02:17:36 | 000,753,664 | -H-- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2007/09/10 07:53:26 | 000,262,144 | -H-- | M] () -- C:\WINDOWS\system32\wxvault.dll
MOD - [2007/07/23 13:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2006/11/02 17:40:12 | 000,174,656 | -H-- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/07/22 19:30:18 | 000,065,536 | -H-- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srvDA4.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srvDA4.tmp] -- (srvDA4)
SRV - File not found [Auto | Stopped] -- \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv418.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv418.tmp] -- (srv418)
SRV - File not found [Auto | Stopped] -- \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv1344.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv1344.tmp] -- (srv1344)
SRV - [2012/09/07 01:42:00 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/06 23:03:49 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/29 10:54:52 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/21 14:12:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/26 14:28:46 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/09/09 18:02:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/02/22 10:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/11/08 20:50:10 | 001,552,384 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/09/28 14:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/13 12:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/09/07 15:29:04 | 000,737,280 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2007/09/07 11:40:04 | 001,373,480 | -H-- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2007/08/31 15:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2006/11/02 17:40:12 | 000,174,656 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\htcusbnet.sys -- (htcusbnet)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.tosrfcom)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (.avgtdix)
DRV - [2012/09/07 12:09:15 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{482536FE-D85F-42AB-9B27-6B7914BAB00B}\MpKsl2b4f86af.sys -- (MpKsl2b4f86af)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/06/15 17:35:02 | 000,985,472 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/06/15 17:35:00 | 000,731,264 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/06/15 17:35:00 | 000,210,688 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/04/01 12:22:34 | 000,041,856 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2008/04/01 12:22:30 | 000,018,612 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2008/04/01 12:22:28 | 000,074,240 | -H-- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008/04/01 12:22:26 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2008/04/01 12:22:26 | 000,036,608 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2008/04/01 12:22:24 | 000,131,712 | -H-- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008/04/01 12:22:22 | 000,041,600 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2007/12/05 18:07:36 | 001,222,840 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/11/28 14:18:24 | 000,062,208 | -H-- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/10/09 02:17:42 | 001,123,328 | -H-- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/09/10 07:55:00 | 000,161,280 | -H-- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 07:57:14 | 000,026,608 | -H-- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2007/09/06 07:18:40 | 000,018,176 | -H-- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WaveFDE.sys -- (WaveFDE)
DRV - [2007/07/23 13:05:20 | 000,009,104 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 13:04:58 | 000,037,360 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 13:04:56 | 000,098,448 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 13:04:56 | 000,093,552 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 13:04:54 | 000,027,216 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 13:04:52 | 000,032,848 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 13:04:52 | 000,016,304 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 13:04:50 | 000,108,752 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 12:49:44 | 000,030,064 | -H-- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 12:49:44 | 000,014,576 | -H-- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/17 17:46:12 | 000,037,376 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/17 17:46:10 | 000,056,832 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/17 17:46:08 | 000,039,936 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/17 12:16:36 | 000,161,792 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/16 12:12:36 | 000,011,312 | -H-- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 11:30:12 | 000,012,848 | -H-- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/15 17:11:28 | 000,011,440 | -H-- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2005/08/12 14:50:46 | 000,016,128 | -H-- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080904
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080904
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F4 D2 99 14 60 49 E5 44 9E 24 8C 24 D7 2B BC 7C [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {C0CE75FD-8A5D-4395-841A-A252F0809A59}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{C0CE75FD-8A5D-4395-841A-A252F0809A59}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: ALone-live@ya.ru:1.3.8
FF - prefs.js..extensions.enabledAddons: {B7BAC886-7AB7-11E1-826D-B8AC6F996F26}:2.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{44BCE8B6-2EDE-42DB-A33C-0D6658EC75EE}: C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\{44BCE8B6-2EDE-42DB-A33C-0D6658EC75EE}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/06 23:32:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B7BAC886-7AB7-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\{B7BAC886-7AB7-11E1-826D-B8AC6F996F26}\ [2012/03/30 15:28:52 | 000,000,000 | ---D | M]

[2010/05/17 00:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hemal Patel\Application Data\Mozilla\Extensions
[2010/05/17 00:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hemal Patel\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/09/05 18:08:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hemal Patel\Application Data\Mozilla\Firefox\Profiles\w517w3dj.default\extensions
[2012/08/05 00:42:35 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Documents and Settings\Hemal Patel\Application Data\Mozilla\Firefox\Profiles\w517w3dj.default\extensions\ALone-live@ya.ru
[2011/10/21 13:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 13:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2012/09/07 13:41:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/30 15:28:52 | 000,000,000 | ---D | M] (Translate This!) -- C:\DOCUMENTS AND SETTINGS\HEMAL PATEL\LOCAL SETTINGS\APPLICATION DATA\{B7BAC886-7AB7-11E1-826D-B8AC6F996F26}
[2009/09/16 18:30:38 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/08/29 10:54:53 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 10:54:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/29 10:54:47 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/04 20:08:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346970759109 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285650251734 (MUWebControl Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27813A5B-1196-4CC1-8F6F-62EEED84D844}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - (C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll) - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O24 - Desktop WallPaper: C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: srv1344 - \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv1344.tmp File not found
NetSvcs: srv418 - \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv418.tmp File not found
NetSvcs: srvDA4 - \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srvDA4.tmp File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {9A16C2C8-665F-06CB-C5F2-67EF0219A285} - Vector Graphics Rendering (VML)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/07 14:13:45 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hemal Patel\Desktop\OTL.exe
[2012/09/07 13:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\Temp
[2012/09/07 10:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/09/06 23:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/09/06 23:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/09/06 23:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/09/06 23:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/09/06 23:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/09/06 23:11:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/06 23:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/06 22:59:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/09/06 22:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\Sun
[2012/09/06 22:39:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Hemal Patel\Recent
[2012/09/06 17:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/06 16:18:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/09/06 01:14:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DBBK
[2012/09/05 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/05 17:19:15 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Hemal Patel\Desktop\esetsmartinstaller_enu.exe
[2012/09/05 16:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hemal Patel\Desktop\RK_Quarantine
[2012/09/05 16:46:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/05 15:49:36 | 000,000,000 | ---D | C] -- C:\c2029b4a3661eff7f9ec64
[2012/09/04 20:30:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/04 19:04:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/04 18:59:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/04 18:59:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/04 18:59:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/04 18:59:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/04 18:59:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/04 18:58:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/09/04 18:42:21 | 004,743,490 | R--- | C] (Swearware) -- C:\Documents and Settings\Hemal Patel\Desktop\ComboFix.exe
[2012/09/04 06:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hemal Patel\Desktop\gmer
[2012/09/04 05:57:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Hemal Patel\Desktop\dds.com
[2012/09/04 01:33:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/09/03 13:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2012/09/03 13:04:29 | 000,000,000 | ---D | C] -- C:\Temp
[2012/08/23 22:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hemal Patel\Desktop\WIP
[2012/08/17 17:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hemal Patel\Application Data\EPSON
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/07 14:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/07 14:13:45 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hemal Patel\Desktop\OTL.exe
[2012/09/07 12:08:01 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/09/06 23:57:24 | 000,002,465 | ---- | M] () -- C:\Documents and Settings\Hemal Patel\Desktop\Corel Painter X.lnk
[2012/09/06 23:16:07 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/09/06 22:48:52 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/06 22:48:25 | 003,641,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/06 22:42:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/06 22:42:16 | 3756,134,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/06 21:26:45 | 000,511,265 | ---- | M] () -- C:\Documents and Settings\Hemal Patel\Desktop\adwcleaner.exe
[2012/09/06 17:11:13 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\Hemal Patel\Desktop\Microsoft Security Essentials.lnk
[2012/09/06 17:07:00 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/09/06 13:44:41 | 226,516,178 | ---- | M] () -- C:\Documents and Settings\Hemal Patel\Desktop\MPC MattePainting.psd
[2012/09/06 01:11:59 | 001,415,784 | ---- | M] () -- C:\Documents and Settings\Hemal Patel\Desktop\yorkyt.exe
[2012/09/05 17:19:40 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Hemal Patel\Desktop\esetsmartinstaller_enu.exe
[2012/09/05 16:52:29 | 001,378,816 | ---- | M] () -- C:\Documents and Settings\Hemal Patel\Desktop\RogueKiller.exe
[2012/09/05 11:01:14 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/09/04 20:08:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/04 18:57:50 | 004,743,490 | R--- | M] (Swearware) -- C:\Documents and Settings\Hemal Patel\Desktop\ComboFix.exe
[2012/09/04 18:14:20 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Hemal Patel\Desktop\tdsskiller.exe
[2012/09/04 06:09:52 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Hemal Patel\Desktop\gmer.zip
[2012/09/04 05:57:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Hemal Patel\Desktop\dds.com
[2012/09/04 05:56:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Hemal Patel\defogger_reenable
[2012/09/04 05:55:23 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Hemal Patel\Desktop\Defogger.exe
[2012/09/02 13:10:10 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/08/16 22:27:24 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\dt.dat
[2012/08/15 17:57:39 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Hemal Patel\Desktop\Word..lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/06 23:16:06 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/06 23:16:06 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/09/06 22:42:19 | 003,641,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/06 21:26:37 | 000,511,265 | ---- | C] () -- C:\Documents and Settings\Hemal Patel\Desktop\adwcleaner.exe
[2012/09/06 17:15:02 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/09/06 17:11:13 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\Hemal Patel\Desktop\Microsoft Security Essentials.lnk
[2012/09/06 17:05:07 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/06 13:42:34 | 226,516,178 | ---- | C] () -- C:\Documents and Settings\Hemal Patel\Desktop\MPC MattePainting.psd
[2012/09/06 01:12:00 | 001,415,784 | ---- | C] () -- C:\Documents and Settings\Hemal Patel\Desktop\yorkyt.exe
[2012/09/05 16:52:27 | 001,378,816 | ---- | C] () -- C:\Documents and Settings\Hemal Patel\Desktop\RogueKiller.exe
[2012/09/04 20:19:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/04 20:19:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/09/04 19:04:17 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012/09/04 19:04:11 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/04 18:59:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/04 18:59:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/04 18:59:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/04 18:59:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/04 18:59:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/04 06:10:17 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Hemal Patel\Desktop\gmer.zip
[2012/09/04 05:56:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hemal Patel\defogger_reenable
[2012/09/04 05:55:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Hemal Patel\Desktop\Defogger.exe
[2012/09/03 18:14:30 | 3756,134,400 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/16 22:27:24 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\dt.dat
[2011/12/30 17:21:13 | 000,001,058 | -HS- | C] () -- C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\520hi15og85k11361861fucfnu5j045lhy3vl18100j
[2011/12/30 17:21:13 | 000,001,058 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\520hi15og85k11361861fucfnu5j045lhy3vl18100j
[2011/12/26 16:55:46 | 000,001,474 | -HS- | C] () -- C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\qc33xffd0ua6634ib5532kj7jn1xl3h8
[2011/12/26 16:55:46 | 000,001,474 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qc33xffd0ua6634ib5532kj7jn1xl3h8
[2011/12/12 18:48:29 | 000,001,152 | -HS- | C] () -- C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\oo1t3acu2h030k3ff5u31
[2011/12/12 18:48:29 | 000,001,152 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\oo1t3acu2h030k3ff5u31
[2011/12/10 19:18:25 | 000,013,104 | -HS- | C] () -- C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\62h2b084f2nlt8r64f7ko
[2011/12/10 19:18:25 | 000,013,104 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\62h2b084f2nlt8r64f7ko
[2011/08/18 18:03:25 | 000,014,288 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\y54261xt64u0x67uao4o3fyyu5hs23m
[2011/08/18 18:03:25 | 000,014,288 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\y54261xt64u0x67uao4o3fyyu5hs23m
[2011/06/23 16:38:06 | 000,001,598 | -HS- | C] () -- C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\opvmuvsx3808675
[2011/06/23 16:38:06 | 000,001,598 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\opvmuvsx3808675
[2011/04/02 01:02:20 | 000,015,336 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dtnhili8nqkcf2i5
[2010/09/29 14:29:38 | 000,016,968 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/07/09 00:03:31 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/09/22 22:11:58 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/09 12:57:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Hemal Patel\Local Settings\Application Data\WavXMapDrive.bat

========== LOP Check ==========

[2012/09/06 16:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/08/18 01:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 16:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/07/09 12:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/09/02 13:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/09/06 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/09/04 03:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2008/09/04 03:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2012/04/19 17:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Backup Tickets
[2011/11/29 14:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/04/20 00:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Configuration
[2012/04/19 17:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Data
[2012/08/17 17:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\EPSON
[2009/01/28 21:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\GetRightToGo
[2009/07/09 12:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Leadertech
[2012/06/21 19:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\MAXON
[2012/04/19 17:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Services
[2012/04/19 17:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Temp
[2008/09/04 03:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Wave Systems Corp
[2012/09/07 12:08:01 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



========== Custom Scans ==========

< c:\windows\*. /SL >

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >
[2012/09/07 01:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/09/06 23:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/09/06 23:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/09/06 16:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/08/18 01:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/03/14 16:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/09/12 19:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2008/09/04 03:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/07/09 12:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/09/09 18:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2012/09/02 18:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/09/02 13:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2008/09/04 03:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/01/04 23:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/06 22:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/09/06 16:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/09/06 17:04:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/05/20 03:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2010/04/06 21:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/09/04 03:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2008/09/09 13:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2011/09/13 02:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2004/08/11 15:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2012/05/15 00:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/09/04 03:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/07/27 16:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2008/09/04 03:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/01/05 15:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2012/01/03 10:46:15 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-A95000000001}\Setup.exe
[2012/07/27 18:20:55 | 000,343,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\setup.exe
[2007/01/10 21:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
[2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
[2012/07/13 16:41:23 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2011/02/08 05:33:04 | 000,580,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcfgex.exe
[2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgchsvx.exe
[2011/04/20 05:56:52 | 001,559,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcmgr.exe
[2012/04/06 18:08:28 | 004,103,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcremx.exe
[2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcsrvx.exe
[2011/08/18 01:33:30 | 003,833,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgdiagex.exe
[2011/02/08 05:33:04 | 000,278,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgdumpx.exe
[2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgemcx.exe
[2011/02/08 05:33:06 | 000,218,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avglscanx.exe
[2012/04/27 13:52:02 | 006,032,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe
[2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgnsx.exe
[2012/04/27 13:52:01 | 000,627,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgntdumpx.exe
[2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgrsx.exe
[2012/04/27 13:52:01 | 000,248,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgrunasx.exe
[2011/02/08 05:33:06 | 001,088,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgscanx.exe
[2012/01/17 21:03:00 | 001,266,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgsrmax.exe
[2012/01/12 12:06:32 | 009,125,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\AVGTBInstall.exe
[2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgtray.exe
[2012/01/17 21:03:24 | 003,593,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgui.exe
[2012/04/27 13:52:02 | 000,049,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avguirux.exe
[2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgwdsvc.exe
[2011/02/08 05:33:46 | 000,754,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgwsc.exe
[2011/02/08 05:33:10 | 000,456,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\fixcfg.exe
[2012/02/20 12:54:48 | 000,648,544 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\idpfixx.exe
[2010/04/06 20:58:44 | 001,956,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
[2009/02/02 17:23:55 | 030,418,224 | R--- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe

< %APPDATA%\*. >
[2012/09/07 13:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Adobe
[2009/01/06 23:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Apple Computer
[2012/04/19 17:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Backup Tickets
[2011/11/29 14:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/04/20 00:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Configuration
[2008/09/12 19:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Corel
[2012/04/02 04:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\CyberLink
[2012/04/19 17:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Data
[2008/09/09 12:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Dell
[2008/10/10 22:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\DivX
[2012/08/17 17:59:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\EPSON
[2009/01/28 21:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\GetRightToGo
[2012/06/11 17:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Google
[2012/04/20 00:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Help
[2004/08/11 15:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Identities
[2009/04/08 16:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\IGN_DLM
[2008/09/04 03:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\InstallShield
[2009/07/09 12:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Leadertech
[2008/09/09 13:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Macromedia
[2009/01/04 23:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Malwarebytes
[2012/06/21 19:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\MAXON
[2012/09/06 19:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Media Player Classic
[2012/09/07 13:38:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Microsoft
[2009/03/15 10:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Microsoft Web Folders
[2011/10/21 13:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Mozilla
[2010/05/16 23:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Real
[2010/01/24 16:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Roxio
[2012/04/19 17:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Services
[2012/06/22 13:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Skype
[2008/09/04 03:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Sun
[2012/04/19 17:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Temp
[2008/09/04 03:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\Wave Systems Corp
[2009/04/30 16:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\WinRAR
[2012/09/06 22:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemal Patel\Application Data\WTablet

< %APPDATA%\*.exe /s >
[2011/11/29 14:35:37 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Hemal Patel\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012/04/19 17:47:53 | 000,303,616 | ---- | M] () -- C:\Documents and Settings\Hemal Patel\Application Data\Services\kthd.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 15:06:14 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/11 15:06:14 | 000,659,456 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/11 15:06:14 | 000,876,544 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/07/04 07:05:18 | 000,139,784 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys

< End of report >

OTL Extras logfile created on: 9/7/2012 2:15:07 PM - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Hemal Patel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 72.65% Memory free
5.34 Gb Paging File | 4.57 Gb Available in Paging File | 85.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 297.98 Gb Total Space | 229.21 Gb Free Space | 76.92% Space Free | Partition Type: NTFS

Computer Name: HEMAL | User Name: Hemal Patel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Steam\steamapps\drainoftheage\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\drainoftheage\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3544DED1-07DB-40C0-98F3-435A6DA195C7}" = Google SketchUp 8
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1" = Cinema 4D version R12
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}" = Corel Painter X
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A846C812-B349-412D-9865-4BE22404B130}" = 3D Muscular Premium Anatomy
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1" = BovadaPoker
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"HitmanPro36" = HitmanPro 3.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"QuickTime32" = QuickTime for Windows (32-bit)
"Recuva" = Recuva
"Speccy" = Speccy
"Steam App 10" = Counter-Strike
"Steam App 730" = Counter-Strike: Global Offensive Beta
"SynTPDeinstKey" = Dell Touchpad
"Wacom Tablet Driver" = Wacom Tablet
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2012 7:56:23 PM | Computer Name = HEMAL | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 9/6/2012 7:59:06 PM | Computer Name = HEMAL | Source = Application Error | ID = 1004
Description = Faulting application RegSvcs.exe, version 1.1.4322.573, faulting module
unknown, version 0.0.0.0, fault address 0x00147d68.

Error - 9/6/2012 7:59:11 PM | Computer Name = HEMAL | Source = Application Error | ID = 1004
Description = Faulting application RegSvcs.exe, version 1.1.4322.573, faulting module
unknown, version 0.0.0.0, fault address 0x00147d68.

Error - 9/6/2012 8:00:53 PM | Computer Name = HEMAL | Source = Application Error | ID = 1004
Description = Faulting application RegSvcs.exe, version 1.1.4322.573, faulting module
unknown, version 0.0.0.0, fault address 0x00147d68.

Error - 9/6/2012 8:05:00 PM | Computer Name = HEMAL | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.0.1526.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 9/6/2012 8:05:16 PM | Computer Name = HEMAL | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/6/2012 8:07:00 PM | Computer Name = HEMAL | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/6/2012 9:15:48 PM | Computer Name = HEMAL | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/6/2012 11:01:28 PM | Computer Name = HEMAL | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 9/7/2012 1:45:53 AM | Computer Name = HEMAL | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
Line: 1115, StartTrace Failed, hr=0x800700a1

Error - 9/7/2012 2:25:42 PM | Computer Name = HEMAL | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/7/2012 4:39:49 PM | Computer Name = HEMAL | Source = Application Hang | ID = 1002
Description = Hanging application Eula.exe, version 10.1.4.38, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/6/2012 3:59:02 PM | Computer Name = HEMAL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 9/6/2012 6:01:55 PM | Computer Name = HEMAL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error - 9/6/2012 6:05:45 PM | Computer Name = HEMAL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

Error - 9/6/2012 6:14:51 PM | Computer Name = HEMAL | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 9/6/2012 6:14:51 PM | Computer Name = HEMAL | Source = Service Control Manager | ID = 7023
Description = The srv418 service terminated with the following error: %%126

Error - 9/6/2012 6:14:51 PM | Computer Name = HEMAL | Source = Service Control Manager | ID = 7023
Description = The srvDA4 service terminated with the following error: %%126

Error - 9/6/2012 6:14:51 PM | Computer Name = HEMAL | Source = Service Control Manager | ID = 7023
Description = The srv1344 service terminated with the following error: %%126

Error - 9/6/2012 6:14:51 PM | Computer Name = HEMAL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the TdmService service to
connect.

Error - 9/6/2012 6:14:51 PM | Computer Name = HEMAL | Source = Service Control Manager | ID = 7000
Description = The TdmService service failed to start due to the following error:
%%1053

Error - 9/6/2012 9:17:37 PM | Computer Name = HEMAL | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users