Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan horse Generic, BackDoor


  • This topic is locked This topic is locked
40 replies to this topic

#1 Fruit

Fruit

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 AM

Posted 27 March 2013 - 07:20 PM

Hi, I was instructed to post here from this topic: http://www.bleepingcomputer.com/forums/t/489889/trojan-horse-backdoor-infection/ (Message copied below)

 

_______________

 

I am well aware of how dangerous trojan backdoor is and the best way to fix it is to reformat my computer, as informed by boopme. Yes, I plan to reformat my computer soon but I kept getting Trojan Horse Generic from AVG scans so I'm not sure whether I should reformat it now or after these generics are cleaned. I was told in some cases, some viruses remain after a reformat. Because I am quite inexperienced with trojan backdoors, I don't know if the trojan generics can also be cleaned by reformatting my computer, or if there are more different trojans.

 

Thank you for your help!

 

_______________

 

 

This is what was written on the topic:

 

"

Hello,

 

2 days ago, I decided to run a regular virus scan and unexpectedly, my computer was infected with “Trojan horse Generic32.MKY”. It was removed after the scan by AVG.

 

Then later, AVG popped out and said it detected another one of the same infection, which was removed afterwards as well. The virus didn’t affect my computer performance therefore I didn’t know my computer was infected.

 

I was worried that that there were more Trojans because the second Trojan wasn’t detected from the scan. So I scanned my computer with AVG, Malwarebytes, ESET Online Scanner and Superantispyware.

 

All came out clean so I thought the problem was over…

 

 

 

Today, while I was surfing the internet, my webpage suddenly redirected when I didn’t click anything. The page started to load Java so I ended it with task manager because apparently clicking close didn’t work. AVG popped out a “Multiple threat detection” and found 2 “Trojan horse BackDoor.Generic15.BYNL”, which I clicked move to vault. An AVG Identity Protection window also popped out and it said “IDP.Generic.3035C45D” at threat name. So I removed it and restarted my computer as suggested.

 

I received a “Threat Removal Completed” window when it finished restarting. The summary page said 1 process was terminated and 4 files were deleted.

 

 

However I don’t think I should assume that my computer is clean now just like it wasn’t 2 days ago.

 

 

OS: Windows XP

 

Thank you so much for your help!

"
 

_______________

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.4.1
Run by HP_Administrator at 20:01:36 on 2013-03-27
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1015.328 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hk.yahoo.com/
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: HP view: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: <No Name>:  - LocalServer32 - <no file>
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1364152741250
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{0E6E388D-8479-41CD-A6EC-C75515830010} : DHCPNameServer = 192.168.1.1 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SEH: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.172\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator.your-55e5f9e3d2\application data\mozilla\firefox\profiles\o95jzmji.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 301920]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-3-30 173880]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-03-13 20:53:40 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 20:53:40 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 1292288 ------w- c:\windows\system32\quartz.dll
2009-05-26 00:30:47 14519936 ----a-w- c:\program files\Install_AIM.exe
2007-08-07 23:05:47 697856 ----a-w- c:\program files\ClientServiceInstaller.msi
2005-10-05 03:26:36 395632 ----a-w- c:\program files\SP31149(vs15).exe
.
============= FINISH: 20:07:48.32 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:11 PM

Posted 28 March 2013 - 05:53 AM

Hello Fruit and welcome back to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
 

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your logs now and will reply with instructions shortly.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:11 PM

Posted 28 March 2013 - 07:25 AM

Hello again.

I wouldn’t be too quick to reformat. As Boopme says, you can never be 100% certain that any infection has gone but there seems to be no sign at the moment.

AVG is known for “false positives” so I think we should run some more scans and see if there is/was any infection on your computer.


Download and run OTL
 

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.

===================================================

Run aswMBR
 

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

Logs to include with next post:

OTL.txt
Extras.txt
aswMBR log


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 AM

Posted 28 March 2013 - 09:34 AM

Hi Satchfan! Thank you for your reply!

 

I believed avg's detection of backdoor because the webpage suddenly redirected and loaded java. I don't know what it means but it was suspicious enough for me. I wish it was a false positive though, since reformatting a 7 year old computer isn't so pleasant. I have screenshots of AVG's detection windows if you'd like to have a look at.

 

 

 

OTL logfile created on: 3/28/2013 10:13:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.29 Mb Total Physical Memory | 376.61 Mb Available Physical Memory | 37.09% Memory free
2.39 Gb Paging File | 1.83 Gb Available in Paging File | 76.90% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 163.93 Gb Free Space | 72.90% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.37 Gb Free Space | 17.17% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-55E5F9E3D2 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/28 10:12:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\OTL.exe
PRC - [2013/02/27 17:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/11/19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/11/08 04:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/10/06 11:42:13 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
PRC - [2011/09/23 16:44:16 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/12 04:10:22 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2005/04/06 21:57:12 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/04/06 21:53:00 | 002,805,248 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/23 16:44:16 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2005/05/26 23:24:15 | 000,147,493 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\bwfiles.dll
MOD - [2005/05/26 23:24:15 | 000,094,243 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\FrExt.dll
MOD - [2005/05/26 23:24:15 | 000,061,496 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.3.2.62\Program\clntutil.dll
MOD - [2005/05/26 23:24:15 | 000,024,615 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\frext-309731.dll
MOD - [2005/05/26 23:24:15 | 000,024,615 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\BWfiles-309731.dll
MOD - [2005/05/26 23:24:13 | 000,126,976 | ---- | M] () -- C:\Program Files\Updates from HP\309731\Program\HPClientExt.dll
MOD - [2005/03/15 15:17:28 | 000,204,800 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/03/13 16:53:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/14 20:55:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012/12/10 04:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/08 04:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/14 20:41:38 | 000,173,880 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2005/04/15 21:05:42 | 002,564,032 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/01/19 20:21:56 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/10/15 17:52:48 | 000,071,168 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004/06/29 13:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/03/18 02:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2001/06/04 09:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hk.yahoo.com/
IE - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008\..\SearchScopes,DefaultScope = {16D675CB-BC35-42CC-A27F-34566CC6006F}
IE - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008\..\SearchScopes\{16D675CB-BC35-42CC-A27F-34566CC6006F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={73FB19D2-1043-45FE-ACF5-9404F63ECD90}&mid=81f5bceed46347d1ac10d15a92ea84c7-f0ba9a5aef42950f6b47279c4e03f2510561bb70&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/03/06 13:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 10:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/14 20:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/10/22 16:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Mozilla\Extensions
[2012/10/23 18:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Mozilla\Firefox\Profiles\o95jzmji.default\extensions
[2012/11/14 20:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/14 20:55:38 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/10 21:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/10 21:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={73FB19D2-1043-45FE-ACF5-9404F63ECD90}&mid=81f5bceed46347d1ac10d15a92ea84c7-f0ba9a5aef42950f6b47279c4e03f2510561bb70&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: http://hk.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3117649336-2842489400-1321157958-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1364152741250 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E6E388D-8479-41CD-A6EC-C75515830010}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/26 23:52:38 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/28 10:11:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\OTL.exe
[2013/03/27 20:00:06 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\dds.com
[2013/03/21 16:32:03 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/21 16:32:03 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/06 13:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2009/05/25 20:30:37 | 014,519,936 | ---- | C] (AOL LLC.) -- C:\Program Files\Install_AIM.exe
[2005/10/04 23:26:36 | 000,395,632 | ---- | C] (Hewlett-Packard Company                                     ) -- C:\Program Files\SP31149(vs15).exe
[1 C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/28 10:19:01 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/28 10:12:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\OTL.exe
[2013/03/28 10:10:36 | 114,900,889 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/03/28 10:09:56 | 000,000,250 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2013/03/28 10:04:33 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/28 10:04:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/28 10:04:28 | 1064,685,568 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/28 09:49:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/27 20:00:23 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\dds.com
[2013/03/27 14:01:12 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/27 10:52:43 | 000,372,959 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\albanyapril6.JPG
[2013/03/24 18:24:53 | 000,408,067 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/03/24 15:22:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/24 12:09:20 | 000,000,024 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\random.dat
[2013/03/24 10:42:50 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\jagex_cl_runescape_LIVE.dat
[2013/03/23 22:47:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/13 22:34:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/13 16:53:40 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/13 16:53:40 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/12 14:07:51 | 000,594,031 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Closerlookapp.PNG
[2013/03/10 10:54:17 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/10 10:54:17 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/02 15:29:45 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Trailways of New York Fares and Schedules for Bus Travelers.url
[2013/02/28 22:33:07 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/02/28 18:04:10 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Maps and Directions - Old - University at Albany-SUNY.url
[1 C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/03/12 14:07:51 | 000,594,031 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Closerlookapp.PNG
[2013/03/09 21:46:30 | 000,372,959 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\albanyapril6.JPG
[2013/03/02 15:29:45 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Trailways of New York Fares and Schedules for Bus Travelers.url
[2013/02/28 18:04:09 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Maps and Directions - Old - University at Albany-SUNY.url
[2013/01/23 21:31:14 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\dt.dat
[2012/07/08 13:07:34 | 000,000,093 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\jagex_cl_runescape_LIVE_BETA.dat
[2012/07/08 13:07:34 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\random.dat
[2012/04/28 22:38:31 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/15 15:10:13 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\jagex_cl_runescape_LIVE1.dat
[2012/04/06 13:12:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 00:06:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/03 12:11:46 | 000,047,492 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/28 19:06:29 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\jagex_cl_runescape_LIVE.dat
[2011/09/25 11:37:05 | 000,112,898 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2011/09/25 11:37:04 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2011/09/22 21:56:31 | 000,112,396 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2011/09/22 21:56:30 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2011/09/22 17:54:06 | 000,000,362 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\wklnhst.dat
[2011/09/21 17:39:33 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\jagex_runescape_preferences2.dat
[2011/09/21 17:38:54 | 000,000,035 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\jagex_runescape_preferences.dat
[2011/09/18 15:05:14 | 000,000,155 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\fusioncache.dat
[2010/07/05 21:44:05 | 000,161,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/08/07 19:05:32 | 000,697,856 | ---- | C] () -- C:\Program Files\ClientServiceInstaller.msi
[2006/01/30 01:09:18 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
 
========== ZeroAccess Check ==========
 
[2013/03/26 14:49:52 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\@
[2013/03/26 14:49:52 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L
[2013/03/26 14:49:52 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U
[2005/01/28 05:37:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\n.
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/06/21 14:18:34 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n.
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
[2005/12/07 00:37:07 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
 
< MD5 for: EXPLORER.EXE  >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/10 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/10 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2004/08/10 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/10 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD2500JD-22HBC0
Partitions: 2
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic USB SD Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic USB CF Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic USB SM Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic USB MS Reader USB Device
Partitions: 0
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 8.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 225.00GB
Starting Offset: 8600739840
Hidden sectors: 0
 
 
========== Files - Unicode (All) ==========
[2013/01/26 00:45:58 | 000,002,961 | ---- | M] ()(C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\MBA???????? - Yahoo!????.url) -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\MBA畢業生高薪不再? - Yahoo!財經香港.url
[2013/01/26 00:45:58 | 000,002,961 | ---- | C] ()(C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\MBA???????? - Yahoo!????.url) -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\MBA畢業生高薪不再? - Yahoo!財經香港.url
[2013/01/22 00:23:55 | 000,004,571 | ---- | M] ()(C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\??????????????  ???? - ?? ??.url) -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\回收多批受污染澳洲製造軟芝士  觀看影片 - 新聞 香港.url
[2013/01/22 00:23:55 | 000,004,571 | ---- | C] ()(C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\??????????????  ???? - ?? ??.url) -- C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\回收多批受污染澳洲製造軟芝士  觀看影片 - 新聞 香港.url
(C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office ??) -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office 工具
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >



#5 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 AM

Posted 28 March 2013 - 09:36 AM

OTL Extras logfile created on: 3/28/2013 10:13:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1015.29 Mb Total Physical Memory | 376.61 Mb Available Physical Memory | 37.09% Memory free
2.39 Gb Paging File | 1.83 Gb Available in Paging File | 76.90% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 163.93 Gb Free Space | 72.90% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.37 Gb Free Space | 17.17% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-55E5F9E3D2 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with SpySubtract...] -- "C:\Program Files\InterMute\SpySubtract\SpySub.exe" "-sc" "%1" (InterMute, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{24FBE9FC-6C0E-4221-AE41-55A40BEFE93F}" = CameraDrivers
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2F3A3B57-8AB4-4136-8FD2-96A77D5183C1}" = AVG 2012
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{6512B303-F989-4C13-B9F6-A99989E4ED54}" = HP Tunes
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8D0C57BC-4942-4960-BB6D-142456D6F233}" = HP Image Zone for Media Center PC
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280404-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABA2B37F-AB88-486e-870A-52454A23FEE0}" = HP Photosmart Cameras 4.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBFDD98A-16DB-4A78-82A3-12ECCA29F1B0}" = AVG 2012
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}" = muvee autoProducer unPlugged - HPD
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EFF913ED-03A6-42D2-A2A7-5966A612EEB9}" = LS_HSI
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}" = muvee autoProducer 4.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"0C84A7C5-2762-4932-96BF-44A77202DCC3" = Blasterball 2 Remix from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1B497FAA-E53E-420D-8408-FFDD3278CD50" = Blasterball 2 Holidays from HP Media Center (remove only)
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"31D6EDEF-1926-4267-A24E-077BFB360F72" = Final Drive Nitro from HP Media Center (remove only)
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"4C838121-69EC-424A-8FB0-91C15306A758" = Phoenix Assault from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"600C800C-5985-4E74-AFE7-571001AC3FA4" = Slyder from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"9844050E-4CA4-4901-A53D-A5D14C63789B" = Lexibox Deluxe from HP Media Center (remove only)
"A8B63E91-BB8C-41FF-B530-5BB13C915612" = Overball from HP Media Center (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AIM_7" = AIM 7
"AVG" = AVG 2012
"B2AA88B1-4920-462B-9F7C-019782B3C4DB" = Shooting Stars Pool from HP Media Center (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"BackWeb-309731 Uninstaller" = Updates from HP
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Happy Feet Screen Saver" = Happy Feet Screen Saver
"Help and Support Additions" = Help and Support Additions
"HF_screensaver" = HF_screensaver
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 4.8.6
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ie8" = Windows Internet Explorer 8
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Quicken_NUE" = Remove Quicken New User Edition installer
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpySubtract" = SpySubtract
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/24/2013 9:44:43 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Hang | ID = 1002
Description = Hanging application MapleStory.exe, version 8.128.1.1, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 2/25/2013 2:44:55 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module mshtml.dll, version 8.0.6001.19400, fault address 0x000de19d.
 
Error - 3/15/2013 2:20:18 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/15/2013 2:20:23 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
 
Error - 3/16/2013 1:18:27 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application maplestory.exe, version 8.131.1.1, faulting module
 ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.
 
Error - 3/16/2013 7:35:33 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application maplestory.exe, version 8.131.1.1, faulting module
 ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.
 
Error - 3/23/2013 1:53:43 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application maplestory.exe, version 8.131.1.1, faulting module
 ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.
 
Error - 3/23/2013 8:38:44 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application maplestory.exe, version 8.131.1.1, faulting module
 ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.
 
Error - 3/24/2013 12:45:15 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application maplestory.exe, version 8.131.1.1, faulting module
 ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.
 
Error - 3/25/2013 10:09:01 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Application Error | ID = 1000
Description = Faulting application maplestory.exe, version 8.131.1.1, faulting module
 ntdll.dll, version 5.1.2600.6055, fault address 0x00010a19.
 
[ System Events ]
Error - 3/26/2013 8:16:05 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1060
 
Error - 3/27/2013 2:48:58 PM | Computer Name = YOUR-55E5F9E3D2 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time.
 
Error - 3/27/2013 6:59:16 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1060
 
Error - 3/27/2013 7:44:26 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
 to connect.
 
Error - 3/27/2013 7:44:26 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error:   %%1053
 
Error - 3/27/2013 7:54:27 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
 to connect.
 
Error - 3/27/2013 7:54:27 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error:   %%1053
 
Error - 3/27/2013 7:54:57 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
 to connect.
 
Error - 3/27/2013 7:54:57 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error:   %%1053
 
Error - 3/27/2013 11:14:49 PM | Computer Name = YOUR-55E5F9E3D2 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
  %%1060
 
 
< End of report >
 



#6 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 AM

Posted 28 March 2013 - 10:15 AM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-03-28 10:41:53
-----------------------------
10:41:53.968    OS Version: Windows 5.1.2600 Service Pack 3
10:41:53.968    Number of processors: 2 586 0x403
10:41:53.968    ComputerName: YOUR-55E5F9E3D2  UserName:
10:41:56.156    Initialize success
10:55:45.531    AVAST engine defs: 13032800
10:56:01.234    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
10:56:01.234    Disk 0 Vendor: WDC_WD2500JD-22HBC0 08.02D08 Size: 238475MB BusType: 3
10:56:01.437    Disk 0 MBR read successfully
10:56:01.437    Disk 0 MBR scan
10:56:01.468    Disk 0 unknown MBR code
10:56:01.484    Disk 0 Partition 1 00     0C    FAT32 LBA RECOVERY     8202 MB offset 63
10:56:01.500    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       230262 MB offset 16798320
10:56:01.500    Disk 0 scanning sectors +488376000
10:56:01.562    Disk 0 scanning C:\WINDOWS\system32\drivers
10:56:13.312    Service scanning
10:56:28.843    Modules scanning
10:56:37.609    Disk 0 trace - called modules:
10:56:37.640    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
10:56:37.656    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d89ab8]
10:56:37.656    3 CLASSPNP.SYS[f7508fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86d50d98]
10:56:40.859    AVAST engine scan C:\WINDOWS
10:57:05.203    AVAST engine scan C:\WINDOWS\system32
11:01:04.875    AVAST engine scan C:\WINDOWS\system32\drivers
11:01:28.234    AVAST engine scan C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2
11:11:47.156    AVAST engine scan C:\Documents and Settings\All Users
11:13:38.234    Scan finished successfully
11:14:28.875    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\MBR.dat"
11:14:28.890    The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\aswMBR.txt"


 



#7 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:11 PM

Posted 28 March 2013 - 12:22 PM

Run RogueKiller

 

Download RogueKiller to your desktop.

 

  • close all running programs

     

  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe

     

  • when the prescan is finished, click on Scan

     

  • click on Report and copy/paste the content in your next post

     

  • NOTE: DO NOT attempt to remove anything that the scan detects.

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

 

Please post the contents of the RKreport.txt in your next reply.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 AM

Posted 28 March 2013 - 12:29 PM

Hi Satchfan, while the prescan was running, AVG Identity Protection came up and identified RogueKiller.exe as a threat. Do I choose Move to Vault or Allow?



#9 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 AM

Posted 28 March 2013 - 12:55 PM

I chose allow and let it continue to run.

 

Here's the log:

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Scan -- Date : 03/28/2013 13:53:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ALCWZRD.EXE -- C:\WINDOWS\ALCWZRD.EXE [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  (C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\n.) [x] -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  (C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n.) [x] -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 :  (C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n.) [x] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\@ [-] --> FOUND
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U --> FOUND
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\U --> FOUND
[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L --> FOUND
[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500JD-22HBC0 +++++
--- User ---
[MBR] 70ed0f54399f6a69b52902f6c167fbba
[BSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8202 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16798320 | Size: 230262 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03282013_02d1353.txt >>
RKreport[1]_S_03282013_02d1353.txt



#10 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:11 PM

Posted 28 March 2013 - 07:10 PM

Unfortunately, the scan did show that you have this serious backdoor Trojan. These infections can be cleaned, but it will be impossible to be 100% sure that the machine is totally free of infection.

If you decide to go through with the cleanup, please proceed with the following steps:


Please do another scan with RogueKiller.

When it shows the results, check all the boxes next to the ZeroAccess detections then click on Delete. Post the log it produces.

======================================================

Please run these in the order requested.

Run TDSSKiller

Please download TDSSKiller.zip

  • extract it to your desktop
  • double click TDSSKiller.exe
  • press Start Scan
    • only if Malicious objects are found then ensure Cure is selected. Do not change it to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.
    • then click Continue > Reboot now
  • copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\) called TDSSKiller_*** (*** denotes version & date)

======================================================

Download and run ComboFix

Download ComboFix from the following location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • see this Link  for programs that need to be disabled and instruction on how to disable them.
  • remember to re-enable them when we're done.
  • double click on ComboFix.exe & follow the prompts.
  • as part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

    IftheCFrecconsisalreadyinstalled.jpg

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    WhenCFrecconsisinstalled.jpg

    Click on Yes, to continue scanning for malware.

Note: Do not mouse-click combofix's window while it is running. That may cause it to stall.

When finished, it will produce a log.   Please include the ComboFix.txt in your next reply. It can be found at C:\ComboFix.txt

Please also remember to include the TDSSKiller log

Thanks

Satchfan
 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 AM

Posted 28 March 2013 - 07:20 PM

I see. If you believe a reformat would be the best action, I would do so. Should I still finish the clean up though? To minimize chance of infection after a reformat perhaps? I don't mind since I'm on a spring break now anyway. Thank you for helping me so far!

 

Running RougeKiller again, I'll be back.



#12 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 AM

Posted 28 March 2013 - 07:30 PM

I remember seeing 3 detections with zeroaccess, not sure what happened to the third as it didn't show up on the deletion list.

 

EDIT: Oops I didn't see the RKreport[2] on my desktop so I clicked Report and it produced a RKreport[3]. Below is RKreport [2]:

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Scan -- Date : 03/28/2013 20:23:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ALCWZRD.EXE -- C:\WINDOWS\ALCWZRD.EXE [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  (C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\n.) [x] -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  (C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n.) [x] -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 :  (C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n.) [x] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\@ [-] --> FOUND
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U --> FOUND
[ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\U --> FOUND
[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L --> FOUND
[ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500JD-22HBC0 +++++
--- User ---
[MBR] 70ed0f54399f6a69b52902f6c167fbba
[BSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8202 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16798320 | Size: 230262 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_03282013_02d2023.txt >>
RKreport[1]_S_03282013_02d1353.txt ; RKreport[2]_S_03282013_02d2023.txt


Edited by Fruit, 28 March 2013 - 07:33 PM.


#13 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 AM

Posted 28 March 2013 - 07:36 PM

Rkreport[3]:

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Remove -- Date : 03/28/2013 20:28:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ALCWZRD.EXE -- C:\WINDOWS\ALCWZRD.EXE [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  (C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\n.) [x] -> REPLACED (C:\WINDOWS\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  (C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n.) [x] -> REPLACED (C:\WINDOWS\system32\wbem\fastprox.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\@ [-] --> REMOVED
[ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\RECYCLER\S-1-5-21-3117649336-2842489400-1321157958-1008\$ff24043d55f85ce9a20a8337d9b4b888\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500JD-22HBC0 +++++
--- User ---
[MBR] 70ed0f54399f6a69b52902f6c167fbba
[BSP] 8a7884da59e414827f91c43dcf324e78 : Toshiba MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 8202 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16798320 | Size: 230262 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_03282013_02d2028.txt >>
RKreport[1]_S_03282013_02d1353.txt ; RKreport[2]_S_03282013_02d2023.txt ; RKreport[3]_D_03282013_02d2028.txt



#14 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:12:11 PM

Posted 28 March 2013 - 07:37 PM

We'll go with what we're doing and hopefully get rid of it.

 

Please run the other two scans.

 

It's gone midnight here and I have an early start so won't reply again tonight.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 Fruit

Fruit
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:11 AM

Posted 28 March 2013 - 07:51 PM

Good night. :)

 

20:49:12.0062 2140 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

20:49:12.0343 2140 ============================================================

20:49:12.0343 2140 Current date / time: 2013/03/28 20:49:12.0343

20:49:12.0343 2140 SystemInfo:

20:49:12.0343 2140

20:49:12.0343 2140 OS Version: 5.1.2600 ServicePack: 3.0

20:49:12.0343 2140 Product type: Workstation

20:49:12.0343 2140 ComputerName: YOUR-55E5F9E3D2

20:49:12.0343 2140 UserName: HP_Administrator

20:49:12.0343 2140 Windows directory: C:\WINDOWS

20:49:12.0343 2140 System windows directory: C:\WINDOWS

20:49:12.0343 2140 Processor architecture: Intel x86

20:49:12.0343 2140 Number of processors: 2

20:49:12.0343 2140 Page size: 0x1000

20:49:12.0343 2140 Boot type: Normal boot

20:49:12.0343 2140 ============================================================

20:49:13.0734 2140 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

20:49:13.0859 2140 ============================================================

20:49:13.0859 2140 \Device\Harddisk0\DR0:

20:49:13.0859 2140 MBR partitions:

20:49:13.0859 2140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1005231

20:49:13.0859 2140 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1005270, BlocksNum 0x1C1BB450

20:49:13.0859 2140 ============================================================

20:49:13.0875 2140 C: <-> \Device\Harddisk0\DR0\Partition2

20:49:13.0875 2140 D: <-> \Device\Harddisk0\DR0\Partition1

20:49:13.0875 2140 ============================================================

20:49:13.0875 2140 Initialize success

20:49:13.0875 2140 ============================================================

20:49:55.0171 3456 ============================================================

20:49:55.0171 3456 Scan started

20:49:55.0171 3456 Mode: Manual;

20:49:55.0171 3456 ============================================================

20:49:55.0468 3456 ================ Scan system memory ========================

20:49:55.0484 3456 System memory - ok

20:49:55.0484 3456 ================ Scan services =============================

20:49:55.0593 3456 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

20:49:55.0593 3456 !SASCORE - ok

20:49:55.0750 3456 Abiosdsk - ok

20:49:55.0750 3456 abp480n5 - ok

20:49:55.0812 3456 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:49:55.0812 3456 ACPI - ok

20:49:55.0859 3456 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

20:49:55.0859 3456 ACPIEC - ok

20:49:55.0937 3456 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

20:49:55.0937 3456 AdobeFlashPlayerUpdateSvc - ok

20:49:55.0953 3456 adpu160m - ok

20:49:55.0968 3456 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

20:49:55.0968 3456 aec - ok

20:49:56.0015 3456 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

20:49:56.0015 3456 AFD - ok

20:49:56.0078 3456 [ 593AEFC67283D409F34CC1245D00A509 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys

20:49:56.0125 3456 AgereSoftModem - ok

20:49:56.0140 3456 Aha154x - ok

20:49:56.0156 3456 aic78u2 - ok

20:49:56.0156 3456 aic78xx - ok

20:49:56.0203 3456 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

20:49:56.0203 3456 Alerter - ok

20:49:56.0218 3456 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

20:49:56.0234 3456 ALG - ok

20:49:56.0234 3456 AliIde - ok

20:49:56.0250 3456 amsint - ok

20:49:56.0343 3456 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:49:56.0343 3456 Apple Mobile Device - ok

20:49:56.0390 3456 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

20:49:56.0390 3456 AppMgmt - ok

20:49:56.0437 3456 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

20:49:56.0437 3456 Arp1394 - ok

20:49:56.0437 3456 asc - ok

20:49:56.0453 3456 asc3350p - ok

20:49:56.0468 3456 asc3550 - ok

20:49:56.0593 3456 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

20:49:56.0593 3456 aspnet_state - ok

20:49:56.0625 3456 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:49:56.0625 3456 AsyncMac - ok

20:49:56.0671 3456 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

20:49:56.0671 3456 atapi - ok

20:49:56.0671 3456 Atdisk - ok

20:49:56.0703 3456 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:49:56.0703 3456 Atmarpc - ok

20:49:56.0734 3456 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

20:49:56.0734 3456 AudioSrv - ok

20:49:56.0781 3456 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

20:49:56.0781 3456 audstub - ok

20:49:57.0000 3456 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

20:49:57.0031 3456 AVGIDSAgent - ok

20:49:57.0093 3456 [ EF67527CC2AD77D22AB1405C6470407E ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

20:49:57.0093 3456 AVGIDSDriver - ok

20:49:57.0125 3456 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

20:49:57.0125 3456 AVGIDSFilter - ok

20:49:57.0156 3456 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys

20:49:57.0156 3456 AVGIDSHX - ok

20:49:57.0203 3456 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

20:49:57.0203 3456 AVGIDSShim - ok

20:49:57.0250 3456 [ 6671345A6E2669AF1966BAF68EC5620F ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys

20:49:57.0250 3456 Avgldx86 - ok

20:49:57.0281 3456 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

20:49:57.0281 3456 Avgmfx86 - ok

20:49:57.0296 3456 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

20:49:57.0296 3456 Avgrkx86 - ok

20:49:57.0343 3456 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys

20:49:57.0343 3456 Avgtdix - ok

20:49:57.0390 3456 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe

20:49:57.0390 3456 avgwd - ok

20:49:57.0453 3456 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

20:49:57.0453 3456 Beep - ok

20:49:57.0500 3456 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

20:49:57.0515 3456 BITS - ok

20:49:57.0609 3456 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

20:49:57.0609 3456 Bonjour Service - ok

20:49:57.0656 3456 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

20:49:57.0656 3456 Browser - ok

20:49:57.0703 3456 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

20:49:57.0703 3456 cbidf2k - ok

20:49:57.0703 3456 cd20xrnt - ok

20:49:57.0734 3456 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

20:49:57.0734 3456 Cdaudio - ok

20:49:57.0765 3456 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

20:49:57.0765 3456 Cdfs - ok

20:49:57.0796 3456 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:49:57.0796 3456 Cdrom - ok

20:49:57.0812 3456 Changer - ok

20:49:57.0859 3456 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

20:49:57.0859 3456 CiSvc - ok

20:49:57.0875 3456 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

20:49:57.0875 3456 ClipSrv - ok

20:49:57.0890 3456 CmdIde - ok

20:49:57.0906 3456 COMSysApp - ok

20:49:57.0921 3456 Cpqarray - ok

20:49:57.0953 3456 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

20:49:57.0953 3456 CryptSvc - ok

20:49:57.0953 3456 dac2w2k - ok

20:49:57.0968 3456 dac960nt - ok

20:49:58.0031 3456 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

20:49:58.0031 3456 DcomLaunch - ok

20:49:58.0046 3456 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

20:49:58.0062 3456 Dhcp - ok

20:49:58.0078 3456 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

20:49:58.0078 3456 Disk - ok

20:49:58.0078 3456 dmadmin - ok

20:49:58.0140 3456 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

20:49:58.0171 3456 dmboot - ok

20:49:58.0187 3456 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

20:49:58.0187 3456 dmio - ok

20:49:58.0218 3456 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

20:49:58.0218 3456 dmload - ok

20:49:58.0234 3456 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

20:49:58.0234 3456 dmserver - ok

20:49:58.0265 3456 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

20:49:58.0265 3456 DMusic - ok

20:49:58.0312 3456 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

20:49:58.0312 3456 Dnscache - ok

20:49:58.0359 3456 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

20:49:58.0359 3456 Dot3svc - ok

20:49:58.0375 3456 dpti2o - ok

20:49:58.0390 3456 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

20:49:58.0390 3456 drmkaud - ok

20:49:58.0390 3456 EagleXNt - ok

20:49:58.0437 3456 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

20:49:58.0437 3456 EapHost - ok

20:49:58.0437 3456 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

20:49:58.0453 3456 ERSvc - ok

20:49:58.0484 3456 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

20:49:58.0484 3456 Eventlog - ok

20:49:58.0546 3456 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

20:49:58.0546 3456 EventSystem - ok

20:49:58.0562 3456 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

20:49:58.0562 3456 Fastfat - ok

20:49:58.0609 3456 [ 1E580770BDECE924494B368AC980749E ] fasttx2k C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

20:49:58.0609 3456 fasttx2k - ok

20:49:58.0656 3456 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

20:49:58.0671 3456 FastUserSwitchingCompatibility - ok

20:49:58.0734 3456 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe

20:49:58.0765 3456 Fax - ok

20:49:58.0796 3456 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

20:49:58.0796 3456 Fdc - ok

20:49:58.0859 3456 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

20:49:58.0859 3456 Fips - ok

20:49:58.0890 3456 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

20:49:58.0890 3456 Flpydisk - ok

20:49:58.0906 3456 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

20:49:58.0921 3456 FltMgr - ok

20:49:58.0968 3456 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:49:58.0968 3456 Fs_Rec - ok

20:49:58.0968 3456 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:49:58.0968 3456 Ftdisk - ok

20:49:59.0031 3456 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:49:59.0031 3456 GEARAspiWDM - ok

20:49:59.0031 3456 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:49:59.0031 3456 Gpc - ok

20:49:59.0125 3456 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

20:49:59.0125 3456 gupdate - ok

20:49:59.0125 3456 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

20:49:59.0140 3456 gupdatem - ok

20:49:59.0171 3456 [ 160B24FD894E79E71C983EA403A6E6E7 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys

20:49:59.0171 3456 HdAudAddService - ok

20:49:59.0203 3456 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:49:59.0203 3456 HDAudBus - ok

20:49:59.0281 3456 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

20:49:59.0281 3456 helpsvc - ok

20:49:59.0281 3456 HidServ - ok

20:49:59.0328 3456 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:49:59.0328 3456 HidUsb - ok

20:49:59.0359 3456 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

20:49:59.0359 3456 hkmsvc - ok

20:49:59.0375 3456 hpn - ok

20:49:59.0421 3456 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys

20:49:59.0421 3456 HPZid412 - ok

20:49:59.0453 3456 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

20:49:59.0453 3456 HPZipr12 - ok

20:49:59.0484 3456 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys

20:49:59.0484 3456 HPZius12 - ok

20:49:59.0546 3456 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

20:49:59.0562 3456 HTTP - ok

20:49:59.0578 3456 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

20:49:59.0578 3456 HTTPFilter - ok

20:49:59.0593 3456 i2omgmt - ok

20:49:59.0593 3456 i2omp - ok

20:49:59.0625 3456 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:49:59.0625 3456 i8042prt - ok

20:49:59.0671 3456 [ 7C7560001937DD47FE933DE2181227F2 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

20:49:59.0703 3456 ialm - ok

20:49:59.0812 3456 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

20:49:59.0812 3456 IDriverT - ok

20:49:59.0828 3456 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

20:49:59.0828 3456 Imapi - ok

20:49:59.0875 3456 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

20:49:59.0890 3456 ImapiService - ok

20:49:59.0906 3456 ini910u - ok

20:50:00.0046 3456 [ 44792CCBC7B41B42EC068C6416D17DE1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

20:50:00.0109 3456 IntcAzAudAddService - ok

20:50:00.0125 3456 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

20:50:00.0125 3456 IntelIde - ok

20:50:00.0140 3456 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:50:00.0140 3456 intelppm - ok

20:50:00.0171 3456 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

20:50:00.0171 3456 Ip6Fw - ok

20:50:00.0203 3456 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:50:00.0203 3456 IpFilterDriver - ok

20:50:00.0234 3456 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:50:00.0234 3456 IpInIp - ok

20:50:00.0265 3456 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:50:00.0281 3456 IpNat - ok

20:50:00.0359 3456 [ CA1972397B845B2F53F5DC63C22FD98A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

20:50:00.0390 3456 iPod Service - ok

20:50:00.0406 3456 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:50:00.0406 3456 IPSec - ok

20:50:00.0437 3456 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

20:50:00.0437 3456 IRENUM - ok

20:50:00.0468 3456 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:50:00.0468 3456 isapnp - ok

20:50:00.0546 3456 [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

20:50:00.0546 3456 JavaQuickStarterService - ok

20:50:00.0578 3456 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:50:00.0593 3456 Kbdclass - ok

20:50:00.0656 3456 [ 1223A8B567FFDB4B8BB5F59E5F033FDB ] KeyScrambler C:\WINDOWS\system32\drivers\keyscrambler.sys

20:50:00.0671 3456 KeyScrambler - ok

20:50:00.0703 3456 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

20:50:00.0703 3456 kmixer - ok

20:50:00.0734 3456 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

20:50:00.0734 3456 KSecDD - ok

20:50:00.0765 3456 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

20:50:00.0781 3456 lanmanserver - ok

20:50:00.0828 3456 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

20:50:00.0828 3456 lanmanworkstation - ok

20:50:00.0843 3456 lbrtfdc - ok

20:50:00.0875 3456 [ 9BD7ADD61B031307DD075E5E6A917C4D ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe

20:50:00.0890 3456 LightScribeService - ok

20:50:00.0937 3456 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

20:50:00.0937 3456 LmHosts - ok

20:50:01.0000 3456 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

20:50:01.0000 3456 MDM - ok

20:50:01.0031 3456 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

20:50:01.0031 3456 Messenger - ok

20:50:01.0062 3456 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll

20:50:01.0062 3456 MHN - ok

20:50:01.0078 3456 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys

20:50:01.0078 3456 MHNDRV - ok

20:50:01.0125 3456 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

20:50:01.0125 3456 mnmdd - ok

20:50:01.0156 3456 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

20:50:01.0171 3456 mnmsrvc - ok

20:50:01.0203 3456 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

20:50:01.0218 3456 Modem - ok

20:50:01.0250 3456 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:50:01.0250 3456 Mouclass - ok

20:50:01.0296 3456 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:50:01.0296 3456 mouhid - ok

20:50:01.0312 3456 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

20:50:01.0312 3456 MountMgr - ok

20:50:01.0375 3456 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

20:50:01.0375 3456 MozillaMaintenance - ok

20:50:01.0375 3456 mraid35x - ok

20:50:01.0390 3456 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:50:01.0390 3456 MRxDAV - ok

20:50:01.0453 3456 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:50:01.0468 3456 MRxSmb - ok

20:50:01.0484 3456 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

20:50:01.0484 3456 MSDTC - ok

20:50:01.0500 3456 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

20:50:01.0500 3456 Msfs - ok

20:50:01.0500 3456 MSIServer - ok

20:50:01.0531 3456 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:50:01.0531 3456 MSKSSRV - ok

20:50:01.0578 3456 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:50:01.0578 3456 MSPCLOCK - ok

20:50:01.0593 3456 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

20:50:01.0593 3456 MSPQM - ok

20:50:01.0640 3456 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:50:01.0640 3456 mssmbios - ok

20:50:01.0671 3456 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

20:50:01.0671 3456 Mup - ok

20:50:01.0718 3456 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

20:50:01.0734 3456 napagent - ok

20:50:01.0765 3456 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

20:50:01.0765 3456 NDIS - ok

20:50:01.0781 3456 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:50:01.0781 3456 NdisTapi - ok

20:50:01.0796 3456 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:50:01.0796 3456 Ndisuio - ok

20:50:01.0796 3456 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:50:01.0796 3456 NdisWan - ok

20:50:01.0828 3456 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

20:50:01.0843 3456 NDProxy - ok

20:50:01.0843 3456 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

20:50:01.0843 3456 NetBIOS - ok

20:50:01.0890 3456 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

20:50:01.0890 3456 NetBT - ok

20:50:01.0937 3456 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

20:50:01.0937 3456 NetDDE - ok

20:50:01.0953 3456 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

20:50:01.0953 3456 NetDDEdsdm - ok

20:50:02.0000 3456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

20:50:02.0000 3456 Netlogon - ok

20:50:02.0015 3456 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

20:50:02.0031 3456 Netman - ok

20:50:02.0046 3456 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

20:50:02.0046 3456 NIC1394 - ok

20:50:02.0093 3456 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

20:50:02.0125 3456 Nla - ok

20:50:02.0125 3456 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

20:50:02.0125 3456 Npfs - ok

20:50:02.0156 3456 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

20:50:02.0187 3456 Ntfs - ok

20:50:02.0203 3456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

20:50:02.0203 3456 NtLmSsp - ok

20:50:02.0250 3456 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

20:50:02.0265 3456 NtmsSvc - ok

20:50:02.0296 3456 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

20:50:02.0296 3456 Null - ok

20:50:02.0328 3456 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:50:02.0328 3456 NwlnkFlt - ok

20:50:02.0359 3456 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:50:02.0359 3456 NwlnkFwd - ok

20:50:02.0375 3456 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

20:50:02.0375 3456 ohci1394 - ok

20:50:02.0421 3456 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:50:02.0421 3456 ose - ok

20:50:02.0468 3456 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

20:50:02.0468 3456 Parport - ok

20:50:02.0484 3456 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

20:50:02.0484 3456 PartMgr - ok

20:50:02.0500 3456 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

20:50:02.0500 3456 ParVdm - ok

20:50:02.0531 3456 [ 505CBA425DF3BB230F244E1C23221058 ] PcdrNdisuio C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys

20:50:02.0531 3456 PcdrNdisuio - ok

20:50:02.0531 3456 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

20:50:02.0546 3456 PCI - ok

20:50:02.0546 3456 PCIDump - ok

20:50:02.0562 3456 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

20:50:02.0562 3456 PCIIde - ok

20:50:02.0609 3456 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

20:50:02.0609 3456 Pcmcia - ok

20:50:02.0609 3456 PDCOMP - ok

20:50:02.0625 3456 PDFRAME - ok

20:50:02.0625 3456 PDRELI - ok

20:50:02.0640 3456 PDRFRAME - ok

20:50:02.0656 3456 perc2 - ok

20:50:02.0656 3456 perc2hib - ok

20:50:02.0718 3456 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

20:50:02.0718 3456 PlugPlay - ok

20:50:02.0765 3456 [ 9D84376931440F3679BEEF2A414FA493 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe

20:50:02.0765 3456 Pml Driver HPZ12 - ok

20:50:02.0781 3456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

20:50:02.0796 3456 PolicyAgent - ok

20:50:02.0843 3456 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:50:02.0843 3456 PptpMiniport - ok

20:50:02.0843 3456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

20:50:02.0843 3456 ProtectedStorage - ok

20:50:02.0875 3456 [ BFFDB363485501A38F0BCA83AEC810DB ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys

20:50:02.0875 3456 Ps2 - ok

20:50:02.0890 3456 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

20:50:02.0890 3456 PSched - ok

20:50:02.0906 3456 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:50:02.0906 3456 Ptilink - ok

20:50:02.0921 3456 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:50:02.0921 3456 PxHelp20 - ok

20:50:02.0921 3456 ql1080 - ok

20:50:02.0937 3456 Ql10wnt - ok

20:50:02.0953 3456 ql12160 - ok

20:50:02.0953 3456 ql1240 - ok

20:50:02.0968 3456 ql1280 - ok

20:50:03.0000 3456 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:50:03.0000 3456 RasAcd - ok

20:50:03.0031 3456 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

20:50:03.0031 3456 RasAuto - ok

20:50:03.0062 3456 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:50:03.0062 3456 Rasl2tp - ok

20:50:03.0125 3456 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

20:50:03.0125 3456 RasMan - ok

20:50:03.0140 3456 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:50:03.0140 3456 RasPppoe - ok

20:50:03.0140 3456 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

20:50:03.0156 3456 Raspti - ok

20:50:03.0171 3456 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:50:03.0171 3456 Rdbss - ok

20:50:03.0187 3456 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:50:03.0187 3456 RDPCDD - ok

20:50:03.0203 3456 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:50:03.0203 3456 rdpdr - ok

20:50:03.0250 3456 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

20:50:03.0265 3456 RDPWD - ok

20:50:03.0296 3456 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

20:50:03.0296 3456 RDSessMgr - ok

20:50:03.0312 3456 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

20:50:03.0328 3456 redbook - ok

20:50:03.0359 3456 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

20:50:03.0359 3456 RemoteAccess - ok

20:50:03.0390 3456 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

20:50:03.0390 3456 RemoteRegistry - ok

20:50:03.0406 3456 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

20:50:03.0406 3456 RpcLocator - ok

20:50:03.0437 3456 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

20:50:03.0437 3456 RpcSs - ok

20:50:03.0484 3456 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

20:50:03.0484 3456 RSVP - ok

20:50:03.0531 3456 [ 1A2A445E8968B2019E75E08F3A1344FC ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

20:50:03.0531 3456 RTL8023xp - ok

20:50:03.0562 3456 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

20:50:03.0562 3456 rtl8139 - ok

20:50:03.0593 3456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

20:50:03.0593 3456 SamSs - ok

20:50:03.0625 3456 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

20:50:03.0640 3456 SASDIFSV - ok

20:50:03.0656 3456 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

20:50:03.0656 3456 SASKUTIL - ok

20:50:03.0687 3456 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

20:50:03.0703 3456 SCardSvr - ok

20:50:03.0718 3456 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

20:50:03.0734 3456 Schedule - ok

20:50:03.0765 3456 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:50:03.0765 3456 Secdrv - ok

20:50:03.0781 3456 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

20:50:03.0781 3456 seclogon - ok

20:50:03.0812 3456 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

20:50:03.0812 3456 SENS - ok

20:50:03.0859 3456 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

20:50:03.0859 3456 Serial - ok

20:50:03.0875 3456 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

20:50:03.0875 3456 Sfloppy - ok

20:50:03.0890 3456 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

20:50:03.0890 3456 ShellHWDetection - ok

20:50:03.0906 3456 Simbad - ok

20:50:03.0968 3456 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

20:50:03.0968 3456 SkypeUpdate - ok

20:50:03.0984 3456 Sparrow - ok

20:50:04.0031 3456 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

20:50:04.0031 3456 splitter - ok

20:50:04.0062 3456 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

20:50:04.0062 3456 Spooler - ok

20:50:04.0093 3456 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

20:50:04.0093 3456 sr - ok

20:50:04.0125 3456 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

20:50:04.0125 3456 srservice - ok

20:50:04.0187 3456 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

20:50:04.0187 3456 Srv - ok

20:50:04.0218 3456 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

20:50:04.0218 3456 SSDPSRV - ok

20:50:04.0281 3456 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

20:50:04.0281 3456 stisvc - ok

20:50:04.0328 3456 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

20:50:04.0328 3456 swenum - ok

20:50:04.0343 3456 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

20:50:04.0343 3456 swmidi - ok

20:50:04.0343 3456 SwPrv - ok

20:50:04.0375 3456 symc810 - ok

20:50:04.0375 3456 symc8xx - ok

20:50:04.0390 3456 sym_hi - ok

20:50:04.0406 3456 sym_u3 - ok

20:50:04.0437 3456 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

20:50:04.0437 3456 sysaudio - ok

20:50:04.0453 3456 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

20:50:04.0468 3456 SysmonLog - ok

20:50:04.0531 3456 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

20:50:04.0531 3456 TapiSrv - ok

20:50:04.0562 3456 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:50:04.0578 3456 Tcpip - ok

20:50:04.0593 3456 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

20:50:04.0593 3456 TDPIPE - ok

20:50:04.0640 3456 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

20:50:04.0640 3456 TDTCP - ok

20:50:04.0671 3456 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

20:50:04.0671 3456 TermDD - ok

20:50:04.0734 3456 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

20:50:04.0734 3456 TermService - ok

20:50:04.0765 3456 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

20:50:04.0765 3456 Themes - ok

20:50:04.0812 3456 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

20:50:04.0812 3456 TlntSvr - ok

20:50:04.0828 3456 TosIde - ok

20:50:04.0843 3456 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

20:50:04.0843 3456 TrkWks - ok

20:50:04.0875 3456 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

20:50:04.0875 3456 Udfs - ok

20:50:04.0890 3456 ultra - ok

20:50:04.0921 3456 [ 1977313E362C8732C1AF4D1BCB9C06B7 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe

20:50:04.0921 3456 UMWdf - ok

20:50:04.0953 3456 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

20:50:05.0046 3456 Update - ok

20:50:05.0156 3456 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

20:50:05.0250 3456 upnphost - ok

20:50:05.0437 3456 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

20:50:05.0453 3456 UPS - ok

20:50:05.0500 3456 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:50:05.0515 3456 usbccgp - ok

20:50:05.0546 3456 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:50:05.0562 3456 usbehci - ok

20:50:05.0609 3456 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:50:05.0609 3456 usbhub - ok

20:50:05.0640 3456 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:50:05.0640 3456 usbprint - ok

20:50:05.0640 3456 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:50:05.0656 3456 usbscan - ok

20:50:05.0687 3456 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:50:05.0687 3456 USBSTOR - ok

20:50:05.0703 3456 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:50:05.0703 3456 usbuhci - ok

20:50:05.0718 3456 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

20:50:05.0718 3456 VgaSave - ok

20:50:05.0750 3456 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

20:50:05.0750 3456 ViaIde - ok

20:50:05.0781 3456 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

20:50:05.0781 3456 VolSnap - ok

20:50:05.0828 3456 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

20:50:05.0843 3456 VSS - ok

20:50:05.0859 3456 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

20:50:05.0875 3456 W32Time - ok

20:50:05.0890 3456 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:50:05.0890 3456 Wanarp - ok

20:50:05.0906 3456 WDICA - ok

20:50:05.0921 3456 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

20:50:05.0921 3456 wdmaud - ok

20:50:05.0937 3456 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

20:50:05.0937 3456 WebClient - ok

20:50:06.0031 3456 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

20:50:06.0031 3456 winmgmt - ok

20:50:06.0078 3456 [ 6EAA72FD9EF993EC1FA9A06DE65105DA ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll

20:50:06.0078 3456 WmdmPmSN - ok

20:50:06.0140 3456 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

20:50:06.0156 3456 Wmi - ok

20:50:06.0187 3456 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:50:06.0187 3456 WmiApSrv - ok

20:50:06.0218 3456 [ D87EA9F191DF6731818FFD93659BADF4 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys

20:50:06.0218 3456 WpdUsb - ok

20:50:06.0265 3456 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

20:50:06.0265 3456 wuauserv - ok

20:50:06.0343 3456 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

20:50:06.0343 3456 WZCSVC - ok

20:50:06.0390 3456 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

20:50:06.0390 3456 xmlprov - ok

20:50:06.0406 3456 ================ Scan global ===============================

20:50:06.0453 3456 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

20:50:06.0500 3456 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

20:50:06.0515 3456 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

20:50:06.0562 3456 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

20:50:06.0562 3456 [Global] - ok

20:50:06.0562 3456 ================ Scan MBR ==================================

20:50:06.0593 3456 [ 0AC6D996BCE152AED9600E6D6B797E2E ] \Device\Harddisk0\DR0

20:50:06.0812 3456 \Device\Harddisk0\DR0 - ok

20:50:06.0812 3456 ================ Scan VBR ==================================

20:50:06.0828 3456 [ F96D03418D93677BE0413E09FE74B100 ] \Device\Harddisk0\DR0\Partition1

20:50:06.0828 3456 \Device\Harddisk0\DR0\Partition1 - ok

20:50:06.0828 3456 [ 8A3A8EB0F69CF9FF44C33169DD111625 ] \Device\Harddisk0\DR0\Partition2

20:50:06.0828 3456 \Device\Harddisk0\DR0\Partition2 - ok

20:50:06.0828 3456 ============================================================

20:50:06.0828 3456 Scan finished

20:50:06.0843 3456 ============================================================

20:50:06.0843 2688 Detected object count: 0

20:50:06.0843 2688 Actual detected object count: 0






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users