Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SystemCare Antivirus


  • Please log in to reply
29 replies to this topic

#1 c0stabear

c0stabear

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 16 July 2013 - 11:58 AM

Hello and thanks in advance for the help!

 

About a week or so ago, I was infected with the fake Systemcare Antivirus malware. I followed instructions I found online and removed it (or so I thought). But now, unless I edit the hosts file and block the specific pages, I get popups on certain (but not all) websites. I can't access any HTTPS sites. And most of the time, when I do a google search and click on one of the links, I'm being redirected to other sites.

 

Thanks again!

 

Attached File  dds.txt   20.12KB   1 downloads

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 PM

Posted 16 July 2013 - 10:04 PM


Hello c0stabear

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 c0stabear

c0stabear
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 17 July 2013 - 02:11 PM

# AdwCleaner v2.305 - Logfile created 07/17/2013 at 11:36:59
# Updated 11/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : michael - SHUTTLEX
# Boot Mode : Normal
# Running from : C:\Documents and Settings\michael\My Documents\Downloads\AdwCleaner (1).exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Documents and Settings\michael\Local Settings\Application Data\PackageAware
 
***** [Registry] *****
 
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Documents and Settings\agent\Application Data\Mozilla\Firefox\Profiles\br0zao9m.default\prefs.js
 
[OK] File is clean.
 
File : C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\lygyhyg9.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Documents and Settings\agent\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [4491 octets] - [08/07/2013 15:20:05]
AdwCleaner[R2].txt - [5754 octets] - [10/07/2013 16:50:32]
AdwCleaner[S1].txt - [5920 octets] - [10/07/2013 16:51:59]
AdwCleaner[S2].txt - [1722 octets] - [17/07/2013 11:36:59]
 
########## EOF - C:\AdwCleaner[S2].txt - [1782 octets] ##########


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 PM

Posted 17 July 2013 - 02:27 PM


Hello c0stabear

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 c0stabear

c0stabear
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 17 July 2013 - 03:11 PM

This is the JRT Log, internet went out and wasnt able to post it earlier:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.3 (07.17.2013:1)
OS: Microsoft Windows XP x86
Ran by michael on Wed 07/17/2013 at 16:02:52.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Documents and Settings\michael\Application Data\mozilla\firefox\profiles\lygyhyg9.default\minidumps [81 files]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/17/2013 at 16:08:08.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Problems seem to persist so far. Will run Combo Fix now.



#6 c0stabear

c0stabear
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 17 July 2013 - 03:37 PM

ComboFix 13-07-16.01 - michael 07/17/2013  16:20:55.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1086 [GMT -4:00]
Running from: c:\documents and settings\michael\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-17 to 2013-07-17  )))))))))))))))))))))))))))))))
.
.
2013-07-10 20:34 . 2013-07-10 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-07-10 16:41 . 2013-07-10 16:41 -------- d-----w- c:\program files\Safer Networking
2013-07-09 14:40 . 2013-07-09 16:03 9842040 ----a-w- c:\program files\Common Files\wruninstall.exe
2013-07-09 14:37 . 2013-07-09 14:37 -------- d-----w- c:\program files\Webroot
2013-07-09 14:37 . 2013-07-10 13:39 -------- d-----w- c:\documents and settings\All Users\Application Data\WRData
2013-07-08 20:29 . 2013-07-08 20:29 -------- d-----w- c:\documents and settings\michael\Application Data\AVG2013
2013-07-08 20:28 . 2013-07-08 20:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013
2013-07-08 20:27 . 2013-07-08 20:27 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\AVG SafeGuard toolbar
2013-07-08 20:27 . 2013-07-08 20:27 -------- d-----w- c:\documents and settings\michael\Application Data\TuneUp Software
2013-07-08 20:26 . 2013-07-08 20:26 -------- d-----w- c:\documents and settings\michael\Application Data\AVG SafeGuard toolbar
2013-07-08 20:26 . 2013-07-08 20:25 37664 ------w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-08 20:26 . 2013-07-09 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-07-08 20:25 . 2013-07-08 20:25 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-07-08 20:23 . 2013-07-08 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-07-08 20:17 . 2013-07-09 15:38 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Avg2013
2013-07-08 20:17 . 2013-07-08 20:17 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\MFAData
2013-07-08 19:22 . 2013-07-08 19:22 -------- d-----w- c:\windows\ERUNT
2013-07-08 19:21 . 2013-07-11 08:13 -------- d-----w- C:\JRT
2013-07-03 17:59 . 2009-01-25 17:14 15224 ------w- c:\windows\system32\sdnclean.exe
2013-07-03 17:58 . 2013-07-03 18:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-07-02 18:03 . 2013-07-02 18:03 -------- d-----w- c:\documents and settings\michael\c
2013-07-01 20:04 . 2013-07-01 20:04 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\PCHealth
2013-07-01 19:27 . 2013-07-01 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\641D490098B794DD0000641CE4EE9FC9
2013-07-01 19:26 . 2013-07-01 19:26 -------- d-----w- c:\documents and settings\michael\Local Settings\Application Data\Caphyon
2013-06-21 02:27 . 2013-06-21 02:27 -------- d-----w- c:\program files\Common Files\Java
2013-06-21 02:27 . 2013-06-13 01:48 94632 ------w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-21 02:20 . 2013-06-21 02:20 -------- d-----w- c:\program files\iPod
2013-06-21 02:19 . 2013-06-21 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-21 02:19 . 2013-06-21 02:20 -------- d-----w- c:\program files\iTunes
2013-06-21 02:07 . 2013-06-21 02:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-21 02:07 . 2013-06-21 02:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-21 02:07 . 2013-06-21 02:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-21 02:07 . 2013-06-21 02:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-21 02:07 . 2013-06-21 02:07 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-21 02:06 . 2013-06-21 02:07 -------- d-----w- c:\program files\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 01:48 . 2012-05-25 14:15 867240 ------w- c:\windows\system32\npDeployJava1.dll
2013-06-13 01:48 . 2010-12-20 15:33 789416 ------w- c:\windows\system32\deployJava1.dll
2013-06-13 01:35 . 2009-07-08 15:19 144896 ------w- c:\windows\system32\javacpl.cpl
2013-06-12 08:32 . 2012-04-12 14:37 692104 ------w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 08:32 . 2011-06-09 18:26 71048 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 14:39 . 2010-10-07 15:00 86888 ------w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 14:39 . 2010-10-07 15:00 53064 ------w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 14:39 . 2010-10-07 15:00 31560 ------w- c:\windows\system32\LMIport.dll
2013-06-08 14:39 . 2010-10-07 15:00 92488 ------w- c:\windows\system32\LMIinit.dll
2013-05-23 15:04 . 2010-10-07 15:00 86888 ------w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-05-23 15:04 . 2010-10-07 15:00 92488 ------w- c:\windows\system32\LMIinit.dll.000.bak
2013-05-09 08:58 . 2013-01-03 20:32 229648 ------w- c:\windows\system32\aswBoot.exe
2013-05-01 07:59 . 2013-05-01 07:59 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ------w- c:\windows\system32\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaserAppUpdate"="c:\program files\Laser App Enterprise\uformagent.exe" [2013-07-10 1314328]
"5962B0CAABA8A8853D4EDBF6F372A8C0DBB11ABE._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]
"GoogleChromeAutoLaunch_6F1C289E80CD46A0554EB01A2431B813"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-07-12 846288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-05-31 63048]
"CANON DR2080C SVC"="DR2KSVC.dll" [2007-03-02 229376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\documents and settings\agent\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2013-7-9 9842040]
.
c:\documents and settings\barbara\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2013-7-9 9842040]
.
c:\documents and settings\kristin.cardenal\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2013-7-9 9842040]
.
c:\documents and settings\administrator.AIG\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2013-7-9 9842040]
.
c:\documents and settings\Frank\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2013-7-9 9842040]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Uninstall Webroot RunOnce.lnk - c:\program files\Common Files\wruninstall.exe -x -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2013-7-9 9842040]
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-06-08 14:39 92488 ------w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^michael^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\michael\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 01:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CANON DR2080C SVC]
2007-03-02 16:40 229376 ------w- c:\windows\system32\DR2KSVC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2010-07-14 01:23 84464 ----a-w- c:\program files\Roxio 2011\5.0\CPMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2010-06-30 13:10 477680 ----a-w- c:\program files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2010-07-16 10:48 307184 ----a-w- c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 11:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 39224]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/1/2012 3:06 PM 697328]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [3/29/2013 2:53 AM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 3:08 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [7/8/2013 4:26 PM 37664]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/11/2012 1:41 PM 239168]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [4/10/2013 11:07 AM 1428472]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/27/2010 2:47 PM 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/31/2010 11:31 AM 13624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [5/16/2013 12:07 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/16/2013 12:07 PM 701512]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [7/3/2013 1:59 PM 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [7/3/2013 1:59 PM 1033688]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/16/2013 12:07 PM 22856]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [5/31/2010 11:30 AM 13408]
RUnknown SahdIa32;SahdIa32; [x]
RUnknown SaibIa32;SaibIa32; [x]
RUnknown SaibVd32;SaibVd32; [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [7/16/2010 6:48 AM 354288]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [7/3/2013 1:59 PM 171928]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [6/14/2013 2:15 PM 42592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 02:42 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 08:32]
.
2013-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2013-07-17 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-07-03 14:58]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 13:16]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 13:16]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4135196456-2245981685-3958195158-1115Core.job
- c:\documents and settings\agent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-24 16:21]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4135196456-2245981685-3958195158-1115UA.job
- c:\documents and settings\agent\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-24 16:21]
.
2013-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4135196456-2245981685-3958195158-1669Core.job
- c:\documents and settings\michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-07-09 07:32]
.
2013-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4135196456-2245981685-3958195158-1669UA.job
- c:\documents and settings\michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2013-07-09 07:32]
.
2013-07-17 c:\windows\Tasks\Laser App Enterprise Updates.job
- c:\windows\Installer\Laser App Enterprise Updates for All Users.lnk [2012-08-13 14:07]
.
2013-07-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-07-03 14:57]
.
2013-07-03 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-07-03 14:58]
.
2013-07-17 c:\windows\Tasks\User_Feed_Synchronization-{2042E1E7-149E-4183-BAC1-E1C9954A48B2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.9 192.168.1.7
FF - ProfilePath - c:\documents and settings\michael\Application Data\Mozilla\Firefox\Profiles\lygyhyg9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/?rlz=1V1IPYX
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-17 16:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\LMIinit.dll
.
Completion time: 2013-07-17  16:35:19
ComboFix-quarantined-files.txt  2013-07-17 20:35
ComboFix2.txt  2013-07-09 20:40
ComboFix3.txt  2013-07-03 14:24
ComboFix4.txt  2012-02-27 21:26
ComboFix5.txt  2013-07-17 20:17
.
Pre-Run: 329,191,743,488 bytes free
Post-Run: 329,585,778,688 bytes free
.
- - End Of File - - 4A0D76D5EC9F602B9D604041374E51C8
EF2EEC94B0E09A39D077D3E01A352D8F


#7 c0stabear

c0stabear
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 17 July 2013 - 03:42 PM

Issues still persist



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 PM

Posted 17 July 2013 - 09:44 PM


Hello c0stabear

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 c0stabear

c0stabear
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 18 July 2013 - 09:01 AM

09:57:17.0406 3468  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:57:18.0515 3468  ============================================================
09:57:18.0515 3468  Current date / time: 2013/07/18 09:57:18.0515
09:57:18.0515 3468  SystemInfo:
09:57:18.0515 3468  
09:57:18.0515 3468  OS Version: 5.1.2600 ServicePack: 3.0
09:57:18.0515 3468  Product type: Workstation
09:57:18.0531 3468  ComputerName: SHUTTLEX
09:57:18.0546 3468  UserName: michael
09:57:18.0546 3468  Windows directory: C:\WINDOWS
09:57:18.0546 3468  System windows directory: C:\WINDOWS
09:57:18.0546 3468  Processor architecture: Intel x86
09:57:18.0546 3468  Number of processors: 2
09:57:18.0546 3468  Page size: 0x1000
09:57:18.0546 3468  Boot type: Normal boot
09:57:18.0546 3468  ============================================================
09:57:20.0312 3468  BG loaded
09:57:22.0031 3468  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:57:22.0078 3468  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:57:22.0125 3468  Drive \Device\Harddisk2\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:57:22.0140 3468  ============================================================
09:57:22.0140 3468  \Device\Harddisk0\DR0:
09:57:22.0140 3468  MBR partitions:
09:57:22.0140 3468  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
09:57:22.0140 3468  \Device\Harddisk1\DR1:
09:57:22.0156 3468  MBR partitions:
09:57:22.0156 3468  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
09:57:22.0156 3468  \Device\Harddisk2\DR4:
09:57:22.0156 3468  MBR partitions:
09:57:22.0156 3468  \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
09:57:22.0156 3468  ============================================================
09:57:22.0171 3468  E: <-> \Device\Harddisk2\DR4\Partition1
09:57:22.0234 3468  H: <-> \Device\Harddisk1\DR1\Partition1
09:57:22.0250 3468  ============================================================
09:57:22.0250 3468  Initialize success
09:57:22.0250 3468  ============================================================
09:57:34.0765 0864  ============================================================
09:57:34.0765 0864  Scan started
09:57:34.0765 0864  Mode: Manual; SigCheck; TDLFS; 
09:57:34.0765 0864  ============================================================
09:57:36.0656 0864  ================ Scan system memory ========================
09:57:36.0656 0864  System memory - ok
09:57:36.0656 0864  ================ Scan services =============================
09:57:36.0718 0864  61883 - ok
09:57:36.0734 0864  Abiosdsk - ok
09:57:36.0750 0864  abp480n5 - ok
09:57:36.0750 0864  ACPI - ok
09:57:36.0765 0864  ACPIEC - ok
09:57:36.0781 0864  AdobeFlashPlayerUpdateSvc - ok
09:57:36.0781 0864  adpu160m - ok
09:57:36.0796 0864  aec - ok
09:57:36.0796 0864  AFD - ok
09:57:36.0812 0864  agp440 - ok
09:57:36.0812 0864  Aha154x - ok
09:57:36.0828 0864  aic78u2 - ok
09:57:36.0843 0864  aic78xx - ok
09:57:36.0843 0864  ALCXSENS - ok
09:57:36.0859 0864  ALCXWDM - ok
09:57:36.0859 0864  Alerter - ok
09:57:36.0875 0864  ALG - ok
09:57:36.0875 0864  AliIde - ok
09:57:36.0890 0864  amsint - ok
09:57:36.0890 0864  Apple Mobile Device - ok
09:57:36.0906 0864  AppMgmt - ok
09:57:36.0906 0864  Arp1394 - ok
09:57:36.0921 0864  asc - ok
09:57:36.0921 0864  asc3350p - ok
09:57:36.0937 0864  asc3550 - ok
09:57:36.0968 0864  aspnet_state - ok
09:57:36.0968 0864  AsyncMac - ok
09:57:36.0984 0864  atapi - ok
09:57:36.0984 0864  Atdisk - ok
09:57:37.0000 0864  Atmarpc - ok
09:57:37.0000 0864  AudioSrv - ok
09:57:37.0015 0864  audstub - ok
09:57:37.0015 0864  Avc - ok
09:57:37.0031 0864  Avgfwdx - ok
09:57:37.0031 0864  Avgfwfd - ok
09:57:37.0046 0864  avgfws - ok
09:57:37.0046 0864  AVGIDSAgent - ok
09:57:37.0062 0864  AVGIDSDriver - ok
09:57:37.0078 0864  AVGIDSHX - ok
09:57:37.0078 0864  AVGIDSShim - ok
09:57:37.0078 0864  Avgldx86 - ok
09:57:37.0093 0864  Avglogx - ok
09:57:37.0093 0864  Avgmfx86 - ok
09:57:37.0109 0864  Avgrkx86 - ok
09:57:37.0109 0864  Avgtdix - ok
09:57:37.0109 0864  avgtp - ok
09:57:37.0125 0864  avgwd - ok
09:57:37.0125 0864  Beep - ok
09:57:37.0140 0864  BITS - ok
09:57:37.0140 0864  Bonjour Service - ok
09:57:37.0156 0864  Browser - ok
09:57:37.0156 0864  catchme - ok
09:57:37.0156 0864  cbidf2k - ok
09:57:37.0171 0864  CCDECODE - ok
09:57:37.0171 0864  cd20xrnt - ok
09:57:37.0171 0864  Cdaudio - ok
09:57:37.0187 0864  Cdfs - ok
09:57:37.0187 0864  Cdr4_xp - ok
09:57:37.0203 0864  Cdralw2k - ok
09:57:37.0203 0864  Cdrom - ok
09:57:37.0203 0864  Changer - ok
09:57:37.0218 0864  CiSvc - ok
09:57:37.0218 0864  ClipSrv - ok
09:57:37.0218 0864  clr_optimization_v2.0.50727_32 - ok
09:57:37.0234 0864  clr_optimization_v4.0.30319_32 - ok
09:57:37.0265 0864  CmdIde - ok
09:57:37.0265 0864  COMSysApp - ok
09:57:37.0281 0864  Cpqarray - ok
09:57:37.0281 0864  CryptSvc - ok
09:57:37.0296 0864  dac2w2k - ok
09:57:37.0296 0864  dac960nt - ok
09:57:37.0312 0864  DcomLaunch - ok
09:57:37.0312 0864  Dhcp - ok
09:57:37.0312 0864  Disk - ok
09:57:37.0328 0864  dmadmin - ok
09:57:37.0328 0864  dmboot - ok
09:57:37.0328 0864  dmio - ok
09:57:37.0343 0864  dmload - ok
09:57:37.0343 0864  dmserver - ok
09:57:37.0359 0864  DMusic - ok
09:57:37.0359 0864  Dnscache - ok
09:57:37.0359 0864  Dot3svc - ok
09:57:37.0375 0864  dpti2o - ok
09:57:37.0375 0864  drmkaud - ok
09:57:37.0375 0864  dtsoftbus01 - ok
09:57:37.0390 0864  EapHost - ok
09:57:37.0390 0864  ERSvc - ok
09:57:37.0406 0864  Eventlog - ok
09:57:37.0406 0864  EventSystem - ok
09:57:37.0406 0864  Fastfat - ok
09:57:37.0421 0864  FastUserSwitchingCompatibility - ok
09:57:37.0421 0864  Fdc - ok
09:57:37.0437 0864  Fips - ok
09:57:37.0437 0864  FLEXnet Licensing Service - ok
09:57:37.0437 0864  Flpydisk - ok
09:57:37.0453 0864  FltMgr - ok
09:57:37.0453 0864  FontCache3.0.0.0 - ok
09:57:37.0468 0864  FreeAgentGoNext Service - ok
09:57:37.0468 0864  fssfltr - ok
09:57:37.0468 0864  fsssvc - ok
09:57:37.0484 0864  Fs_Rec - ok
09:57:37.0484 0864  Ftdisk - ok
09:57:37.0500 0864  GEARAspiWDM - ok
09:57:37.0500 0864  Gpc - ok
09:57:37.0500 0864  gupdate - ok
09:57:37.0515 0864  gupdatem - ok
09:57:37.0515 0864  gusvc - ok
09:57:37.0531 0864  helpsvc - ok
09:57:37.0531 0864  HidServ - ok
09:57:37.0531 0864  hidusb - ok
09:57:37.0546 0864  hkmsvc - ok
09:57:37.0546 0864  hpn - ok
09:57:37.0562 0864  HTTP - ok
09:57:37.0562 0864  HTTPFilter - ok
09:57:37.0562 0864  i2omgmt - ok
09:57:37.0578 0864  i2omp - ok
09:57:37.0578 0864  i8042prt - ok
09:57:37.0593 0864  idsvc - ok
09:57:37.0593 0864  Imapi - ok
09:57:37.0609 0864  ImapiService - ok
09:57:37.0609 0864  ini910u - ok
09:57:37.0625 0864  IntelIde - ok
09:57:37.0625 0864  intelppm - ok
09:57:37.0640 0864  Ip6Fw - ok
09:57:37.0656 0864  IpFilterDriver - ok
09:57:37.0671 0864  IpInIp - ok
09:57:37.0687 0864  IpNat - ok
09:57:37.0703 0864  iPod Service - ok
09:57:37.0703 0864  IPSec - ok
09:57:37.0718 0864  IRENUM - ok
09:57:37.0734 0864  isapnp - ok
09:57:37.0750 0864  JavaQuickStarterService - ok
09:57:37.0765 0864  Kbdclass - ok
09:57:37.0765 0864  kbdhid - ok
09:57:37.0781 0864  kmixer - ok
09:57:37.0812 0864  KSecDD - ok
09:57:37.0812 0864  LanmanServer - ok
09:57:37.0828 0864  lanmanworkstation - ok
09:57:37.0843 0864  Lavasoft Kernexplorer - ok
09:57:37.0859 0864  lbrtfdc - ok
09:57:37.0906 0864  libusb0 - ok
09:57:37.0921 0864  LmHosts - ok
09:57:37.0921 0864  LMIGuardianSvc - ok
09:57:37.0937 0864  LMIInfo - ok
09:57:37.0953 0864  LMIMaint - ok
09:57:37.0984 0864  lmimirr - ok
09:57:37.0984 0864  LMIRfsClientNP - ok
09:57:38.0000 0864  LMIRfsDriver - ok
09:57:38.0015 0864  LogMeIn - ok
09:57:38.0031 0864  MBAMProtector - ok
09:57:38.0062 0864  MBAMScheduler - ok
09:57:38.0265 0864  MBAMService - ok
09:57:38.0406 0864  MDM - ok
09:57:38.0484 0864  Messenger - ok
09:57:38.0484 0864  Microsoft Office Groove Audit Service - ok
09:57:38.0500 0864  mnmdd - ok
09:57:38.0500 0864  mnmsrvc - ok
09:57:38.0593 0864  Modem - ok
09:57:38.0609 0864  Mouclass - ok
09:57:38.0609 0864  mouhid - ok
09:57:38.0781 0864  MountMgr - ok
09:57:38.0781 0864  MozillaMaintenance - ok
09:57:38.0796 0864  mraid35x - ok
09:57:38.0796 0864  MRxDAV - ok
09:57:38.0812 0864  MRxSmb - ok
09:57:38.0812 0864  MSDTC - ok
09:57:38.0859 0864  MSDV - ok
09:57:38.0875 0864  Msfs - ok
09:57:38.0890 0864  MSIServer - ok
09:57:38.0890 0864  MSKSSRV - ok
09:57:38.0906 0864  MSPCLOCK - ok
09:57:38.0921 0864  MSPQM - ok
09:57:38.0953 0864  mssmbios - ok
09:57:38.0953 0864  MSTEE - ok
09:57:38.0968 0864  Mup - ok
09:57:38.0984 0864  NABTSFEC - ok
09:57:38.0984 0864  napagent - ok
09:57:39.0062 0864  NDIS - ok
09:57:39.0140 0864  NdisIP - ok
09:57:39.0140 0864  NdisTapi - ok
09:57:39.0171 0864  Ndisuio - ok
09:57:39.0203 0864  NdisWan - ok
09:57:39.0218 0864  NDProxy - ok
09:57:39.0234 0864  Net Driver HPZ12 - ok
09:57:39.0250 0864  NetBIOS - ok
09:57:39.0312 0864  NetBT - ok
09:57:39.0343 0864  NetDDE - ok
09:57:39.0359 0864  NetDDEdsdm - ok
09:57:39.0359 0864  Netlogon - ok
09:57:39.0375 0864  Netman - ok
09:57:39.0375 0864  NetTcpPortSharing - ok
09:57:39.0390 0864  NIC1394 - ok
09:57:39.0390 0864  Nla - ok
09:57:39.0390 0864  Npfs - ok
09:57:39.0406 0864  Ntfs - ok
09:57:39.0406 0864  NtLmSsp - ok
09:57:39.0421 0864  NtmsSvc - ok
09:57:39.0421 0864  Null - ok
09:57:39.0421 0864  nv - ok
09:57:39.0468 0864  NVSvc - ok
09:57:39.0468 0864  NwlnkFlt - ok
09:57:39.0484 0864  NwlnkFwd - ok
09:57:39.0500 0864  odserv - ok
09:57:39.0500 0864  ohci1394 - ok
09:57:39.0515 0864  ose - ok
09:57:39.0515 0864  Parport - ok
09:57:39.0531 0864  PartMgr - ok
09:57:39.0531 0864  ParVdm - ok
09:57:39.0531 0864  PCI - ok
09:57:39.0546 0864  PCIDump - ok
09:57:39.0562 0864  PCIIde - ok
09:57:39.0578 0864  Pcmcia - ok
09:57:39.0593 0864  PDCOMP - ok
09:57:39.0593 0864  PDFRAME - ok
09:57:39.0625 0864  PDRELI - ok
09:57:39.0656 0864  PDRFRAME - ok
09:57:39.0656 0864  perc2 - ok
09:57:39.0671 0864  perc2hib - ok
09:57:39.0687 0864  PlugPlay - ok
09:57:39.0703 0864  Pml Driver HPZ12 - ok
09:57:39.0703 0864  PolicyAgent - ok
09:57:39.0718 0864  PptpMiniport - ok
09:57:39.0734 0864  ProtectedStorage - ok
09:57:39.0750 0864  PSched - ok
09:57:39.0750 0864  Ptilink - ok
09:57:39.0765 0864  PxHelp20 - ok
09:57:39.0781 0864  ql1080 - ok
09:57:39.0796 0864  Ql10wnt - ok
09:57:39.0812 0864  ql12160 - ok
09:57:39.0828 0864  ql1240 - ok
09:57:39.0843 0864  ql1280 - ok
09:57:39.0859 0864  radpms - ok
09:57:39.0875 0864  RasAcd - ok
09:57:39.0890 0864  RasAuto - ok
09:57:39.0906 0864  Rasl2tp - ok
09:57:39.0921 0864  RasMan - ok
09:57:39.0921 0864  RasPppoe - ok
09:57:39.0937 0864  Raspti - ok
09:57:39.0937 0864  Rdbss - ok
09:57:39.0953 0864  RDPCDD - ok
09:57:39.0953 0864  rdpdr - ok
09:57:39.0984 0864  RDPWD - ok
09:57:40.0000 0864  RDSessMgr - ok
09:57:40.0015 0864  redbook - ok
09:57:40.0046 0864  RemoteAccess - ok
09:57:40.0062 0864  RemoteRegistry - ok
09:57:40.0093 0864  RoxWatch12 - ok
09:57:40.0093 0864  RpcLocator - ok
09:57:40.0109 0864  RpcSs - ok
09:57:40.0265 0864  RSVP - ok
09:57:40.0296 0864  RTL8023xp - ok
09:57:40.0296 0864  rtl8139 - ok
09:57:40.0390 0864  SamSs - ok
09:57:40.0406 0864  SCardSvr - ok
09:57:40.0406 0864  Schedule - ok
09:57:40.0421 0864  SDScannerService - ok
09:57:40.0437 0864  SDUpdateService - ok
09:57:40.0453 0864  SDWSCService - ok
09:57:40.0468 0864  Secdrv - ok
09:57:40.0484 0864  seclogon - ok
09:57:40.0484 0864  SENS - ok
09:57:40.0500 0864  serenum - ok
09:57:40.0515 0864  Serial - ok
09:57:40.0593 0864  Sfloppy - ok
09:57:40.0687 0864  SharedAccess - ok
09:57:40.0718 0864  ShellHWDetection - ok
09:57:40.0765 0864  Simbad - ok
09:57:40.0781 0864  SLIP - ok
09:57:40.0859 0864  Sparrow - ok
09:57:40.0859 0864  splitter - ok
09:57:40.0921 0864  Spooler - ok
09:57:40.0937 0864  sptd - ok
09:57:40.0953 0864  sr - ok
09:57:41.0046 0864  srservice - ok
09:57:41.0062 0864  Srv - ok
09:57:41.0093 0864  SSDPSRV - ok
09:57:41.0109 0864  Steam Client Service - ok
09:57:41.0156 0864  stisvc - ok
09:57:41.0203 0864  streamip - ok
09:57:41.0203 0864  swenum - ok
09:57:41.0234 0864  swmidi - ok
09:57:41.0312 0864  SwPrv - ok
09:57:41.0343 0864  symc810 - ok
09:57:41.0359 0864  symc8xx - ok
09:57:41.0375 0864  sym_hi - ok
09:57:41.0375 0864  sym_u3 - ok
09:57:41.0453 0864  sysaudio - ok
09:57:41.0453 0864  SysmonLog - ok
09:57:41.0468 0864  TapiSrv - ok
09:57:41.0562 0864  Tcpip - ok
09:57:41.0562 0864  TDPIPE - ok
09:57:41.0578 0864  TDTCP - ok
09:57:41.0593 0864  TermDD - ok
09:57:41.0609 0864  TermService - ok
09:57:41.0640 0864  Themes - ok
09:57:41.0640 0864  TlntSvr - ok
09:57:41.0656 0864  TosIde - ok
09:57:41.0671 0864  TrkWks - ok
09:57:41.0687 0864  truecrypt - ok
09:57:41.0703 0864  TrueSight - ok
09:57:41.0718 0864  Udfs - ok
09:57:41.0781 0864  ultra - ok
09:57:41.0796 0864  Update - ok
09:57:41.0812 0864  upnphost - ok
09:57:41.0828 0864  UPS - ok
09:57:41.0828 0864  USBAAPL - ok
09:57:41.0843 0864  usbccgp - ok
09:57:41.0859 0864  usbehci - ok
09:57:41.0890 0864  usbhub - ok
09:57:41.0921 0864  usbscan - ok
09:57:41.0937 0864  USBSTOR - ok
09:57:41.0953 0864  usbuhci - ok
09:57:41.0953 0864  VgaSave - ok
09:57:41.0984 0864  ViaIde - ok
09:57:42.0000 0864  VolSnap - ok
09:57:42.0015 0864  VSS - ok
09:57:42.0031 0864  vToolbarUpdater15.3.0 - ok
09:57:42.0046 0864  W32Time - ok
09:57:42.0062 0864  Wanarp - ok
09:57:42.0078 0864  WDICA - ok
09:57:42.0109 0864  wdmaud - ok
09:57:42.0125 0864  WebClient - ok
09:57:42.0140 0864  winmgmt - ok
09:57:42.0156 0864  WinRM - ok
09:57:42.0203 0864  WMDM PMSP Service - ok
09:57:42.0234 0864  WmdmPmSN - ok
09:57:42.0234 0864  Wmi - ok
09:57:42.0265 0864  WmiApSrv - ok
09:57:42.0312 0864  WMPNetworkSvc - ok
09:57:42.0328 0864  WpdUsb - ok
09:57:42.0328 0864  WPFFontCache_v0400 - ok
09:57:42.0343 0864  WS2IFSL - ok
09:57:42.0359 0864  wscsvc - ok
09:57:42.0359 0864  WSearch - ok
09:57:42.0375 0864  WSTCODEC - ok
09:57:42.0390 0864  wuauserv - ok
09:57:42.0421 0864  WudfPf - ok
09:57:42.0484 0864  WudfRd - ok
09:57:42.0500 0864  WudfSvc - ok
09:57:42.0515 0864  WZCSVC - ok
09:57:42.0531 0864  xmlprov - ok
09:57:42.0562 0864  ================ Scan global ===============================
09:57:42.0562 0864  [Global] - ok
09:57:42.0562 0864  ================ Scan MBR ==================================
09:57:42.0593 0864  [ EF2EEC94B0E09A39D077D3E01A352D8F ] \Device\Harddisk0\DR0
09:57:44.0890 0864  \Device\Harddisk0\DR0 - ok
09:57:44.0921 0864  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
09:57:45.0562 0864  \Device\Harddisk1\DR1 - ok
09:57:45.0562 0864  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR4
09:57:46.0265 0864  \Device\Harddisk2\DR4 - ok
09:57:46.0265 0864  ================ Scan VBR ==================================
09:57:46.0296 0864  [ B27547D59058690C947B5C275839109C ] \Device\Harddisk0\DR0\Partition1
09:57:46.0328 0864  \Device\Harddisk0\DR0\Partition1 - ok
09:57:46.0328 0864  [ 16D45626ED71CA6E09EEE69C275EF49A ] \Device\Harddisk1\DR1\Partition1
09:57:46.0343 0864  \Device\Harddisk1\DR1\Partition1 - ok
09:57:46.0343 0864  [ 0D1BA0B8C6619820B3F8B3939E6436E2 ] \Device\Harddisk2\DR4\Partition1
09:57:46.0359 0864  \Device\Harddisk2\DR4\Partition1 - ok
09:57:46.0359 0864  ================ Scan active images ========================
09:57:46.0359 0864  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
09:57:46.0359 0864  C:\WINDOWS\system32\drivers\nic1394.sys - ok
09:57:46.0359 0864  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
09:57:46.0359 0864  C:\WINDOWS\system32\drivers\intelppm.sys - ok
09:57:46.0375 0864  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
09:57:46.0375 0864  C:\WINDOWS\system32\drivers\videoprt.sys - ok
09:57:46.0375 0864  [ 9F4384AA43548DDD438F7B7825D11699 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
09:57:46.0375 0864  C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
09:57:46.0375 0864  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
09:57:46.0375 0864  C:\WINDOWS\system32\drivers\usbport.sys - ok
09:57:46.0390 0864  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
09:57:46.0390 0864  C:\WINDOWS\system32\drivers\usbehci.sys - ok
09:57:46.0390 0864  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
09:57:46.0390 0864  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
09:57:46.0406 0864  [ 3529828EC571FB2F64F6B142F9109993 ] C:\WINDOWS\system32\drivers\Rtnicxp.sys
09:57:46.0406 0864  C:\WINDOWS\system32\drivers\Rtnicxp.sys - ok
09:57:46.0406 0864  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
09:57:46.0406 0864  C:\WINDOWS\system32\drivers\fdc.sys - ok
09:57:46.0421 0864  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
09:57:46.0421 0864  C:\WINDOWS\system32\drivers\serial.sys - ok
09:57:46.0421 0864  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
09:57:46.0421 0864  C:\WINDOWS\system32\drivers\serenum.sys - ok
09:57:46.0437 0864  [ C3E76B0C05EBF7261ABFB08D9E75822E ] C:\WINDOWS\system32\drivers\cdr4_xp.sys
09:57:46.0437 0864  C:\WINDOWS\system32\drivers\cdr4_xp.sys - ok
09:57:46.0437 0864  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
09:57:46.0437 0864  C:\WINDOWS\system32\drivers\cdrom.sys - ok
09:57:46.0437 0864  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
09:57:46.0437 0864  C:\WINDOWS\system32\drivers\imapi.sys - ok
09:57:46.0453 0864  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
09:57:46.0453 0864  C:\WINDOWS\system32\drivers\parport.sys - ok
09:57:46.0468 0864  [ 17590DFE29E02842A6E3A463E443D1B9 ] C:\WINDOWS\system32\drivers\cdralw2k.sys
09:57:46.0468 0864  C:\WINDOWS\system32\drivers\cdralw2k.sys - ok
09:57:46.0468 0864  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
09:57:46.0468 0864  C:\WINDOWS\system32\drivers\ks.sys - ok
09:57:46.0468 0864  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
09:57:46.0468 0864  C:\WINDOWS\system32\drivers\redbook.sys - ok
09:57:46.0484 0864  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
09:57:46.0484 0864  C:\WINDOWS\system32\drivers\drmk.sys - ok
09:57:46.0484 0864  [ 185ADA973B5020655CEE342059A86CBB ] C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
09:57:46.0484 0864  C:\WINDOWS\system32\drivers\GEARAspiWDM.sys - ok
09:57:46.0500 0864  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
09:57:46.0500 0864  C:\WINDOWS\system32\drivers\portcls.sys - ok
09:57:46.0500 0864  [ BA88534A3CEB6161E7432438B9EA4F54 ] C:\WINDOWS\system32\drivers\ALCXSENS.SYS
09:57:46.0500 0864  C:\WINDOWS\system32\drivers\ALCXSENS.SYS - ok
09:57:46.0500 0864  [ 9A6A99F0D75B457E3A2267776EBE9F47 ] C:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:57:46.0500 0864  C:\WINDOWS\system32\drivers\ALCXWDM.SYS - ok
09:57:46.0515 0864  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
09:57:46.0515 0864  C:\WINDOWS\system32\drivers\audstub.sys - ok
09:57:46.0515 0864  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] C:\WINDOWS\system32\drivers\avgfwdx.sys
09:57:46.0515 0864  C:\WINDOWS\system32\drivers\avgfwdx.sys - ok
09:57:46.0531 0864  [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] C:\WINDOWS\system32\drivers\lmimirr.sys
09:57:46.0531 0864  C:\WINDOWS\system32\drivers\lmimirr.sys - ok
09:57:46.0531 0864  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
09:57:46.0531 0864  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
09:57:46.0531 0864  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
09:57:46.0531 0864  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
09:57:46.0546 0864  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
09:57:46.0546 0864  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
09:57:46.0546 0864  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
09:57:46.0546 0864  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
09:57:46.0546 0864  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
09:57:46.0546 0864  C:\WINDOWS\system32\drivers\tdi.sys - ok
09:57:46.0562 0864  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
09:57:46.0562 0864  C:\WINDOWS\system32\drivers\raspptp.sys - ok
09:57:46.0562 0864  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
09:57:46.0562 0864  C:\WINDOWS\system32\drivers\psched.sys - ok
09:57:46.0562 0864  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
09:57:46.0562 0864  C:\WINDOWS\system32\drivers\msgpc.sys - ok
09:57:46.0578 0864  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
09:57:46.0578 0864  C:\WINDOWS\system32\drivers\ptilink.sys - ok
09:57:46.0593 0864  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
09:57:46.0593 0864  C:\WINDOWS\system32\drivers\raspti.sys - ok
09:57:46.0593 0864  [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
09:57:46.0593 0864  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
09:57:46.0593 0864  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
09:57:46.0593 0864  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
09:57:46.0609 0864  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
09:57:46.0609 0864  C:\WINDOWS\system32\drivers\mouclass.sys - ok
09:57:46.0609 0864  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
09:57:46.0609 0864  C:\WINDOWS\system32\drivers\swenum.sys - ok
09:57:46.0625 0864  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
09:57:46.0625 0864  C:\WINDOWS\system32\drivers\termdd.sys - ok
09:57:46.0625 0864  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
09:57:46.0625 0864  C:\WINDOWS\system32\drivers\update.sys - ok
09:57:46.0640 0864  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
09:57:46.0640 0864  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
09:57:46.0640 0864  [ FB38473835476A6FB272215A1D972AF9 ] C:\WINDOWS\system32\drivers\dtsoftbus01.sys
09:57:46.0640 0864  C:\WINDOWS\system32\drivers\dtsoftbus01.sys - ok
09:57:46.0640 0864  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
09:57:46.0640 0864  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
09:57:46.0656 0864  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
09:57:46.0656 0864  C:\WINDOWS\system32\drivers\usbd.sys - ok
09:57:46.0656 0864  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
09:57:46.0656 0864  C:\WINDOWS\system32\drivers\usbhub.sys - ok
09:57:46.0656 0864  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
09:57:46.0656 0864  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
09:57:46.0671 0864  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
09:57:46.0671 0864  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
09:57:46.0671 0864  [ 8DCD8B53E5935D9AF52CB62FD2B965B5 ] C:\WINDOWS\system32\drivers\avgtpx86.sys
09:57:46.0671 0864  C:\WINDOWS\system32\drivers\avgtpx86.sys - ok
09:57:46.0671 0864  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
09:57:46.0671 0864  C:\WINDOWS\system32\drivers\beep.sys - ok
09:57:46.0687 0864  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
09:57:46.0687 0864  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
09:57:46.0687 0864  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
09:57:46.0687 0864  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
09:57:46.0703 0864  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
09:57:46.0703 0864  C:\WINDOWS\system32\drivers\null.sys - ok
09:57:46.0703 0864  [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
09:57:46.0703 0864  C:\WINDOWS\system32\drivers\hidparse.sys - ok
09:57:46.0718 0864  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
09:57:46.0718 0864  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
09:57:46.0734 0864  [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
09:57:46.0734 0864  C:\WINDOWS\system32\drivers\kbdhid.sys - ok
09:57:46.0750 0864  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
09:57:46.0750 0864  C:\WINDOWS\system32\drivers\vga.sys - ok
09:57:46.0750 0864  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
09:57:46.0750 0864  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
09:57:46.0765 0864  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
09:57:46.0765 0864  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
09:57:46.0765 0864  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
09:57:46.0765 0864  C:\WINDOWS\system32\drivers\msfs.sys - ok
09:57:46.0765 0864  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
09:57:46.0765 0864  C:\WINDOWS\system32\drivers\ipsec.sys - ok
09:57:46.0781 0864  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
09:57:46.0781 0864  C:\WINDOWS\system32\drivers\npfs.sys - ok
09:57:46.0781 0864  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
09:57:46.0781 0864  C:\WINDOWS\system32\drivers\rasacd.sys - ok
09:57:46.0781 0864  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
09:57:46.0781 0864  C:\WINDOWS\system32\drivers\tcpip.sys - ok
09:57:46.0796 0864  [ 14370FB29526F593C04FA48B5D69F7F0 ] C:\WINDOWS\system32\drivers\avgtdix.sys
09:57:46.0796 0864  C:\WINDOWS\system32\drivers\avgtdix.sys - ok
09:57:46.0796 0864  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
09:57:46.0796 0864  C:\WINDOWS\system32\drivers\ipnat.sys - ok
09:57:46.0796 0864  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
09:57:46.0796 0864  C:\WINDOWS\system32\drivers\netbt.sys - ok
09:57:46.0812 0864  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
09:57:46.0812 0864  C:\WINDOWS\system32\drivers\wanarp.sys - ok
09:57:46.0812 0864  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
09:57:46.0812 0864  C:\WINDOWS\system32\drivers\afd.sys - ok
09:57:46.0812 0864  [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
09:57:46.0812 0864  C:\WINDOWS\system32\drivers\arp1394.sys - ok
09:57:46.0828 0864  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
09:57:46.0828 0864  C:\WINDOWS\system32\drivers\netbios.sys - ok
09:57:46.0828 0864  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
09:57:46.0828 0864  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
09:57:46.0828 0864  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
09:57:46.0828 0864  C:\WINDOWS\system32\drivers\rdbss.sys - ok
09:57:46.0843 0864  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
09:57:46.0843 0864  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
09:57:46.0843 0864  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
09:57:46.0843 0864  C:\WINDOWS\system32\drivers\fips.sys - ok
09:57:46.0843 0864  [ 08FA13787D77A75DC413E27FD92B44E8 ] C:\WINDOWS\system32\drivers\avgldx86.sys
09:57:46.0843 0864  C:\WINDOWS\system32\drivers\avgldx86.sys - ok
09:57:46.0859 0864  [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
09:57:46.0859 0864  C:\WINDOWS\system32\drivers\usbccgp.sys - ok
09:57:46.0859 0864  [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
09:57:46.0859 0864  C:\WINDOWS\system32\drivers\hidclass.sys - ok
09:57:46.0859 0864  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
09:57:46.0859 0864  C:\WINDOWS\system32\drivers\hidusb.sys - ok
09:57:46.0875 0864  [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\USBSTOR.SYS
09:57:46.0875 0864  C:\WINDOWS\system32\drivers\USBSTOR.SYS - ok
09:57:46.0875 0864  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] C:\WINDOWS\system32\drivers\usbscan.sys
09:57:46.0875 0864  C:\WINDOWS\system32\drivers\usbscan.sys - ok
09:57:46.0890 0864  [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
09:57:46.0890 0864  C:\WINDOWS\system32\drivers\mouhid.sys - ok
09:57:46.0890 0864  [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] C:\WINDOWS\system32\drivers\avgidsdriverx.sys
09:57:46.0890 0864  C:\WINDOWS\system32\drivers\avgidsdriverx.sys - ok
09:57:46.0906 0864  [ A426B2DC795531D99E2EE1952AEC051A ] C:\WINDOWS\system32\drivers\avgidsshimx.sys
09:57:46.0906 0864  C:\WINDOWS\system32\drivers\avgidsshimx.sys - ok
09:57:46.0906 0864  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
09:57:46.0906 0864  C:\WINDOWS\system32\smss.exe - ok
09:57:46.0921 0864  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
09:57:46.0921 0864  C:\WINDOWS\system32\ntdll.dll - ok
09:57:46.0921 0864  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
09:57:46.0921 0864  C:\WINDOWS\system32\autochk.exe - ok
09:57:46.0921 0864  [ 3CBE72BDF167CC075B7CFA09B2089B4C ] C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
09:57:46.0921 0864  C:\PROGRA~1\AVG\AVG2013\avgrsx.exe - ok
09:57:46.0937 0864  [ A9C25C9A8F9DA7F25C14D84C4CE845A3 ] C:\WINDOWS\system32\sdnclean.exe
09:57:46.0937 0864  C:\WINDOWS\system32\sdnclean.exe - ok
09:57:46.0937 0864  [ 3B3D5E94A5F24417BE2C179DDD883702 ] C:\Program Files\AVG\AVG2013\avgsysx.dll
09:57:46.0937 0864  C:\Program Files\AVG\AVG2013\avgsysx.dll - ok
09:57:46.0953 0864  [ AE4D9DC676A2517DEE3E51978BCFE47C ] C:\Program Files\AVG\AVG2013\avgntopensslx.dll
09:57:46.0953 0864  C:\Program Files\AVG\AVG2013\avgntopensslx.dll - ok
09:57:46.0953 0864  [ 21139ED432EFB4A8CDF715862DBDF9E0 ] C:\Program Files\AVG\AVG2013\avglogx.dll
09:57:46.0953 0864  C:\Program Files\AVG\AVG2013\avglogx.dll - ok
09:57:46.0968 0864  [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
09:57:46.0968 0864  C:\WINDOWS\system32\drivers\cdfs.sys - ok
09:57:46.0968 0864  [ 9FA19C5F1F70DE54779B19D467984505 ] C:\Program Files\Laser App Enterprise\elaslib.dll
09:57:46.0968 0864  C:\Program Files\Laser App Enterprise\elaslib.dll - ok
09:57:46.0968 0864  [ 6BA0A833DCABF3E28622143689E2C92E ] C:\WINDOWS\hh.exe
09:57:46.0968 0864  C:\WINDOWS\hh.exe - ok
09:57:46.0984 0864  [ D3E868700D9B5E3C54B7EED060215CC1 ] C:\WINDOWS\system32\hhsetup.dll
09:57:46.0984 0864  C:\WINDOWS\system32\hhsetup.dll - ok
09:57:46.0984 0864  [ B80B70609797F944517186DDAC174A50 ] C:\Program Files\AVG\AVG2013\avguires.dll
09:57:46.0984 0864  C:\Program Files\AVG\AVG2013\avguires.dll - ok
09:57:47.0000 0864  [ 2FEF21EEE9934BB10165AA02E530183C ] C:\Program Files\AVG\AVG2013\avglngx.dll
09:57:47.0000 0864  C:\Program Files\AVG\AVG2013\avglngx.dll - ok
09:57:47.0000 0864  [ 3E5AA6A816FA331E64C38A45C6FF5637 ] C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
09:57:47.0000 0864  C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe - ok
09:57:47.0000 0864  [ 730E90935150048A4E5F392FCDD49DA3 ] C:\Program Files\AVG\AVG2013\avgapps.dll
09:57:47.0000 0864  C:\Program Files\AVG\AVG2013\avgapps.dll - ok
09:57:47.0015 0864  [ 8561C0534F3038B31A5284CE661FDE38 ] C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
09:57:47.0015 0864  C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe - ok
09:57:47.0015 0864  [ E45544A81CDC5F16A102CE414B1B3BF4 ] C:\WINDOWS\Installer\{4A39A186-867C-48C7-890A-8824B8B0874E}\Annuity.exe_3B9A271018E549D885EDBB2C4B33117E.exe
09:57:47.0015 0864  C:\WINDOWS\Installer\{4A39A186-867C-48C7-890A-8824B8B0874E}\Annuity.exe_3B9A271018E549D885EDBB2C4B33117E.exe - ok
09:57:47.0031 0864  [ 67B79DFF15E6FC785E3FE4DA9D83E55C ] C:\WINDOWS\Installer\{2A30052B-831C-41D3-8044-3C0388066350}\NewShortcut1_68F918D3F91F411B8936985CC2BD4192.exe
09:57:47.0031 0864  C:\WINDOWS\Installer\{2A30052B-831C-41D3-8044-3C0388066350}\NewShortcut1_68F918D3F91F411B8936985CC2BD4192.exe - ok
09:57:47.0031 0864  [ 136C72DAC4D6951D9BA260A3E00A606D ] C:\Program Files\DivX\DivXWebPlayerUninstall.exe
09:57:47.0031 0864  C:\Program Files\DivX\DivXWebPlayerUninstall.exe - ok
09:57:47.0031 0864  [ E1AB2AC4A4D50B479DF1B1CEA4A7409B ] C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
09:57:47.0031 0864  C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe - ok
09:57:47.0046 0864  [ 7043E3A3E87E7B48D56A13B089E56D92 ] C:\WINDOWS\Installer\{E6158D07-2637-4ECF-B576-37C489669174}\IconWlc.exe
09:57:47.0046 0864  C:\WINDOWS\Installer\{E6158D07-2637-4ECF-B576-37C489669174}\IconWlc.exe - ok
09:57:47.0046 0864  [ 3287AFFC2CB27F5AE72A679221AA2016 ] C:\WINDOWS\Installer\{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
09:57:47.0046 0864  C:\WINDOWS\Installer\{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe - ok
09:57:47.0062 0864  [ E9A42209106C1660917515BB4719E151 ] C:\Program Files\Laser App Enterprise\uformagent.exe
09:57:47.0062 0864  C:\Program Files\Laser App Enterprise\uformagent.exe - ok
09:57:47.0062 0864  [ 0CD122618641A846893CCC9538E9EF3F ] C:\Program Files\Globalscape\CuteFTP\cuteftppro.exe
09:57:47.0062 0864  C:\Program Files\Globalscape\CuteFTP\cuteftppro.exe - ok
09:57:47.0078 0864  [ 77F0C6C68FE917A10B56CADF6D57CDA0 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe
09:57:47.0078 0864  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe - ok
09:57:47.0078 0864  [ 8BDC097F52B4EF767099A47D6200B858 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodistdll.dll
09:57:47.0078 0864  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodistdll.dll - ok
09:57:47.0093 0864  [ 1C95060AA0B931CF9EE86DDE21FCFC8C ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ahclient.dll
09:57:47.0093 0864  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ahclient.dll - ok
09:57:47.0093 0864  [ D3D046D058BB890CB42D92D2084179CC ] C:\Program Files\Adobe\Acrobat 9.0\Esl\Aiod.dll
09:57:47.0093 0864  C:\Program Files\Adobe\Acrobat 9.0\Esl\Aiod.dll - ok
09:57:47.0109 0864  [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
09:57:47.0109 0864  C:\WINDOWS\system32\snmpapi.dll - ok
09:57:47.0109 0864  [ F32077DF74EFD435A1DCDF415E189DF1 ] C:\WINDOWS\system32\mfc100u.dll
09:57:47.0109 0864  C:\WINDOWS\system32\mfc100u.dll - ok
09:57:47.0125 0864  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
09:57:47.0125 0864  C:\WINDOWS\system32\cmd.exe - ok
09:57:47.0125 0864  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
09:57:47.0125 0864  C:\WINDOWS\system32\ctfmon.exe - ok
09:57:47.0140 0864  [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
09:57:47.0140 0864  C:\WINDOWS\system32\msutb.dll - ok
09:57:47.0140 0864  [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\SPTIP.dll
09:57:47.0140 0864  C:\WINDOWS\ime\SPTIP.dll - ok
09:57:47.0156 0864  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
09:57:47.0156 0864  C:\WINDOWS\system32\themeui.dll - ok
09:57:47.0156 0864  [ 484ACF6AF85A29AC52F3CF054DFDE9D3 ] C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
09:57:47.0156 0864  C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe - ok
09:57:47.0156 0864  [ 21EF4BB2A6FF4116FD83FAEE52D4A416 ] C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
09:57:47.0156 0864  C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe - ok
09:57:47.0171 0864  [ BECEEE04AAB6388B66D1FCBD2A9F19A1 ] C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
09:57:47.0171 0864  C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe - ok
09:57:47.0171 0864  [ 6948349D55ABC9B90AA77B5340D2EA77 ] C:\Program Files\Steam\Steam.exe
09:57:47.0171 0864  C:\Program Files\Steam\Steam.exe - ok
09:57:47.0187 0864  [ CBEC501EB6AF5884589247D2C31E188E ] C:\WINDOWS\Installer\{77CDA026-3860-4C95-8233-34F3CEF121FB}\RxCIcon.exe
09:57:47.0187 0864  C:\WINDOWS\Installer\{77CDA026-3860-4C95-8233-34F3CEF121FB}\RxCIcon.exe - ok
09:57:47.0187 0864  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
09:57:47.0187 0864  C:\WINDOWS\system32\winsrv.dll - ok
09:57:47.0203 0864  [ 95110A1C5A1D228AC1DDF6AB67D00BEB ] C:\Program Files\Mozilla Firefox\firefox.exe
09:57:47.0203 0864  C:\Program Files\Mozilla Firefox\firefox.exe - ok
09:57:47.0203 0864  [ BCD9CBF0621F9A6767276A2E0BF1DD15 ] C:\Program Files\Google\Google Talk\googletalk.exe
09:57:47.0203 0864  C:\Program Files\Google\Google Talk\googletalk.exe - ok
09:57:47.0218 0864  [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
09:57:47.0218 0864  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
09:57:47.0218 0864  [ 76E7410B3A308F6960D3CE06DC7874AD ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
09:57:47.0218 0864  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll - ok
09:57:47.0234 0864  [ 917A728A12F25FCF4636858FAC9979FA ] C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
09:57:47.0234 0864  C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll - ok
09:57:47.0234 0864  [ A9F9D081518AC03A51C1195986076F42 ] C:\Program Files\iTunes\iTunesHelper.exe
09:57:47.0234 0864  C:\Program Files\iTunes\iTunesHelper.exe - ok
09:57:47.0234 0864  [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
09:57:47.0234 0864  C:\WINDOWS\system32\WgaLogon.dll - ok
09:57:47.0250 0864  [ 5E28284F9B5F9097640D58A73D38AD4C ] C:\WINDOWS\system32\notepad.exe
09:57:47.0250 0864  C:\WINDOWS\system32\notepad.exe - ok
09:57:47.0265 0864  [ 4D8E9C2FB7E234A7FDFA6EC54794217F ] C:\WINDOWS\system32\nvcpl.dll
09:57:47.0265 0864  C:\WINDOWS\system32\nvcpl.dll - ok
09:57:47.0265 0864  [ E639279A5EF179BA87EC70B5BCC315D1 ] C:\WINDOWS\system32\nvapi.dll
09:57:47.0265 0864  C:\WINDOWS\system32\nvapi.dll - ok
09:57:47.0281 0864  [ CBA802993375E40E4D1CB4350939FFF2 ] C:\WINDOWS\system32\nvdisps.dll
09:57:47.0281 0864  C:\WINDOWS\system32\nvdisps.dll - ok
09:57:47.0281 0864  [ 9ACCBC5891BA51B5B29C1A88F80D4CE3 ] C:\Program Files\QuickTime\QTTask.exe
09:57:47.0281 0864  C:\Program Files\QuickTime\QTTask.exe - ok
09:57:47.0281 0864  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
09:57:47.0281 0864  C:\WINDOWS\system32\services.exe - ok
09:57:47.0296 0864  [ 919900A0301BB3B4ED6A7BDCBE8AF170 ] C:\WINDOWS\system32\DR2KSVC.dll
09:57:47.0296 0864  C:\WINDOWS\system32\DR2KSVC.dll - ok
09:57:47.0296 0864  [ A68DA24239C7BA6C424E1AEAE7AA3E7A ] C:\WINDOWS\system32\mspaint.exe
09:57:47.0296 0864  C:\WINDOWS\system32\mspaint.exe - ok
09:57:47.0312 0864  [ BB7245420097B251D1271F5B6F0C9F02 ] C:\Program Files\uTorrent\uTorrent.exe
09:57:47.0312 0864  C:\Program Files\uTorrent\uTorrent.exe - ok
09:57:47.0328 0864  [ C464CE70A57DA04861A29015814E0DD1 ] C:\Program Files\WinRAR\WinRAR.exe
09:57:47.0328 0864  C:\Program Files\WinRAR\WinRAR.exe - ok
09:57:47.0328 0864  [ D478331FEE85E840F7D89EDD06190DFC ] C:\Program Files\Windows Media Player\wmplayer.exe
09:57:47.0328 0864  C:\Program Files\Windows Media Player\wmplayer.exe - ok
09:57:47.0328 0864  [ 0B0526CE79C2082400E661A0ABE52A14 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
09:57:47.0328 0864  C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
09:57:47.0343 0864  [ 46B5E0D4DE23D31E7B83E376BD99D7C6 ] C:\Program Files\Spybot - Search & Destroy 2\SDLicense.dll
09:57:47.0343 0864  C:\Program Files\Spybot - Search & Destroy 2\SDLicense.dll - ok
09:57:47.0343 0864  [ CA3B195D98BDBBB7D50C70372CF3005F ] C:\WINDOWS\system32\jsproxy.dll
09:57:47.0343 0864  C:\WINDOWS\system32\jsproxy.dll - ok
09:57:47.0343 0864  [ 09E9425AD8C61664A37ED84B8B58BDCF ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
09:57:47.0343 0864  C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe - ok
09:57:47.0359 0864  [ 01F441F655D8CC4214BDF411D39D04AF ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
09:57:47.0359 0864  C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe - ok
09:57:47.0359 0864  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
09:57:47.0359 0864  C:\WINDOWS\system32\spoolsv.exe - ok
09:57:47.0359 0864  [ 6D07DF8A3B4E89B5BAC943B64F0B70D0 ] C:\WINDOWS\system32\icm32.dll
09:57:47.0359 0864  C:\WINDOWS\system32\icm32.dll - ok
09:57:47.0375 0864  [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
09:57:47.0375 0864  C:\WINDOWS\system32\WgaTray.exe - ok
09:57:47.0375 0864  [ AB2C32055F5708068B834F02CE4AB49F ] C:\Program Files\FileZilla FTP Client\uninstall.exe
09:57:47.0375 0864  C:\Program Files\FileZilla FTP Client\uninstall.exe - ok
09:57:47.0375 0864  [ 208A1C2FCE24D1CD637B1AE275E7B297 ] C:\WINDOWS\Installer\{2A30052B-831C-41D3-8044-3C0388066350}\NewShortcut2_B7AA0888E8864144BA725EAA61DC15D5.exe
09:57:47.0375 0864  C:\WINDOWS\Installer\{2A30052B-831C-41D3-8044-3C0388066350}\NewShortcut2_B7AA0888E8864144BA725EAA61DC15D5.exe - ok
09:57:47.0390 0864  [ BFE69C991171F6527B5BF625ED048471 ] C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
09:57:47.0390 0864  C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe - ok
09:57:47.0390 0864  [ B0C54AEDB577C106194CB2E27E162AA7 ] C:\WINDOWS\Installer\{0C5265EC-9687-433D-9928-D6AA39D8CD04}\NewShortcut15_27BC537B086D42E19CB39D115FA043BF.exe
09:57:47.0390 0864  C:\WINDOWS\Installer\{0C5265EC-9687-433D-9928-D6AA39D8CD04}\NewShortcut15_27BC537B086D42E19CB39D115FA043BF.exe - ok
09:57:47.0406 0864  [ 6CE25A4F4F2F70EBF004C9006C647F32 ] C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
09:57:47.0406 0864  C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe - ok
09:57:47.0421 0864  [ C0F4A57BA5E09A28AE3D2F67ED219EEA ] C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
09:57:47.0421 0864  C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe - ok
09:57:47.0421 0864  [ 42676F2459D0FEF19095444723FBF88C ] C:\WINDOWS\Installer\{EE39FFBD-544E-49E4-A999-6819828EAE91}\WLXPhotoGalleryIcon.exe
09:57:47.0421 0864  C:\WINDOWS\Installer\{EE39FFBD-544E-49E4-A999-6819828EAE91}\WLXPhotoGalleryIcon.exe - ok
09:57:47.0437 0864  [ D6AB6ACB1262F6741395DB561B7315B4 ] C:\Program Files\Shuttle\XPC Tools\XPCTools.exe
09:57:47.0437 0864  C:\Program Files\Shuttle\XPC Tools\XPCTools.exe - ok
09:57:47.0437 0864  [ 08457294C7E98C5D3E5EE8CDC25FA537 ] C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
09:57:47.0437 0864  C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe - ok
09:57:47.0437 0864  [ 354E280C4BB56704E3925770F282588F ] C:\Program Files\TrueCrypt\TrueCrypt Setup.exe
09:57:47.0453 0864  C:\Program Files\TrueCrypt\TrueCrypt Setup.exe - ok
09:57:47.0453 0864  [ CD18E303B47E126EAACDEFAD26B006B2 ] C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
09:57:47.0453 0864  C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe - ok
09:57:47.0453 0864  [ 8B26805A7067D68286FC6331D7C2C3E5 ] C:\Program Files\Google\Chrome\Application\28.0.1500.72\icudt.dll
09:57:47.0453 0864  C:\Program Files\Google\Chrome\Application\28.0.1500.72\icudt.dll - ok
09:57:47.0468 0864  [ 9EED448E2C6306BFD8B2B19063FC21A1 ] C:\Program Files\AVG\AVG2013\avgidpmx.dll
09:57:47.0468 0864  C:\Program Files\AVG\AVG2013\avgidpmx.dll - ok
09:57:47.0468 0864  [ 4ACB9A36EF1E290F8BDCE1AFC4D94AEF ] C:\Program Files\Google\Chrome\Application\28.0.1500.72\chrome.dll
09:57:47.0468 0864  C:\Program Files\Google\Chrome\Application\28.0.1500.72\chrome.dll - ok
09:57:47.0484 0864  [ 03B6A9C21F70A5EDE80FDB45313A2E85 ] C:\Program Files\Spybot - Search & Destroy 2\SDLogReport.exe
09:57:47.0484 0864  C:\Program Files\Spybot - Search & Destroy 2\SDLogReport.exe - ok
09:57:47.0484 0864  [ C38DFB25E8BB8C33D7A3110FF9D2C6D2 ] C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\rdbgwiz.exe
09:57:47.0484 0864  C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\rdbgwiz.exe - ok
09:57:47.0484 0864  [ 63B4C70F88BB8DF11E6A0FA5ABE3C34B ] C:\Program Files\Spybot - Search & Destroy 2\SDFiles.exe
09:57:47.0484 0864  C:\Program Files\Spybot - Search & Destroy 2\SDFiles.exe - ok
09:57:47.0500 0864  [ 9A2FE99213A4AFE60EDBB991D25631F3 ] C:\Program Files\ScanSoft\OmniPageSE4.0\ScannerWizard.exe
09:57:47.0500 0864  C:\Program Files\ScanSoft\OmniPageSE4.0\ScannerWizard.exe - ok
09:57:47.0500 0864  [ B22332758A8293C14DB318748A928CC4 ] C:\WINDOWS\system32\sndrec32.exe
09:57:47.0500 0864  C:\WINDOWS\system32\sndrec32.exe - ok
09:57:47.0515 0864  [ BE1B85306352E0AC901EC08506792B6B ] C:\WINDOWS\system32\mshearts.exe
09:57:47.0515 0864  C:\WINDOWS\system32\mshearts.exe - ok
09:57:47.0515 0864  [ 0845E936C85AD45B452CBC86A316CF2A ] C:\WINDOWS\system32\utilman.exe
09:57:47.0515 0864  C:\WINDOWS\system32\utilman.exe - ok
09:57:47.0531 0864  [ 8D1492DBE9A856EE306EDC5A103E0BF2 ] C:\WINDOWS\system32\spider.exe
09:57:47.0531 0864  C:\WINDOWS\system32\spider.exe - ok
09:57:47.0531 0864  [ A52DD5B6566B092143AE42877F2EDD62 ] C:\WINDOWS\system32\tourstart.exe
09:57:47.0531 0864  C:\WINDOWS\system32\tourstart.exe - ok
09:57:47.0546 0864  [ 7DF33946B5911E75320CCA9AC1A3492B ] C:\WINDOWS\system32\sndvol32.exe
09:57:47.0546 0864  C:\WINDOWS\system32\sndvol32.exe - ok
09:57:47.0546 0864  [ EB62144848244C3768A855C6136289A7 ] C:\Program Files\Safer Networking\RegAlyzer\RegAlyzer.exe
09:57:47.0546 0864  C:\Program Files\Safer Networking\RegAlyzer\RegAlyzer.exe - ok
09:57:47.0546 0864  [ D4F1AE50D387537F2EFCE575276E6F26 ] C:\Program Files\Roxio 2011\Roxio Burn\Roxio Burn.exe
09:57:47.0546 0864  C:\Program Files\Roxio 2011\Roxio Burn\Roxio Burn.exe - ok
09:57:47.0562 0864  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
09:57:47.0562 0864  C:\WINDOWS\system32\webcheck.dll - ok
09:57:47.0562 0864  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
09:57:47.0562 0864  C:\WINDOWS\system32\stobject.dll - ok
09:57:47.0562 0864  [ EE962F34EB2A8904B2597CF73BB56FDD ] C:\Program Files\Spybot - Search & Destroy 2\unins000.exe
09:57:47.0578 0864  C:\Program Files\Spybot - Search & Destroy 2\unins000.exe - ok
09:57:47.0578 0864  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
09:57:47.0578 0864  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
09:57:47.0578 0864  [ FC1F164B1DF33802CC7DC15203C043F4 ] C:\WINDOWS\system32\rcimlby.exe
09:57:47.0578 0864  C:\WINDOWS\system32\rcimlby.exe - ok
09:57:47.0578 0864  [ 95786E866A54C7782E60855D2BAE5410 ] C:\WINDOWS\system32\mobsync.exe
09:57:47.0578 0864  C:\WINDOWS\system32\mobsync.exe - ok
09:57:47.0593 0864  [ 435C7907F33DED3DA09E63F9C8A2B17A ] C:\WINDOWS\system32\magnify.exe
09:57:47.0593 0864  C:\WINDOWS\system32\magnify.exe - ok
09:57:47.0593 0864  [ 21F839F2281473642AC2060F30E19DC7 ] C:\WINDOWS\system32\narrator.exe
09:57:47.0593 0864  C:\WINDOWS\system32\narrator.exe - ok
09:57:47.0593 0864  [ 02972E153C4633BE999D8F5890BEA71E ] C:\WINDOWS\system32\osk.exe
09:57:47.0593 0864  C:\WINDOWS\system32\osk.exe - ok
09:57:47.0609 0864  [ 5C382832CC8DA8D940BB902C5C656DFB ] C:\WINDOWS\system32\wupdmgr.exe
09:57:47.0609 0864  C:\WINDOWS\system32\wupdmgr.exe - ok
09:57:47.0609 0864  [ 706D2B737E8673D365B6E8FDA3D0478F ] C:\WINDOWS\system32\hnetwiz.dll
09:57:47.0609 0864  C:\WINDOWS\system32\hnetwiz.dll - ok
09:57:47.0609 0864  [ F48AB90A886200BCDA169AD7F06037D6 ] C:\WINDOWS\system32\els.dll
09:57:47.0609 0864  C:\WINDOWS\system32\els.dll - ok
09:57:47.0625 0864  [ 8A0BDDA8EA77A5E3BE3069A45148FA44 ] C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll
09:57:47.0625 0864  C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll - ok
09:57:47.0625 0864  [ 060D8088F95A3A4BEA0F0E11A65F853D ] C:\WINDOWS\system32\ntbackup.exe
09:57:47.0625 0864  C:\WINDOWS\system32\ntbackup.exe - ok
09:57:47.0625 0864  [ 8B6EEB735F2A7430D44B032568405AE4 ] C:\WINDOWS\system32\wsecedit.dll
09:57:47.0625 0864  C:\WINDOWS\system32\wsecedit.dll - ok
09:57:47.0640 0864  [ 4D9B5E540158BF8E9B1BCAC1AEDD8C60 ] C:\WINDOWS\system32\freecell.exe
09:57:47.0640 0864  C:\WINDOWS\system32\freecell.exe - ok
09:57:47.0640 0864  [ 373E7A863A1A345C60EDB9E20EC32311 ] C:\WINDOWS\system32\sol.exe
09:57:47.0640 0864  C:\WINDOWS\system32\sol.exe - ok
09:57:47.0656 0864  [ 2B6B61FE79E9706BE306856F7A795133 ] C:\WINDOWS\system32\odbcad32.exe
09:57:47.0656 0864  C:\WINDOWS\system32\odbcad32.exe - ok
09:57:47.0671 0864  [ 136C72DAC4D6951D9BA260A3E00A606D ] C:\Program Files\DivX\DivXConverterUninstall.exe
09:57:47.0671 0864  C:\Program Files\DivX\DivXConverterUninstall.exe - ok
09:57:47.0687 0864  [ D687DD2821A14006798BBC1B2408B391 ] C:\Program Files\DivX\DivX Player\DivX Player.exe
09:57:47.0703 0864  C:\Program Files\DivX\DivX Player\DivX Player.exe - ok
09:57:47.0703 0864  [ 136C72DAC4D6951D9BA260A3E00A606D ] C:\Program Files\DivX\DivXPlayerUninstall.exe
09:57:47.0703 0864  C:\Program Files\DivX\DivXPlayerUninstall.exe - ok
09:57:47.0718 0864  [ 136C72DAC4D6951D9BA260A3E00A606D ] C:\Program Files\DivX\DivXCodecUninstall.exe
09:57:47.0718 0864  C:\Program Files\DivX\DivXCodecUninstall.exe - ok
09:57:47.0718 0864  [ 7511E2588A373C8B6AA2FBDE267A5708 ] C:\Program Files\DivX\DivX Converter\DivX Converter.exe
09:57:47.0718 0864  C:\Program Files\DivX\DivX Converter\DivX Converter.exe - ok
09:57:47.0718 0864  [ 8C04DFEC2438CF43D575B2B03F23E24A ] C:\Program Files\DivX\DivX Codec\config.exe
09:57:47.0718 0864  C:\Program Files\DivX\DivX Codec\config.exe - ok
09:57:47.0734 0864  [ DF4217DDB34A0B73DC7AAC7829371C0C ] C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
09:57:47.0734 0864  C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe - ok
09:57:47.0734 0864  [ 482AE619667429CD12D23A9089F5BF22 ] C:\WINDOWS\system32\oobe\msoobe.exe
09:57:47.0734 0864  C:\WINDOWS\system32\oobe\msoobe.exe - ok
09:57:47.0750 0864  [ 8053FEB9502EE2261F192EEB57DA2E4A ] C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe
09:57:47.0750 0864  C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe - ok
09:57:47.0750 0864  [ F0B652C670BA295C8A25E28A04A4C979 ] C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe
09:57:47.0750 0864  C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe - ok
09:57:47.0765 0864  [ D3BF70B531AB5468B4CBFE98C2459CD1 ] C:\Program Files\Spybot - Search & Destroy 2\SDRootAlyzer.exe
09:57:47.0765 0864  C:\Program Files\Spybot - Search & Destroy 2\SDRootAlyzer.exe - ok
09:57:47.0765 0864  [ 0F097E6EA2B20448AEE452A285A93EEC ] C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe
09:57:47.0765 0864  C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe - ok
09:57:47.0781 0864  [ 930270EC019A03CA2F0DF97C660AF7FD ] C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe
09:57:47.0781 0864  C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe - ok
09:57:47.0781 0864  [ 73B8B5915E8EDB68AAFBADCEDB012F86 ] C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe
09:57:47.0781 0864  C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe - ok
09:57:47.0796 0864  [ 515E4684008E955DE0C81E6A7AEA1C2A ] C:\WINDOWS\IsUninst.exe
09:57:47.0796 0864  C:\WINDOWS\IsUninst.exe - ok
09:57:47.0796 0864  [ 73FA09B84B23A1897809A84F976D5D99 ] C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
09:57:47.0812 0864  C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe - ok
09:57:47.0812 0864  [ A1226C81B5DC433CC6A6CA28D84AC303 ] C:\WINDOWS\system32\mycomput.dll
09:57:47.0812 0864  C:\WINDOWS\system32\mycomput.dll - ok
09:57:47.0828 0864  [ 4DC59B4223E833652135B2454F7ECAD2 ] C:\WINDOWS\system32\filemgmt.dll
09:57:47.0828 0864  C:\WINDOWS\system32\filemgmt.dll - ok
09:57:47.0843 0864  [ 9C45D38B74634C9DED60BEC640C5C3CA ] C:\WINDOWS\system32\winmine.exe
09:57:47.0843 0864  C:\WINDOWS\system32\winmine.exe - ok
09:57:47.0843 0864  [ F69576955AD53CC33A17BA1E4709AA34 ] C:\WINDOWS\system32\usmt\migwiz.exe
09:57:47.0843 0864  C:\WINDOWS\system32\usmt\migwiz.exe - ok
09:57:47.0859 0864  [ BD6C1488F63D64DEA8EE514802FC2CDD ] C:\WINDOWS\system32\Restore\rstrui.exe
09:57:47.0859 0864  C:\WINDOWS\system32\Restore\rstrui.exe - ok
09:57:47.0875 0864  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
09:57:47.0875 0864  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
09:57:47.0890 0864  [ 7E2CF680C69680064D43F4FFE5831DD1 ] C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
09:57:47.0890 0864  C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe - ok
09:57:47.0906 0864  [ 33D679D5CC80CCC8E784CC588DA12465 ] C:\WINDOWS\system32\mstsc.exe
09:57:47.0906 0864  C:\WINDOWS\system32\mstsc.exe - ok
09:57:47.0921 0864  [ 485FE82CA36117F5E1599831EDD6FB14 ] C:\WINDOWS\system32\wiaacmgr.exe
09:57:47.0921 0864  C:\WINDOWS\system32\wiaacmgr.exe - ok
09:57:47.0921 0864  [ 40E39EA36DB19491BB341868E0BBD10F ] C:\Program Files\ING\Presents\httpiu.exe
09:57:47.0921 0864  C:\Program Files\ING\Presents\httpiu.exe - ok
09:57:47.0921 0864  [ 2678604575AE727DE44949742E84069D ] C:\Program Files\Google\Drive\googledrivesync.exe
09:57:47.0921 0864  C:\Program Files\Google\Drive\googledrivesync.exe - ok
09:57:47.0937 0864  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
09:57:47.0937 0864  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
09:57:47.0953 0864  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
09:57:47.0953 0864  C:\WINDOWS\system32\sfcfiles.dll - ok
09:57:47.0953 0864  [ 86440EDFF27095E03741AEDC5752AA51 ] C:\WINDOWS\system32\olecnv32.dll
09:57:47.0953 0864  C:\WINDOWS\system32\olecnv32.dll - ok
09:57:47.0968 0864  [ D8361BEAB7109AB8B069F7F5028E37B1 ] C:\WINDOWS\system32\olesvr32.dll
09:57:47.0968 0864  C:\WINDOWS\system32\olesvr32.dll - ok
09:57:47.0968 0864  [ 045DF7AE14CAAED71338916D6FB66812 ] C:\WINDOWS\system32\wow32.dll
09:57:47.0968 0864  C:\WINDOWS\system32\wow32.dll - ok
09:57:47.0984 0864  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
09:57:47.0984 0864  C:\WINDOWS\system32\profmap.dll - ok
09:57:48.0000 0864  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
09:57:48.0000 0864  C:\WINDOWS\system32\regapi.dll - ok
09:57:48.0000 0864  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
09:57:48.0000 0864  C:\WINDOWS\system32\shsvcs.dll - ok
09:57:48.0015 0864  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
09:57:48.0015 0864  C:\WINDOWS\system32\scesrv.dll - ok
09:57:48.0015 0864  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
09:57:48.0015 0864  C:\WINDOWS\system32\umpnpmgr.dll - ok
09:57:48.0031 0864  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
09:57:48.0031 0864  C:\WINDOWS\system32\samsrv.dll - ok
09:57:48.0031 0864  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
09:57:48.0031 0864  C:\WINDOWS\system32\w32time.dll - ok
09:57:48.0046 0864  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
09:57:48.0046 0864  C:\WINDOWS\system32\scecli.dll - ok
09:57:48.0046 0864  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
09:57:48.0046 0864  C:\WINDOWS\system32\wdigest.dll - ok
09:57:48.0062 0864  [ 05231C04253C5BC30B26CBAAE680ED89 ] C:\WINDOWS\system32\WudfSvc.dll
09:57:48.0062 0864  C:\WINDOWS\system32\WudfSvc.dll - ok
09:57:48.0062 0864  [ 5CAF91E865FE0C85048A233E594544D2 ] C:\WINDOWS\system32\WudfPlatform.dll
09:57:48.0062 0864  C:\WINDOWS\system32\WudfPlatform.dll - ok
09:57:48.0078 0864  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
09:57:48.0078 0864  C:\WINDOWS\system32\wlnotify.dll - ok
09:57:48.0078 0864  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
09:57:48.0078 0864  C:\WINDOWS\system32\rastls.dll - ok
09:57:48.0093 0864  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
09:57:48.0093 0864  C:\WINDOWS\system32\raschap.dll - ok
09:57:48.0093 0864  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
09:57:48.0093 0864  C:\WINDOWS\system32\schedsvc.dll - ok
09:57:48.0093 0864  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
09:57:48.0093 0864  C:\WINDOWS\system32\wkssvc.dll - ok
09:57:48.0109 0864  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
09:57:48.0109 0864  C:\WINDOWS\system32\localspl.dll - ok
09:57:48.0109 0864  [ C0D44791C969D65E63F250BC8BA0DC57 ] C:\WINDOWS\system32\AdobePDF.dll
09:57:48.0109 0864  C:\WINDOWS\system32\AdobePDF.dll - ok
09:57:48.0109 0864  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
09:57:48.0109 0864  C:\WINDOWS\system32\cnbjmon.dll - ok
09:57:48.0125 0864  [ B571F6DC89682959AC8A18757EC48F79 ] C:\WINDOWS\system32\LMIport.dll
09:57:48.0125 0864  C:\WINDOWS\system32\LMIport.dll - ok
09:57:48.0125 0864  [ 7D465B4715EF166A18D1474B6DF81BC0 ] C:\WINDOWS\system32\lmdimon8.dll
09:57:48.0125 0864  C:\WINDOWS\system32\lmdimon8.dll - ok
09:57:48.0140 0864  [ 95647F820CBC025676D7B407E2BCFBE6 ] C:\WINDOWS\system32\mdimon.dll
09:57:48.0140 0864  C:\WINDOWS\system32\mdimon.dll - ok
09:57:48.0140 0864  [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\WINDOWS\system32\msonpmon.dll
09:57:48.0140 0864  C:\WINDOWS\system32\msonpmon.dll - ok
09:57:48.0140 0864  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
09:57:48.0140 0864  C:\WINDOWS\system32\pjlmon.dll - ok
09:57:48.0156 0864  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
09:57:48.0156 0864  C:\WINDOWS\system32\tcpmon.dll - ok
09:57:48.0156 0864  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
09:57:48.0156 0864  C:\WINDOWS\system32\usbmon.dll - ok
09:57:48.0156 0864  [ A8AFF61C1533745EF2932E57FEDD2FF7 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll
09:57:48.0156 0864  C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll - ok
09:57:48.0171 0864  [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
09:57:48.0171 0864  C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
09:57:48.0171 0864  [ E43088A9708F3C4931618A068391B9A6 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
09:57:48.0171 0864  C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll - ok
09:57:48.0187 0864  [ 4424AE65F7AF8181AC99FE46BC2700C9 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
09:57:48.0187 0864  C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
09:57:48.0187 0864  [ F348280907B38FDBDB3CEF55D456E149 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
09:57:48.0187 0864  C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll - ok
09:57:48.0203 0864  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
09:57:48.0203 0864  C:\WINDOWS\system32\win32spl.dll - ok
09:57:48.0203 0864  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
09:57:48.0203 0864  C:\WINDOWS\system32\netrap.dll - ok
09:57:48.0218 0864  [ 268EF3344DA4258AADBF6AC2614A70C6 ] C:\WINDOWS\Installer\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}\iTunesIco.exe
09:57:48.0218 0864  C:\WINDOWS\Installer\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}\iTunesIco.exe - ok
09:57:48.0218 0864  [ A1B435754E27D28F6A8FC4D3C0DE8B08 ] C:\WINDOWS\Installer\{4A39A186-867C-48C7-890A-8824B8B0874E}\Annuity.exe1_3B9A271018E549D885EDBB2C4B33117E.exe
09:57:48.0218 0864  C:\WINDOWS\Installer\{4A39A186-867C-48C7-890A-8824B8B0874E}\Annuity.exe1_3B9A271018E549D885EDBB2C4B33117E.exe - ok
09:57:48.0218 0864  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
09:57:48.0218 0864  C:\WINDOWS\system32\batmeter.dll - ok
09:57:48.0234 0864  [ 1EEAE496A51F017D04DD41322935D2B9 ] C:\Program Files\Outlook Express\msimn.exe
09:57:48.0234 0864  C:\Program Files\Outlook Express\msimn.exe - ok
09:57:48.0234 0864  [ 29A9A30CA99EA2C28E1153FFB1AF2B57 ] C:\Program Files\Outlook Express\wab.exe
09:57:48.0234 0864  C:\Program Files\Outlook Express\wab.exe - ok
09:57:48.0250 0864  [ 809CFE39672E833E806E00560DDD7568 ] C:\WINDOWS\system32\compatUI.dll
09:57:48.0250 0864  C:\WINDOWS\system32\compatUI.dll - ok
09:57:48.0250 0864  [ A64A7505A7BBA0C54E87E5596C40E2CE ] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
09:57:48.0250 0864  C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe - ok
09:57:48.0250 0864  [ FF6669F7A1782D54E338F5C6EC806E1E ] C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
09:57:48.0250 0864  C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe - ok
09:57:48.0265 0864  [ DE8D01FE0242E2ED1373419FCC9A1005 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobePDFL.dll
09:57:48.0265 0864  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobePDFL.dll - ok
09:57:48.0265 0864  [ 072B51885BF7222F4B380750F82607DC ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\JP2KLib.dll
09:57:48.0265 0864  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\JP2KLib.dll - ok
09:57:48.0265 0864  [ A9EB39043FEB5B4D9378598307AD4541 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AXE8SharedExpat.dll
09:57:48.0265 0864  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AXE8SharedExpat.dll - ok
09:57:48.0281 0864  [ 41F3E13B64462258DC7A23BC7546A9DF ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ARE.dll
09:57:48.0281 0864  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ARE.dll - ok
09:57:48.0281 0864  [ D63797E8E7781EE1500A810CB6194FA6 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
09:57:48.0281 0864  C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
09:57:48.0296 0864  [ 7D880CF4F1A08F200628DD9A37731F0C ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Adist.dll
09:57:48.0296 0864  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Adist.dll - ok
09:57:48.0296 0864  [ 4C36A63EECA11A32DD1774503719724B ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\adistres.dll
09:57:48.0296 0864  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\adistres.dll - ok
09:57:48.0312 0864  [ 40B8684493371CC0FB85AD6AD135BE0B ] C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe
09:57:48.0312 0864  C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe - ok
09:57:48.0312 0864  [ 37CF3324F46CEB3A4F2686C617CBB35C ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
09:57:48.0312 0864  C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
09:57:48.0312 0864  [ F81D554FC1510F6CD75E41375FCCCCAF ] C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
09:57:48.0328 0864  C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000004}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe - ok
09:57:48.0328 0864  [ 314C76642049DD4E9B964BC333A620B1 ] C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
09:57:48.0328 0864  C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe - ok
09:57:48.0328 0864  [ B624F0A0473D0C4F284B95D52AC6556E ] C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe
09:57:48.0328 0864  C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe - ok
09:57:48.0343 0864  [ 3E930C641079443D4DE036167A69CAA2 ] C:\Program Files\Messenger\msmsgs.exe
09:57:48.0343 0864  C:\Program Files\Messenger\msmsgs.exe - ok
09:57:48.0343 0864  [ B66621D7360044D3645C0AC059CF60B2 ] C:\Program Files\Movie Maker\moviemk.exe
09:57:48.0343 0864  C:\Program Files\Movie Maker\moviemk.exe - ok
09:57:48.0343 0864  [ CBFD0FB0A9491ED3F1BAB4C64A04D2F1 ] C:\Program Files\Windows Desktop Search\WindowsSearchRes.dll
09:57:48.0343 0864  C:\Program Files\Windows Desktop Search\WindowsSearchRes.dll - ok
09:57:48.0359 0864  [ F95D55859E9ABF442161A738CDACA3B2 ] C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll
09:57:48.0359 0864  C:\PROGRA~1\AVG\AVG2013\avgchjwx.dll - ok
09:57:48.0359 0864  [ D4B13D675DEC600C5A0ED2BB0EB301E6 ] C:\WINDOWS\system32\accwiz.exe
09:57:48.0359 0864  C:\WINDOWS\system32\accwiz.exe - ok
09:57:48.0375 0864  [ 414F57444511B818DB23FA5CF89F3205 ] C:\Program Files\AVG\AVG2013\avgclitx.dll
09:57:48.0375 0864  C:\Program Files\AVG\AVG2013\avgclitx.dll - ok
09:57:48.0375 0864  [ 6D2EDE5CC51FF35004BD07E9EF3E1996 ] C:\PROGRA~1\AVG\AVG2013\avgcclix.dll
09:57:48.0375 0864  C:\PROGRA~1\AVG\AVG2013\avgcclix.dll - ok
09:57:48.0375 0864  [ 53B18D940D7155C49D507F076AF43554 ] C:\Program Files\AVG\AVG2013\avgcsrvx.exe
09:57:48.0375 0864  C:\Program Files\AVG\AVG2013\avgcsrvx.exe - ok
09:57:48.0390 0864  [ D97B5EAE263304486002000F90FA3EA0 ] C:\Program Files\AVG\AVG2013\avgcorex.dll
09:57:48.0390 0864  C:\Program Files\AVG\AVG2013\avgcorex.dll - ok
09:57:48.0390 0864  [ E365153089457720A70B19811D1F3B19 ] C:\Program Files\AVG\AVG2013\avgcertx.dll
09:57:48.0390 0864  C:\Program Files\AVG\AVG2013\avgcertx.dll - ok
09:57:48.0406 0864  [ 2E967B05E5D1EF57632819BDC54F19B1 ] C:\Program Files\AVG\AVG2013\avgchclx.dll
09:57:48.0406 0864  C:\Program Files\AVG\AVG2013\avgchclx.dll - ok
09:57:48.0406 0864  [ EC70AFEE4E70DE5F16933F934E44EF10 ] C:\Program Files\AVG\AVG2013\avgcommx.dll
09:57:48.0406 0864  C:\Program Files\AVG\AVG2013\avgcommx.dll - ok
09:57:48.0421 0864  [ 099D9F937F6EE23672391B3A5BD6D7E5 ] C:\Program Files\AVG\AVG2013\avgntsqlitex.dll
09:57:48.0421 0864  C:\Program Files\AVG\AVG2013\avgntsqlitex.dll - ok
09:57:48.0421 0864  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
09:57:48.0421 0864  C:\WINDOWS\system32\drivers\atapi.sys - ok
09:57:48.0421 0864  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
09:57:48.0421 0864  C:\WINDOWS\system32\drivers\wmilib.sys - ok
09:57:48.0437 0864  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
09:57:48.0437 0864  C:\WINDOWS\system32\drivers\dxapi.sys - ok
09:57:48.0437 0864  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
09:57:48.0437 0864  C:\WINDOWS\system32\watchdog.sys - ok
09:57:48.0437 0864  [ F984CAE54E536681B209F7816D8F68DA ] C:\WINDOWS\system32\win32k.sys
09:57:48.0437 0864  C:\WINDOWS\system32\win32k.sys - ok
09:57:48.0453 0864  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
09:57:48.0453 0864  C:\WINDOWS\system32\csrss.exe - ok
09:57:48.0453 0864  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
09:57:48.0453 0864  C:\WINDOWS\system32\csrsrv.dll - ok
09:57:48.0468 0864  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
09:57:48.0468 0864  C:\WINDOWS\system32\basesrv.dll - ok
09:57:48.0468 0864  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
09:57:48.0468 0864  C:\WINDOWS\system32\gdi32.dll - ok
09:57:48.0484 0864  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
09:57:48.0484 0864  C:\WINDOWS\system32\kernel32.dll - ok
09:57:48.0484 0864  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
09:57:48.0484 0864  C:\WINDOWS\system32\user32.dll - ok
09:57:48.0500 0864  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
09:57:48.0500 0864  C:\WINDOWS\system32\drivers\dxg.sys - ok
09:57:48.0515 0864  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
09:57:48.0515 0864  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
09:57:48.0531 0864  [ B953369C5EF43615F1BFA9CEA69FC9AA ] C:\WINDOWS\system32\drivers\radpms.sys
09:57:48.0531 0864  C:\WINDOWS\system32\drivers\radpms.sys - ok
09:57:48.0531 0864  [ D96C366980F55FD4ECAFB9F068B2E4EF ] C:\WINDOWS\system32\nv4_disp.dll
09:57:48.0531 0864  C:\WINDOWS\system32\nv4_disp.dll - ok
09:57:48.0546 0864  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
09:57:48.0546 0864  C:\WINDOWS\system32\vga.dll - ok
09:57:48.0546 0864  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
09:57:48.0546 0864  C:\WINDOWS\system32\winlogon.exe - ok
09:57:48.0562 0864  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
09:57:48.0562 0864  C:\WINDOWS\system32\advapi32.dll - ok
09:57:48.0562 0864  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
09:57:48.0562 0864  C:\WINDOWS\system32\rpcrt4.dll - ok
09:57:48.0562 0864  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
09:57:48.0562 0864  C:\WINDOWS\system32\secur32.dll - ok
09:57:48.0578 0864  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
09:57:48.0578 0864  C:\WINDOWS\system32\authz.dll - ok
09:57:48.0578 0864  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
09:57:48.0578 0864  C:\WINDOWS\system32\msvcrt.dll - ok
09:57:48.0578 0864  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
09:57:48.0578 0864  C:\WINDOWS\system32\crypt32.dll - ok
09:57:48.0593 0864  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
09:57:48.0593 0864  C:\WINDOWS\system32\msasn1.dll - ok
09:57:48.0593 0864  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
09:57:48.0593 0864  C:\WINDOWS\system32\nddeapi.dll - ok
09:57:48.0593 0864  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
09:57:48.0593 0864  C:\WINDOWS\system32\netapi32.dll - ok
09:57:48.0609 0864  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
09:57:48.0609 0864  C:\WINDOWS\system32\userenv.dll - ok
09:57:48.0609 0864  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
09:57:48.0609 0864  C:\WINDOWS\system32\psapi.dll - ok
09:57:48.0625 0864  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
09:57:48.0625 0864  C:\WINDOWS\system32\setupapi.dll - ok
09:57:48.0640 0864  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
09:57:48.0640 0864  C:\WINDOWS\system32\version.dll - ok
09:57:48.0640 0864  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
09:57:48.0640 0864  C:\WINDOWS\system32\winsta.dll - ok
09:57:48.0640 0864  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
09:57:48.0640 0864  C:\WINDOWS\system32\wintrust.dll - ok
09:57:48.0656 0864  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
09:57:48.0656 0864  C:\WINDOWS\system32\imagehlp.dll - ok
09:57:48.0656 0864  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
09:57:48.0671 0864  C:\WINDOWS\system32\ws2_32.dll - ok
09:57:48.0671 0864  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
09:57:48.0671 0864  C:\WINDOWS\system32\ws2help.dll - ok
09:57:48.0687 0864  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
09:57:48.0687 0864  C:\WINDOWS\system32\imm32.dll - ok
09:57:48.0687 0864  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
09:57:48.0687 0864  C:\WINDOWS\system32\kbdus.dll - ok
09:57:48.0687 0864  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
09:57:48.0703 0864  C:\WINDOWS\system32\msgina.dll - ok
09:57:48.0703 0864  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
09:57:48.0703 0864  C:\WINDOWS\system32\comctl32.dll - ok
09:57:48.0703 0864  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
09:57:48.0703 0864  C:\WINDOWS\system32\odbc32.dll - ok
09:57:48.0718 0864  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
09:57:48.0718 0864  C:\WINDOWS\system32\comdlg32.dll - ok
09:57:48.0718 0864  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
09:57:48.0718 0864  C:\WINDOWS\system32\shell32.dll - ok
09:57:48.0734 0864  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
09:57:48.0734 0864  C:\WINDOWS\system32\shlwapi.dll - ok
09:57:48.0734 0864  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
09:57:48.0734 0864  C:\WINDOWS\system32\sxs.dll - ok
09:57:48.0750 0864  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
09:57:48.0750 0864  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
09:57:48.0750 0864  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
09:57:48.0750 0864  C:\WINDOWS\system32\odbcint.dll - ok
09:57:48.0750 0864  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
09:57:48.0750 0864  C:\WINDOWS\system32\sfc.dll - ok
09:57:48.0765 0864  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
09:57:48.0765 0864  C:\WINDOWS\system32\ole32.dll - ok
09:57:48.0765 0864  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
09:57:48.0765 0864  C:\WINDOWS\system32\sfc_os.dll - ok
09:57:48.0765 0864  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
09:57:48.0765 0864  C:\WINDOWS\system32\apphelp.dll - ok
09:57:48.0781 0864  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
09:57:48.0781 0864  C:\WINDOWS\system32\ncobjapi.dll - ok
09:57:48.0781 0864  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
09:57:48.0781 0864  C:\WINDOWS\system32\lsass.exe - ok
09:57:48.0781 0864  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
09:57:48.0781 0864  C:\WINDOWS\system32\msvcp60.dll - ok
09:57:48.0796 0864  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
09:57:48.0796 0864  C:\WINDOWS\system32\lsasrv.dll - ok
09:57:48.0796 0864  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
09:57:48.0796 0864  C:\WINDOWS\system32\mpr.dll - ok
09:57:48.0796 0864  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
09:57:48.0796 0864  C:\WINDOWS\system32\shimeng.dll - ok
09:57:48.0812 0864  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
09:57:48.0812 0864  C:\WINDOWS\AppPatch\AcAdProc.dll - ok
09:57:48.0812 0864  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
09:57:48.0812 0864  C:\WINDOWS\system32\ntdsapi.dll - ok
09:57:48.0828 0864  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
09:57:48.0828 0864  C:\WINDOWS\system32\dnsapi.dll - ok
09:57:48.0828 0864  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
09:57:48.0828 0864  C:\WINDOWS\system32\wldap32.dll - ok
09:57:48.0828 0864  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
09:57:48.0828 0864  C:\WINDOWS\system32\samlib.dll - ok
09:57:48.0828 0864  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll
09:57:48.0828 0864  C:\WINDOWS\AppPatch\AcGenral.dll - ok
09:57:48.0843 0864  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
09:57:48.0843 0864  C:\WINDOWS\system32\cryptdll.dll - ok
09:57:48.0843 0864  [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
09:57:48.0843 0864  C:\WINDOWS\system32\oleaut32.dll - ok
09:57:48.0859 0864  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
09:57:48.0859 0864  C:\WINDOWS\system32\winmm.dll - ok
09:57:48.0859 0864  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
09:57:48.0859 0864  C:\WINDOWS\system32\msacm32.dll - ok
09:57:48.0859 0864  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
09:57:48.0859 0864  C:\WINDOWS\system32\uxtheme.dll - ok
09:57:48.0875 0864  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
09:57:48.0875 0864  C:\WINDOWS\system32\msapsspc.dll - ok
09:57:48.0875 0864  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
09:57:48.0875 0864  C:\WINDOWS\system32\msvcrt40.dll - ok
09:57:48.0875 0864  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
09:57:48.0875 0864  C:\WINDOWS\system32\schannel.dll - ok
09:57:48.0890 0864  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
09:57:48.0890 0864  C:\WINDOWS\system32\digest.dll - ok
09:57:48.0890 0864  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
09:57:48.0890 0864  C:\WINDOWS\system32\msnsspc.dll - ok
09:57:48.0890 0864  [ 3F790874A85819E94574F3E7AF9C5806 ] C:\WINDOWS\system32\msctfime.ime
09:57:48.0890 0864  C:\WINDOWS\system32\msctfime.ime - ok
09:57:48.0906 0864  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
09:57:48.0906 0864  C:\WINDOWS\system32\msprivs.dll - ok
09:57:48.0906 0864  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
09:57:48.0906 0864  C:\WINDOWS\system32\kerberos.dll - ok
09:57:48.0921 0864  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
09:57:48.0921 0864  C:\WINDOWS\system32\msv1_0.dll - ok
09:57:48.0921 0864  [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
09:57:48.0921 0864  C:\WINDOWS\system32\atmfd.dll - ok
09:57:48.0937 0864  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
09:57:48.0937 0864  C:\WINDOWS\system32\iphlpapi.dll - ok
09:57:48.0937 0864  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
09:57:48.0937 0864  C:\WINDOWS\system32\netlogon.dll - ok
09:57:48.0953 0864  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
09:57:48.0953 0864  C:\WINDOWS\system32\rsaenh.dll - ok
09:57:48.0953 0864  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
09:57:48.0953 0864  C:\WINDOWS\system32\winscard.dll - ok
09:57:48.0968 0864  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
09:57:48.0968 0864  C:\WINDOWS\system32\wtsapi32.dll - ok
09:57:48.0968 0864  [ 4470E3C1E0C3378E4CAB137893C12C3A ] C:\WINDOWS\system32\drivers\mbam.sys
09:57:48.0968 0864  C:\WINDOWS\system32\drivers\mbam.sys - ok
09:57:49.0062 0864  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
09:57:49.0062 0864  C:\WINDOWS\system32\svchost.exe - ok
09:57:49.0062 0864  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
09:57:49.0062 0864  C:\WINDOWS\system32\ntmarta.dll - ok
09:57:49.0078 0864  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
09:57:49.0078 0864  C:\WINDOWS\system32\rpcss.dll - ok
09:57:49.0078 0864  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
09:57:49.0078 0864  C:\WINDOWS\system32\xpsp2res.dll - ok
09:57:49.0078 0864  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
09:57:49.0078 0864  C:\WINDOWS\system32\eventlog.dll - ok
09:57:49.0093 0864  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
09:57:49.0093 0864  C:\WINDOWS\system32\mswsock.dll - ok
09:57:49.0093 0864  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
09:57:49.0093 0864  C:\WINDOWS\system32\hnetcfg.dll - ok
09:57:49.0093 0864  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
09:57:49.0093 0864  C:\WINDOWS\system32\wshtcpip.dll - ok
09:57:49.0109 0864  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
09:57:49.0109 0864  C:\WINDOWS\system32\winrnr.dll - ok
09:57:49.0109 0864  [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
09:57:49.0109 0864  C:\Program Files\Bonjour\mdnsNSP.dll - ok
09:57:49.0125 0864  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
09:57:49.0125 0864  C:\WINDOWS\system32\rasadhlp.dll - ok
09:57:49.0125 0864  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
09:57:49.0125 0864  C:\WINDOWS\system32\cscdll.dll - ok
09:57:49.0125 0864  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
09:57:49.0125 0864  C:\WINDOWS\system32\dimsntfy.dll - ok
09:57:49.0140 0864  [ 425BFC1F36B789599AD0D8A211EB84A8 ] C:\WINDOWS\system32\LMIinit.dll
09:57:49.0140 0864  C:\WINDOWS\system32\LMIinit.dll - ok
09:57:49.0140 0864  [ E0087225B137E57239FF40F8AE82059B ] C:\WINDOWS\system32\drivers\fssfltr_tdi.sys
09:57:49.0140 0864  C:\WINDOWS\system32\drivers\fssfltr_tdi.sys - ok
09:57:49.0140 0864  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
09:57:49.0140 0864  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
09:57:49.0156 0864  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
09:57:49.0156 0864  C:\WINDOWS\system32\winspool.drv - ok
09:57:49.0156 0864  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
09:57:49.0156 0864  C:\WINDOWS\system32\dhcpcsvc.dll - ok
09:57:49.0156 0864  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
09:57:49.0156 0864  C:\WINDOWS\system32\dnsrslvr.dll - ok
09:57:49.0171 0864  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
09:57:49.0171 0864  C:\WINDOWS\system32\clbcatq.dll - ok
09:57:49.0171 0864  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
09:57:49.0171 0864  C:\WINDOWS\system32\comres.dll - ok
09:57:49.0171 0864  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
09:57:49.0171 0864  C:\WINDOWS\system32\lmhsvc.dll - ok
09:57:49.0187 0864  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
09:57:49.0187 0864  C:\WINDOWS\system32\wzcsvc.dll - ok
09:57:49.0187 0864  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
09:57:49.0187 0864  C:\WINDOWS\system32\rtutils.dll - ok
09:57:49.0187 0864  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
09:57:49.0187 0864  C:\WINDOWS\system32\wmi.dll - ok
09:57:49.0203 0864  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
09:57:49.0203 0864  C:\WINDOWS\system32\eapolqec.dll - ok
09:57:49.0203 0864  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
09:57:49.0203 0864  C:\WINDOWS\system32\msxml3.dll - ok
09:57:49.0203 0864  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
09:57:49.0203 0864  C:\WINDOWS\system32\atl.dll - ok
09:57:49.0218 0864  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
09:57:49.0218 0864  C:\WINDOWS\system32\qutil.dll - ok
09:57:49.0218 0864  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
09:57:49.0218 0864  C:\WINDOWS\system32\dot3api.dll - ok
09:57:49.0218 0864  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
09:57:49.0218 0864  C:\WINDOWS\system32\esent.dll - ok
09:57:49.0234 0864  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
09:57:49.0234 0864  C:\WINDOWS\system32\cryptui.dll - ok
09:57:49.0234 0864  [ 9AD88EA663124336E88EB031F917CE20 ] C:\WINDOWS\system32\wininet.dll
09:57:49.0234 0864  C:\WINDOWS\system32\wininet.dll - ok
09:57:49.0250 0864  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
09:57:49.0250 0864  C:\WINDOWS\system32\normaliz.dll - ok
09:57:49.0250 0864  [ BCA608797A3E8EEC0094CD6D596D77D7 ] C:\WINDOWS\system32\urlmon.dll
09:57:49.0250 0864  C:\WINDOWS\system32\urlmon.dll - ok
09:57:49.0250 0864  [ 994B77915EA49A467CDA144806AE42D6 ] C:\WINDOWS\system32\iertutil.dll
09:57:49.0250 0864  C:\WINDOWS\system32\iertutil.dll - ok
09:57:49.0265 0864  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
09:57:49.0265 0864  C:\WINDOWS\system32\mprapi.dll - ok
09:57:49.0265 0864  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
09:57:49.0265 0864  C:\WINDOWS\system32\activeds.dll - ok
09:57:49.0281 0864  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
09:57:49.0281 0864  C:\WINDOWS\system32\adsldpc.dll - ok
09:57:49.0281 0864  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
09:57:49.0281 0864  C:\WINDOWS\system32\rasapi32.dll - ok
09:57:49.0281 0864  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
09:57:49.0281 0864  C:\WINDOWS\system32\rasman.dll - ok
09:57:49.0296 0864  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
09:57:49.0296 0864  C:\WINDOWS\system32\tapi32.dll - ok
09:57:49.0296 0864  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
09:57:49.0296 0864  C:\WINDOWS\system32\riched20.dll - ok
09:57:49.0296 0864  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
09:57:49.0296 0864  C:\WINDOWS\system32\msidle.dll - ok
09:57:49.0312 0864  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
09:57:49.0312 0864  C:\WINDOWS\system32\audiosrv.dll - ok
09:57:49.0312 0864  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
09:57:49.0312 0864  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
09:57:49.0328 0864  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
09:57:49.0328 0864  C:\WINDOWS\system32\webclnt.dll - ok
09:57:49.0343 0864  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
09:57:49.0343 0864  C:\WINDOWS\system32\drivers\parvdm.sys - ok
09:57:49.0343 0864  [ A7E06854EA2A20AEE8EC32BD8C754298 ] C:\WINDOWS\system32\mpnotify.exe
09:57:49.0343 0864  C:\WINDOWS\system32\mpnotify.exe - ok
09:57:49.0359 0864  [ DCF840F5E5169853C0CF7F137258D232 ] C:\WINDOWS\system32\LMIRfsClientNP.dll
09:57:49.0359 0864  C:\WINDOWS\system32\LMIRfsClientNP.dll - ok
09:57:49.0359 0864  [ 4FE5C6D40664AE07BE5105874357D2ED ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:57:49.0359 0864  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
09:57:49.0375 0864  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
09:57:49.0375 0864  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
09:57:49.0375 0864  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
09:57:49.0375 0864  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
09:57:49.0375 0864  [ 6C63DC384A15E2AFD4A860031EF40267 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
09:57:49.0375 0864  C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
09:57:49.0390 0864  [ 6D41F6AA35220E7A54543075B27E8F83 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
09:57:49.0390 0864  C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
09:57:49.0390 0864  [ EF8CD3C64EE9C08980D6D06CCCE46C68 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
09:57:49.0390 0864  C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
09:57:49.0406 0864  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
09:57:49.0406 0864  C:\WINDOWS\system32\wsock32.dll - ok
09:57:49.0406 0864  [ 4EA92135C436D18975C2EBEC242B71DA ] C:\WINDOWS\system32\icmp.dll
09:57:49.0406 0864  C:\WINDOWS\system32\icmp.dll - ok
09:57:49.0406 0864  [ D8D46A439659B8B43A41B266E4646527 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
09:57:49.0406 0864  C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
09:57:49.0421 0864  [ 78865ABC5F5D13190F8B35BD9044714A ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
09:57:49.0421 0864  C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
09:57:49.0421 0864  [ FF9831030678C7B6D70BAC00F68F8976 ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
09:57:49.0421 0864  C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
09:57:49.0421 0864  [ 5A963C340DE1A01BA6E24945CE05D16A ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
09:57:49.0421 0864  C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
09:57:49.0437 0864  [ F4BC62990E7E5C29799A895B80FC3177 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
09:57:49.0437 0864  C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
09:57:49.0437 0864  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
09:57:49.0437 0864  C:\WINDOWS\system32\cscui.dll - ok
09:57:49.0437 0864  [ 149D74E1128A86DC9CFB2851FBEA11EB ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
09:57:49.0437 0864  C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
09:57:49.0453 0864  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
09:57:49.0453 0864  C:\WINDOWS\system32\powrprof.dll - ok
09:57:49.0453 0864  [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
09:57:49.0453 0864  C:\WINDOWS\system32\dpcdll.dll - ok
09:57:49.0468 0864  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
09:57:49.0468 0864  C:\WINDOWS\system32\wdmaud.drv - ok
09:57:49.0468 0864  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
09:57:49.0468 0864  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
09:57:49.0484 0864  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
09:57:49.0484 0864  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
09:57:49.0484 0864  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
09:57:49.0484 0864  C:\WINDOWS\system32\drivers\splitter.sys - ok
09:57:49.0484 0864  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
09:57:49.0484 0864  C:\WINDOWS\system32\drivers\aec.sys - ok
09:57:49.0500 0864  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
09:57:49.0500 0864  C:\WINDOWS\system32\drivers\swmidi.sys - ok
09:57:49.0500 0864  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys
09:57:49.0500 0864  C:\WINDOWS\system32\drivers\DMusic.sys - ok
09:57:49.0515 0864  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
09:57:49.0515 0864  C:\WINDOWS\system32\drivers\kmixer.sys - ok
09:57:49.0531 0864  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
09:57:49.0531 0864  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
09:57:49.0531 0864  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
09:57:49.0531 0864  C:\WINDOWS\system32\msacm32.drv - ok
09:57:49.0546 0864  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
09:57:49.0546 0864  C:\WINDOWS\system32\midimap.dll - ok
09:57:49.0546 0864  [ 8F0DE4FEF8201E306F9938B0905AC96A ] C:\Program Files\Google\Update\GoogleUpdate.exe
09:57:49.0546 0864  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
09:57:49.0562 0864  [ 4C867B62F6100C107A3A8F5E7A10461D ] C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl
09:57:49.0562 0864  C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl - ok
09:57:49.0562 0864  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
09:57:49.0562 0864  C:\WINDOWS\system32\userinit.exe - ok
09:57:49.0578 0864  [ F6FD367C9EAAEDF90CD7A7952AE0B336 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
09:57:49.0578 0864  C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
09:57:49.0578 0864  [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
09:57:49.0578 0864  C:\WINDOWS\system32\shfolder.dll - ok
09:57:49.0578 0864  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
09:57:49.0578 0864  C:\WINDOWS\explorer.exe - ok
09:57:49.0593 0864  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
09:57:49.0593 0864  C:\WINDOWS\system32\oleacc.dll - ok
09:57:49.0593 0864  [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
09:57:49.0593 0864  C:\WINDOWS\system32\browseui.dll - ok
09:57:49.0609 0864  [ 4327CF9A9D0864CA0FFC97FCDA97315A ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
09:57:49.0609 0864  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
09:57:49.0609 0864  [ FF60B8C5BBE73B0790B3332783B6FD81 ] C:\Program Files\Google\Update\1.3.21.153\goopdate.dll
09:57:49.0609 0864  C:\Program Files\Google\Update\1.3.21.153\goopdate.dll - ok
09:57:49.0609 0864  [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\WINDOWS\system32\dnssd.dll
09:57:49.0609 0864  C:\WINDOWS\system32\dnssd.dll - ok
09:57:49.0625 0864  [ 6D3A517FE33AD047578BF73BB447EEAD ] C:\Program Files\AVG\AVG2013\avgfws.exe
09:57:49.0625 0864  C:\Program Files\AVG\AVG2013\avgfws.exe - ok
09:57:49.0625 0864  [ 24665B221424FFD7B71F0D2C398F2F4F ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
09:57:49.0625 0864  C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
09:57:49.0640 0864  [ D9AF104F7E21FA859EFA3C67E5522E88 ] C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl
09:57:49.0640 0864  C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl - ok
09:57:49.0640 0864  [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
09:57:49.0640 0864  C:\WINDOWS\system32\msi.dll - ok
09:57:49.0656 0864  [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
09:57:49.0656 0864  C:\WINDOWS\system32\shdocvw.dll - ok
09:57:49.0671 0864  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
09:57:49.0671 0864  C:\WINDOWS\system32\dbghelp.dll - ok
09:57:49.0671 0864  [ 126B84EAB69BD5116CC5A89C5F9E23FF ] C:\Program Files\AVG\AVG2013\avgfwcfg3dllx.dll
09:57:49.0671 0864  C:\Program Files\AVG\AVG2013\avgfwcfg3dllx.dll - ok
09:57:49.0687 0864  [ 2E14406E05789F91C9282AE7CFCA3A07 ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
09:57:49.0687 0864  C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
09:57:49.0687 0864  [ A7DDDDE163F16AB49DF3DE9EEC715495 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
09:57:49.0687 0864  C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
09:57:49.0687 0864  [ 8726802EA4FBFFA3FD54FD2449BF51D4 ] C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
09:57:49.0687 0864  C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe - ok
09:57:49.0703 0864  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
09:57:49.0703 0864  C:\WINDOWS\system32\mstask.dll - ok
09:57:49.0703 0864  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
09:57:49.0703 0864  C:\WINDOWS\system32\cryptnet.dll - ok
09:57:49.0718 0864  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
09:57:49.0718 0864  C:\WINDOWS\system32\sensapi.dll - ok
09:57:49.0718 0864  [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll
09:57:49.0718 0864  C:\WINDOWS\system32\msvcr100.dll - ok
09:57:49.0734 0864  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
09:57:49.0734 0864  C:\WINDOWS\system32\winhttp.dll - ok
09:57:49.0734 0864  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
09:57:49.0734 0864  C:\WINDOWS\system32\msimg32.dll - ok
09:57:49.0750 0864  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
09:57:49.0750 0864  C:\WINDOWS\system32\oledlg.dll - ok
09:57:49.0750 0864  [ F6A3A0D704D8435B7E0CD6E520F026C9 ] C:\Program Files\Google\Drive\googledrivesync32.dll
09:57:49.0750 0864  C:\Program Files\Google\Drive\googledrivesync32.dll - ok
09:57:49.0750 0864  [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
09:57:49.0750 0864  C:\WINDOWS\system32\LegitCheckControl.dll - ok
09:57:49.0765 0864  [ 50185186719134FA8F307D269106A51C ] C:\Program Files\AVG\AVG2013\avgidsagent.exe
09:57:49.0765 0864  C:\Program Files\AVG\AVG2013\avgidsagent.exe - ok
09:57:49.0765 0864  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
09:57:49.0765 0864  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
09:57:49.0781 0864  [ 8BA9851E671E8B5E49E303748FFD530C ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
09:57:49.0781 0864  C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
09:57:49.0781 0864  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
09:57:49.0781 0864  C:\WINDOWS\system32\netman.dll - ok
09:57:49.0796 0864  [ 73862FF693168369A90F046E7F227B83 ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
09:57:49.0796 0864  C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
09:57:49.0796 0864  [ 25A2EEF8D22E36F3C7B368BCF245BDC3 ] C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
09:57:49.0796 0864  C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl - ok
09:57:49.0796 0864  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
09:57:49.0796 0864  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
09:57:49.0812 0864  [ 110145B6EC64C9800468C18ED81B6FC5 ] C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl
09:57:49.0812 0864  C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl - ok
09:57:49.0828 0864  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
09:57:49.0828 0864  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
09:57:49.0828 0864  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
09:57:49.0828 0864  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
09:57:49.0828 0864  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
09:57:49.0828 0864  C:\WINDOWS\system32\netshell.dll - ok
09:57:49.0843 0864  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
09:57:49.0843 0864  C:\WINDOWS\system32\credui.dll - ok
09:57:49.0843 0864  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
09:57:49.0843 0864  C:\WINDOWS\system32\dot3dlg.dll - ok
09:57:49.0859 0864  [ 30DB64D316F502558DB2380F7343C9FD ] C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
09:57:49.0859 0864  C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - ok
09:57:49.0859 0864  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
09:57:49.0859 0864  C:\WINDOWS\system32\onex.dll - ok
09:57:49.0859 0864  [ 776405A9F755BA8BA5CA9039F0D18067 ] C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl
09:57:49.0859 0864  C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl - ok
09:57:49.0875 0864  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
09:57:49.0875 0864  C:\WINDOWS\system32\eappcfg.dll - ok
09:57:49.0875 0864  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
09:57:49.0875 0864  C:\WINDOWS\system32\eappprxy.dll - ok
09:57:49.0890 0864  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
09:57:49.0890 0864  C:\WINDOWS\system32\wzcsapi.dll - ok
09:57:49.0890 0864  [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll
09:57:49.0890 0864  C:\WINDOWS\system32\msvcp100.dll - ok
09:57:49.0906 0864  [ 207204AF80505AF51271FE164B56F662 ] C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
09:57:49.0906 0864  C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll - ok
09:57:49.0906 0864  [ 5BDB1E096DEA119A4D205ACB6E958175 ] C:\Program Files\AVG\AVG2013\avgopensslx.dll
09:57:49.0906 0864  C:\Program Files\AVG\AVG2013\avgopensslx.dll - ok
09:57:49.0921 0864  [ 3A0977CB68AF13E2579E47EB8984056B ] C:\Program Files\AVG\AVG2013\avgwdsvc.exe
09:57:49.0921 0864  C:\Program Files\AVG\AVG2013\avgwdsvc.exe - ok
09:57:49.0921 0864  [ 71EA9078F6E1246B0BBD746C2999723F ] C:\Program Files\AVG\AVG2013\avgcfgx.dll
09:57:49.0921 0864  C:\Program Files\AVG\AVG2013\avgcfgx.dll - ok
09:57:49.0937 0864  [ 30EFEBDC960A482E3E188B9960B286E2 ] C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
09:57:49.0937 0864  C:\Program Files\Microsoft Office\Office12\GrooveNew.dll - ok
09:57:49.0937 0864  [ D5E459BED3DB9CF7FC6CC1455F177D2D ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll
09:57:49.0937 0864  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.dll - ok
09:57:49.0953 0864  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
09:57:49.0953 0864  C:\Program Files\Bonjour\mDNSResponder.exe - ok
09:57:49.0953 0864  [ 75B5CCDAD97A2A6D245ACA1ACB415DA5 ] C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
09:57:49.0953 0864  C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl - ok
09:57:49.0953 0864  [ 816D64F554FBD234DD2C77F4E08C7D5C ] C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
09:57:49.0953 0864  C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl - ok
09:57:49.0968 0864  [ 5422CB64444C33F029483552A8FACE37 ] C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl
09:57:49.0968 0864  C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl - ok
09:57:49.0968 0864  [ 4AA01BD5CC7DA9888AF33C5FAB5BF1DD ] C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl
09:57:49.0968 0864  C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl - ok
09:57:49.0968 0864  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
09:57:49.0968 0864  C:\WINDOWS\system32\cabinet.dll - ok
09:57:49.0984 0864  [ 1FF6400CE6C54790B17E20C0B456799F ] C:\Program Files\AVG\AVG2013\avgwd.dll
09:57:49.0984 0864  C:\Program Files\AVG\AVG2013\avgwd.dll - ok
09:57:49.0984 0864  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:57:49.0984 0864  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
09:57:49.0984 0864  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
09:57:49.0984 0864  C:\WINDOWS\system32\desk.cpl - ok
09:57:50.0000 0864  [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
09:57:50.0000 0864  C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
09:57:50.0000 0864  [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
09:57:50.0000 0864  C:\WINDOWS\system32\mscoree.dll - ok
09:57:50.0015 0864  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
09:57:50.0015 0864  C:\WINDOWS\system32\certcli.dll - ok
09:57:50.0015 0864  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
09:57:50.0015 0864  C:\WINDOWS\system32\cryptsvc.dll - ok
09:57:50.0015 0864  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
09:57:50.0015 0864  C:\WINDOWS\system32\actxprxy.dll - ok
09:57:50.0031 0864  [ 9513B437B7ADB1E6065B7F0D83D11ECF ] C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
09:57:50.0031 0864  C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe - ok
09:57:50.0031 0864  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
09:57:50.0031 0864  C:\WINDOWS\system32\dmserver.dll - ok
09:57:50.0046 0864  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
09:57:50.0046 0864  C:\WINDOWS\system32\ersvc.dll - ok
09:57:50.0046 0864  [ 67DABFB8EB4AFA87C558504D5FCD43C8 ] C:\Program Files\AVG\AVG2013\avgsecapix.dll
09:57:50.0046 0864  C:\Program Files\AVG\AVG2013\avgsecapix.dll - ok
09:57:50.0046 0864  [ BA7A14CE488EC33BC3CF19AA1574D1EE ] C:\Program Files\Seagate\SeagateManager\Sync\STXDEVIF.dll
09:57:50.0046 0864  C:\Program Files\Seagate\SeagateManager\Sync\STXDEVIF.dll - ok
09:57:50.0062 0864  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
09:57:50.0062 0864  C:\WINDOWS\system32\es.dll - ok
09:57:50.0062 0864  [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
09:57:50.0062 0864  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll - ok
09:57:50.0062 0864  [ D8C2B95BC2353E1F18850D6B8F5DBA13 ] C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
09:57:50.0062 0864  C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll - ok
09:57:50.0078 0864  [ 994AD0D8550B8B26990A6E3AA0791502 ] C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
09:57:50.0078 0864  C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll - ok
09:57:50.0078 0864  [ 28A09777D2D952122567A8A82F1A2C7B ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
09:57:50.0078 0864  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll - ok
09:57:50.0078 0864  [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
09:57:50.0078 0864  C:\WINDOWS\system32\olepro32.dll - ok
09:57:50.0093 0864  [ 277C753EEB845D8556809079155F8CF9 ] C:\Program Files\Seagate\SeagateManager\Encryption\SFECopier.dll
09:57:50.0093 0864  C:\Program Files\Seagate\SeagateManager\Encryption\SFECopier.dll - ok
09:57:50.0093 0864  [ 06E9F58208A5CC2A2F7231E0BD8AF6E2 ] C:\Program Files\Seagate\SeagateManager\Encryption\SFEConfiguration.dll
09:57:50.0093 0864  C:\Program Files\Seagate\SeagateManager\Encryption\SFEConfiguration.dll - ok
09:57:50.0125 0864  [ 77EB21801462857CFD843DFFDDA9895E ] C:\Program Files\Seagate\SeagateManager\Encryption\SFECrypto.dll
09:57:50.0125 0864  C:\Program Files\Seagate\SeagateManager\Encryption\SFECrypto.dll - ok
09:57:50.0125 0864  [ A145B4126F6BBB25A34BBBA9DC90DA4A ] C:\Program Files\Seagate\SeagateManager\Encryption\SFEPassword.dll
09:57:50.0125 0864  C:\Program Files\Seagate\SeagateManager\Encryption\SFEPassword.dll - ok
09:57:50.0125 0864  [ 2A554B759EC7FA76B72D38CBC549DEF2 ] C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe
09:57:50.0125 0864  C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe - ok
09:57:50.0140 0864  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
09:57:50.0140 0864  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
09:57:50.0140 0864  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
09:57:50.0140 0864  C:\WINDOWS\system32\hidserv.dll - ok
09:57:50.0140 0864  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
09:57:50.0140 0864  C:\WINDOWS\system32\hid.dll - ok
09:57:50.0156 0864  [ 4F4D4AA1E0849FECC0CF5AACD59030B5 ] C:\Program Files\Java\jre7\bin\jqs.exe
09:57:50.0156 0864  C:\Program Files\Java\jre7\bin\jqs.exe - ok
09:57:50.0156 0864  [ 903C8C110131B8A71501514B61A17761 ] C:\WINDOWS\system32\ieframe.dll
09:57:50.0156 0864  C:\WINDOWS\system32\ieframe.dll - ok
09:57:50.0156 0864  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
09:57:50.0156 0864  C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
09:57:50.0171 0864  [ A7E408134B47266E64F83C4DBA1EEA6C ] C:\Program Files\Seagate\SeagateManager\Sync\synconf.dll
09:57:50.0171 0864  C:\Program Files\Seagate\SeagateManager\Sync\synconf.dll - ok
09:57:50.0171 0864  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
09:57:50.0171 0864  C:\WINDOWS\system32\pdh.dll - ok
09:57:50.0171 0864  [ F65BEBE969C232F60C7A13B0F00FB52C ] C:\Program Files\AVG\AVG2013\avgwdwsc.dll
09:57:50.0171 0864  C:\Program Files\AVG\AVG2013\avgwdwsc.dll - ok
09:57:50.0203 0864  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
09:57:50.0203 0864  C:\WINDOWS\system32\spoolss.dll - ok
09:57:50.0203 0864  [ E9501E93FC7A3E6FADB55A09227DF590 ] C:\Program Files\AVG\AVG2013\avgnsx.exe
09:57:50.0203 0864  C:\Program Files\AVG\AVG2013\avgnsx.exe - ok
09:57:50.0218 0864  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
09:57:50.0218 0864  C:\WINDOWS\system32\odbcbcp.dll - ok
09:57:50.0234 0864  [ EC45360EF69F034D2D6F52AFE88EA88D ] C:\Program Files\AVG\AVG2013\avgemcx.exe
09:57:50.0234 0864  C:\Program Files\AVG\AVG2013\avgemcx.exe - ok
09:57:50.0234 0864  [ 6A0A8D20469EFD39A4A3463A88811A57 ] C:\Program Files\AVG\AVG2013\avgsched.dll
09:57:50.0234 0864  C:\Program Files\AVG\AVG2013\avgsched.dll - ok
09:57:50.0250 0864  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
09:57:50.0250 0864  C:\WINDOWS\system32\srvsvc.dll - ok
09:57:50.0250 0864  [ DABCB3AD9B60BFDA876CB4F6081E822F ] C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
09:57:50.0250 0864  C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe - ok
09:57:50.0265 0864  [ 0C9874161C59675B493B1CFBBDB13E06 ] C:\Program Files\AVG\AVG2013\avgxpl.dll
09:57:50.0265 0864  C:\Program Files\AVG\AVG2013\avgxpl.dll - ok
09:57:50.0281 0864  [ 0756EE69E0B87190253CC54A20F89CD8 ] C:\Program Files\Seagate\SeagateManager\Backup\STXDEVIF.dll
09:57:50.0281 0864  C:\Program Files\Seagate\SeagateManager\Backup\STXDEVIF.dll - ok
09:57:50.0281 0864  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
09:57:50.0281 0864  C:\WINDOWS\system32\netmsg.dll - ok
09:57:50.0296 0864  [ B974CB81A62C68F33A0B0F38603153A6 ] C:\Program Files\LogMeIn\x86\LMIGuardianDll.dll
09:57:50.0296 0864  C:\Program Files\LogMeIn\x86\LMIGuardianDll.dll - ok
09:57:50.0296 0864  [ F01DD7190E67A45BD1D5FA4A12A78AA7 ] C:\Program Files\AVG\AVG2013\avgkrnlapix.dll
09:57:50.0296 0864  C:\Program Files\AVG\AVG2013\avgkrnlapix.dll - ok
09:57:50.0312 0864  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
09:57:50.0312 0864  C:\WINDOWS\system32\drivers\srv.sys - ok
09:57:50.0312 0864  [ A6639BC625634614DC30392BD81C4001 ] C:\Program Files\AVG\AVG2013\avgidpsdkx.dll
09:57:50.0312 0864  C:\Program Files\AVG\AVG2013\avgidpsdkx.dll - ok
09:57:50.0328 0864  [ 26E3BEC8F2F0CFAF9FFE4C7AEF1BC049 ] C:\Program Files\LogMeIn\x86\rainfo.sys
09:57:50.0328 0864  C:\Program Files\LogMeIn\x86\rainfo.sys - ok
09:57:50.0328 0864  [ AB73A7C8594ABE0A7418626F0E742F40 ] C:\Program Files\LogMeIn\x86\ramaint.exe
09:57:50.0328 0864  C:\Program Files\LogMeIn\x86\ramaint.exe - ok
09:57:50.0328 0864  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
09:57:50.0328 0864  C:\WINDOWS\system32\inetpp.dll - ok
09:57:50.0359 0864  [ B8AE25C09B8C26FF72820430294E4EF6 ] C:\WINDOWS\system32\rassapi.dll
09:57:50.0359 0864  C:\WINDOWS\system32\rassapi.dll - ok
09:57:50.0359 0864  [ 3FAA563DDF853320F90259D455A01D79 ] C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
09:57:50.0359 0864  C:\WINDOWS\system32\drivers\LMIRfsDriver.sys - ok
09:57:50.0359 0864  [ 432618FA75B61059D2C57D6A7E55147A ] C:\Program Files\LogMeIn\x86\LogMeIn.exe
09:57:50.0359 0864  C:\Program Files\LogMeIn\x86\LogMeIn.exe - ok
09:57:50.0359 0864  [ 9D887607E84B227487D5F48BBC91A8AB ] C:\Program Files\LogMeIn\x86\LogMeIn.dll
09:57:50.0359 0864  C:\Program Files\LogMeIn\x86\LogMeIn.dll - ok
09:57:50.0375 0864  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
09:57:50.0375 0864  C:\WINDOWS\system32\perfos.dll - ok
09:57:50.0375 0864  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
09:57:50.0375 0864  C:\WINDOWS\system32\perfdisk.dll - ok
09:57:50.0375 0864  [ 77A54BDFBAD4604E6131AE68E3CF76D6 ] C:\WINDOWS\system32\srclient.dll
09:57:50.0375 0864  C:\WINDOWS\system32\srclient.dll - ok
09:57:50.0390 0864  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
09:57:50.0390 0864  C:\WINDOWS\system32\wbem\framedyn.dll - ok
09:57:50.0390 0864  [ D21AB32F16E8DE67D45E5A383B5E52BA ] C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll
09:57:50.0390 0864  C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll - ok
09:57:50.0406 0864  [ B009D6171147BE129636A49C4178E487 ] C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll
09:57:50.0406 0864  C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll - ok
09:57:50.0421 0864  [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx
09:57:50.0421 0864  C:\WINDOWS\system32\hhctrl.ocx - ok
09:57:50.0421 0864  [ 65085456FD9A74D7F1A999520C299ECB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:57:50.0421 0864  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
09:57:50.0437 0864  [ EF39CCCC9AD927A25334AE0B41A8A343 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
09:57:50.0437 0864  C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
09:57:50.0437 0864  [ 9275F02BEA644F43A459E316A932658F ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
09:57:50.0437 0864  C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
09:57:50.0453 0864  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:57:50.0453 0864  C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
09:57:50.0453 0864  [ 80D8679BF84A9383BFF33E07D5D9FC35 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
09:57:50.0453 0864  C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
09:57:50.0453 0864  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
09:57:50.0453 0864  C:\WINDOWS\system32\security.dll - ok
09:57:50.0468 0864  [ 7CF1B716372B89568AE4C0FE769F5869 ] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
09:57:50.0468 0864  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe - ok
09:57:50.0468 0864  [ D1D5DAB39DCB4BE0359943738D87409B ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
09:57:50.0468 0864  C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
09:57:50.0468 0864  [ 647C11534C7AF0C5FF599D930476511F ] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\csm.dll
09:57:50.0468 0864  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\csm.dll - ok
09:57:50.0484 0864  [ 94A0142B6AE74333BCCF6502D567CBB6 ] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
09:57:50.0484 0864  C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll - ok
09:57:50.0484 0864  [ 2969D26EEE289BE7422AA46FC55F4E38 ] C:\WINDOWS\system32\HPZinw12.dll
09:57:50.0484 0864  C:\WINDOWS\system32\HPZinw12.dll - ok
09:57:50.0484 0864  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
09:57:50.0484 0864  C:\WINDOWS\system32\wuapi.dll - ok
09:57:50.0500 0864  [ 0C41C4ACFE00D826DB479C40C1D9EDC8 ] C:\WINDOWS\system32\nvsvc32.exe
09:57:50.0500 0864  C:\WINDOWS\system32\nvsvc32.exe - ok
09:57:50.0500 0864  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
09:57:50.0500 0864  C:\WINDOWS\system32\wups.dll - ok
09:57:50.0500 0864  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\michael\LOCALS~1\temp\BE30B204-EFFF-4BCD-8735-1C4DC2DE5DCF.exe
09:57:50.0500 0864  C:\DOCUME~1\michael\LOCALS~1\temp\BE30B204-EFFF-4BCD-8735-1C4DC2DE5DCF.exe - ok
09:57:50.0515 0864  [ BAFC9706BDF425A02B66468AB2605C59 ] C:\WINDOWS\system32\HPZipm12.dll
09:57:50.0515 0864  C:\WINDOWS\system32\HPZipm12.dll - ok
09:57:50.0515 0864  [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
09:57:50.0515 0864  C:\WINDOWS\system32\regsvc.dll - ok
09:57:50.0531 0864  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
09:57:50.0531 0864  C:\WINDOWS\system32\ipsecsvc.dll - ok
09:57:50.0531 0864  [ 495C85B15470374A9499451893742EE6 ] C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
09:57:50.0531 0864  C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe - ok
09:57:50.0531 0864  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
09:57:50.0531 0864  C:\WINDOWS\system32\dsound.dll - ok
09:57:50.0546 0864  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
09:57:50.0546 0864  C:\WINDOWS\system32\oakley.dll - ok
09:57:50.0546 0864  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
09:57:50.0546 0864  C:\WINDOWS\system32\winipsec.dll - ok
09:57:50.0546 0864  [ 95AA9E165C7DE1B64A11E8B18E91E499 ] C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
09:57:50.0546 0864  C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe - ok
09:57:50.0562 0864  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
09:57:50.0562 0864  C:\WINDOWS\system32\linkinfo.dll - ok
09:57:50.0562 0864  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
09:57:50.0562 0864  C:\WINDOWS\system32\pstorsvc.dll - ok
09:57:50.0562 0864  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
09:57:50.0562 0864  C:\WINDOWS\system32\ntshrui.dll - ok
09:57:50.0578 0864  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
09:57:50.0578 0864  C:\WINDOWS\system32\psbase.dll - ok
09:57:50.0578 0864  [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
09:57:50.0578 0864  C:\WINDOWS\system32\rundll32.exe - ok
09:57:50.0578 0864  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
09:57:50.0578 0864  C:\WINDOWS\system32\dssenh.dll - ok
09:57:50.0593 0864  [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9 ] C:\WINDOWS\system32\ksuser.dll
09:57:50.0593 0864  C:\WINDOWS\system32\ksuser.dll - ok
09:57:50.0593 0864  [ 63E8D944AFBEEBB243F25C4ED07E74C5 ] C:\WINDOWS\system32\inetmib1.dll
09:57:50.0593 0864  C:\WINDOWS\system32\inetmib1.dll - ok
09:57:50.0609 0864  [ 14361FB2FD630988816A4F46AEAF0684 ] C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
09:57:50.0609 0864  C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll - ok
09:57:50.0609 0864  [ 9B375BB63F99B113C065A5DB4E632E23 ] C:\Program Files\Spybot - Search & Destroy 2\av\scan.dll
09:57:50.0609 0864  C:\Program Files\Spybot - Search & Destroy 2\av\scan.dll - ok
09:57:50.0625 0864  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\22166064.sys
09:57:50.0625 0864  C:\WINDOWS\system32\drivers\22166064.sys - ok
09:57:50.0625 0864  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
09:57:50.0625 0864  C:\WINDOWS\system32\verclsid.exe - ok
09:57:50.0625 0864  [ AC15528C51E5FE76B1B1C365EF82B86E ] C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll
09:57:50.0625 0864  C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll - ok
09:57:50.0640 0864  [ 58ADA3BEEFE33FB8E4875A7848B1FAE4 ] C:\WINDOWS\SOUNDMAN.EXE
09:57:50.0640 0864  C:\WINDOWS\SOUNDMAN.EXE - ok
09:57:50.0640 0864  [ 6BD3E11E7B82E0964D51975371D7F2E0 ] C:\Program Files\Spybot - Search & Destroy 2\SDLists.dll
09:57:50.0640 0864  C:\Program Files\Spybot - Search & Destroy 2\SDLists.dll - ok
09:57:50.0656 0864  [ 234051C0D242A6F4A79AE5212C1323D4 ] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
09:57:50.0656 0864  C:\Program Files\LogMeIn\x86\LogMeInSystray.exe - ok
09:57:50.0656 0864  [ E3DAA96B4A871FED7AF16C74450BB4F4 ] C:\Program Files\LogMeIn\x86\LogMeInSystray.dll
09:57:50.0656 0864  C:\Program Files\LogMeIn\x86\LogMeInSystray.dll - ok
09:57:50.0671 0864  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
09:57:50.0671 0864  C:\WINDOWS\system32\mlang.dll - ok
09:57:50.0671 0864  [ 9227E3164F36F570F0561F1BECD20DA4 ] C:\Program Files\LogMeIn\x86\rntfywnd.dll
09:57:50.0671 0864  C:\Program Files\LogMeIn\x86\rntfywnd.dll - ok
09:57:50.0687 0864  [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
09:57:50.0687 0864  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
09:57:50.0687 0864  [ 6AE8E702D1027A9627DDE2B77BB9992B ] C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
09:57:50.0687 0864  C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe - ok
09:57:50.0703 0864  [ 0E34B7BB1FCF22BCC1E394D16F9E992B ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
09:57:50.0703 0864  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - ok
09:57:50.0703 0864  [ 645D967442104ED56C46FD44593D3B04 ] C:\Program Files\FileZilla FTP Client\fzshellext.dll
09:57:50.0703 0864  C:\Program Files\FileZilla FTP Client\fzshellext.dll - ok
09:57:50.0718 0864  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
09:57:50.0718 0864  C:\WINDOWS\system32\mydocs.dll - ok
09:57:50.0718 0864  [ E4574405ACBB2BEDF9E6B1B99896540E ] C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll
09:57:50.0718 0864  C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll - ok
09:57:50.0734 0864  [ AEB3E8A6308604C3490A36D06D6685DC ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
09:57:50.0734 0864  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe - ok
09:57:50.0734 0864  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
09:57:50.0734 0864  C:\WINDOWS\system32\seclogon.dll - ok
09:57:50.0750 0864  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
09:57:50.0750 0864  C:\WINDOWS\system32\sens.dll - ok
09:57:50.0750 0864  [ B41D1BDB8673873AB25B7540E9B433F1 ] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
09:57:50.0750 0864  C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe - ok
09:57:50.0765 0864  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
09:57:50.0765 0864  C:\WINDOWS\system32\termsrv.dll - ok
09:57:50.0765 0864  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
09:57:50.0765 0864  C:\WINDOWS\system32\wiaservc.dll - ok
09:57:50.0781 0864  [ 61E4289E91E88C90478D7F4BEB10DCF7 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
09:57:50.0781 0864  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
09:57:50.0781 0864  [ D31398D4BB4907B517B6E784C2100C4A ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
09:57:50.0781 0864  C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe - ok
09:57:50.0796 0864  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
09:57:50.0796 0864  C:\WINDOWS\system32\ipnathlp.dll - ok
09:57:50.0796 0864  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
09:57:50.0796 0864  C:\WINDOWS\system32\cfgmgr32.dll - ok
09:57:50.0812 0864  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
09:57:50.0812 0864  C:\WINDOWS\system32\icaapi.dll - ok
09:57:50.0812 0864  [ 6951736D01DB9FB6316277B801208B9B ] C:\Program Files\Spybot - Search & Destroy 2\SDAV.dll
09:57:50.0812 0864  C:\Program Files\Spybot - Search & Destroy 2\SDAV.dll - ok
09:57:50.0828 0864  [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
09:57:50.0828 0864  C:\WINDOWS\system32\mscms.dll - ok
09:57:50.0828 0864  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:57:50.0828 0864  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
09:57:50.0843 0864  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
09:57:50.0843 0864  C:\WINDOWS\system32\mstlsapi.dll - ok
09:57:50.0843 0864  [ 25D23E5A5A627CC718E478B66AD8AFF7 ] C:\Program Files\Spybot - Search & Destroy 2\av\bdquar.dll
09:57:50.0843 0864  C:\Program Files\Spybot - Search & Destroy 2\av\bdquar.dll - ok
09:57:50.0843 0864  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
09:57:50.0843 0864  C:\WINDOWS\system32\srsvc.dll - ok
09:57:50.0859 0864  [ 13820B972D74B3DE4F6552A57AC799A7 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
09:57:50.0859 0864  C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
09:57:50.0859 0864  [ C653D7F4BDC08A06A187BF48050FE23C ] C:\Program Files\iTunes\iTunesHelper.dll
09:57:50.0859 0864  C:\Program Files\iTunes\iTunesHelper.dll - ok
09:57:50.0875 0864  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
09:57:50.0875 0864  C:\WINDOWS\system32\trkwks.dll - ok
09:57:50.0875 0864  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
09:57:50.0875 0864  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
09:57:50.0875 0864  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
09:57:50.0875 0864  C:\WINDOWS\system32\vssapi.dll - ok
09:57:50.0890 0864  [ B608BA52FA1FD29BF81B718818246B4D ] C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
09:57:50.0890 0864  C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll - ok
09:57:50.0890 0864  ============================================================
09:57:50.0890 0864  Scan finished
09:57:50.0890 0864  ============================================================
09:57:50.0906 0748  Detected object count: 0
09:57:50.0906 0748  Actual detected object count: 0
09:58:16.0696 3028  Deinitialize success


#10 c0stabear

c0stabear
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 18 July 2013 - 10:17 AM

Neither one was called RKReport[2], so I included both that it created:

 

 

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : michael [Admin rights]
Mode : Remove -- Date : 07/18/2013 11:13:58
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST3500320AS +++++
--- User ---
[MBR] 5718beb869f80395d4388e04af8f8050
[BSP] f139f79aa34369e270ecd3be4640dded : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: ST3500320AS +++++
--- User ---
[MBR] f16a475b7811ecbe988b24811a29b133
[BSP] c4fa5ab29684938e7e225f1d7a372e80 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 610477 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_07182013_111358.txt >>
RKreport[0]_S_07182013_100432.txt
 
 
 

--------------------

 

And the other one

 

-------------------

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : michael [Admin rights]
Mode : Scan -- Date : 07/18/2013 10:04:32
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST3500320AS +++++
--- User ---
[MBR] 5718beb869f80395d4388e04af8f8050
[BSP] f139f79aa34369e270ecd3be4640dded : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: ST3500320AS +++++
--- User ---
[MBR] f16a475b7811ecbe988b24811a29b133
[BSP] c4fa5ab29684938e7e225f1d7a372e80 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 610477 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_07182013_100432.txt >>


#11 c0stabear

c0stabear
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 18 July 2013 - 10:24 AM

Now, I'm having trouble browsing the internet, and it seems very inconsistent. 

 

For example, I can connect to every site thats in my bookmarks, but if I try to type in a website, like www.google.com, it won't load and I'll get this message:

 

Oops! Google Chrome could not find www.google.com

Try reloading: www.­google.­com

Additional suggestions:
  • Access a cached copy of www.­google.­com
  • Search on Google:

 

 

I've tried the same thing on IE and Firefox as well (I use Chrome) and I get similar error messages.



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 PM

Posted 18 July 2013 - 08:41 PM



Hello c0stabear

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 c0stabear

c0stabear
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 19 July 2013 - 10:36 AM

OTL logfile created on: 7/19/2013 11:19:23 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\michael\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.60% Memory free
3.35 Gb Paging File | 2.53 Gb Available in Paging File | 75.58% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 307.03 Gb Free Space | 65.92% Space Free | Partition Type: NTFS
Drive H: | 596.17 Gb Total Space | 592.70 Gb Free Space | 99.42% Space Free | Partition Type: NTFS
 
Computer Name: SHUTTLEX | User Name: michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\michael\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe ()
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\michael\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll ()
MOD - C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.626.1614.1_0\plugin\ace.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (WMDM PMSP Service) -- C:\WINDOWS\system32\MsPMSPSv.exe File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (vToolbarUpdater15.3.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (RoxWatch12) -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe (Sonic Solutions)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\michael\LOCALS~1\Temp\catchme.sys File not found
DRV - (Avgtdix) -- system32\DRIVERS\avgtdix.sys File not found
DRV - (Avgrkx86) -- system32\DRIVERS\avgrkx86.sys File not found
DRV - (AVGIDSShim) -- system32\DRIVERS\avgidsshimx.sys File not found
DRV - (AVGIDSHX) -- system32\DRIVERS\avgidshx.sys File not found
DRV - (AVGIDSDriver) -- system32\DRIVERS\avgidsdriverx.sys File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (radpms) -- C:\WINDOWS\system32\drivers\radpms.sys (LogMeIn, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (ACPI) -- C:\WINDOWS\system32\drivers\acpi.sys ()
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 34 B1 A5 7A 7D CE 01  [binary data]
IE - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3038BA3E-B152-40D5-A21B-189BF76EE63C}&mid=a74b4f671a1247d69149d1795d52b1a1-3ce1356ddf555949662c000255c0ff19f6935645&lang=en&ds=AVG&pr=fr&d=2013-07-18 16:58:34&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com/?rlz=1V1IPYX"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\michael\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\michael\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\michael\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\michael\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\michael\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/12 10:58:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/07/08 15:23:28 | 000,000,000 | ---D | M]
 
[2012/01/11 16:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\michael\Application Data\Mozilla\Extensions
[2013/07/09 12:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\michael\Application Data\Mozilla\Firefox\Profiles\lygyhyg9.default\extensions
[2013/06/12 10:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/12 10:58:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/18 16:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/07/18 16:09:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\michael\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\michael\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Documents and Settings\michael\Application Data\Mozilla\plugins\npo1d.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\michael\Local Settings\Application Data\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: Entanglement = C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube = C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.0_0\
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google Search = C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Poppit = C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Turntable.fm Extended = C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnciafhfaahhafklckmcabbncbgcjpeg\0.7.3.2_0\
CHR - Extension: Hangouts = C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.626.1614.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/07/17 16:31:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CANON DR2080C SVC] C:\WINDOWS\System32\DR2KSVC.dll (Canon Electronics)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669..\Run: [5962B0CAABA8A8853D4EDBF6F372A8C0DBB11ABE._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669..\Run: [GoogleChromeAutoLaunch_6F1C289E80CD46A0554EB01A2431B813] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669..\Run: [LaserAppUpdate] C:\Program Files\Laser App Enterprise\uformagent.exe (Laser App Software Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\administrator.AIG\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\agent\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\barbara\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\Frank\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
O4 - Startup: C:\Documents and Settings\kristin.cardenal\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk = C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230328998203 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351537677544 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab (WebSlingPlayer)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.9 192.168.1.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AIG.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B27E40-FA99-4A27-AF76-357CA228AF7B}: DhcpNameServer = 192.168.1.9 192.168.1.7
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/26 15:03:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/18 16:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Local Settings\Application Data\AVG Secure Search
[2013/07/18 16:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Application Data\AVG Secure Search
[2013/07/18 16:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/07/18 16:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2013/07/18 16:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2013/07/18 16:57:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/07/18 13:26:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/18 03:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Local Settings\Application Data\PackageAware
[2013/07/15 16:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Start Menu\Programs\ING Presents 2
[2013/07/10 16:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Desktop\RK_Quarantine
[2013/07/10 16:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/07/10 12:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safer Networking
[2013/07/10 12:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2013/07/09 10:40:20 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe
[2013/07/09 10:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2013/07/09 10:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WRData
[2013/07/09 10:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/07/08 16:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Application Data\AVG2013
[2013/07/08 16:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Local Settings\Application Data\AVG SafeGuard toolbar
[2013/07/08 16:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/07/08 16:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Application Data\TuneUp Software
[2013/07/08 16:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Application Data\AVG SafeGuard toolbar
[2013/07/08 16:26:16 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/07/08 16:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/07/08 16:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/07/08 16:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/07/08 16:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Local Settings\Application Data\MFAData
[2013/07/08 16:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Local Settings\Application Data\Avg2013
[2013/07/08 15:22:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/07/08 15:21:56 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/08 10:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Talk
[2013/07/03 13:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/07/03 13:59:09 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013/07/03 13:58:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/07/03 09:48:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/03 09:48:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/03 09:48:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/03 09:48:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/03 09:46:05 | 005,090,253 | R--- | C] (Swearware) -- C:\Documents and Settings\michael\Desktop\ComboFix.exe
[2013/07/02 14:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\c
[2013/07/01 16:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Local Settings\Application Data\PCHealth
[2013/07/01 15:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/07/01 15:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/07/01 15:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\641D490098B794DD0000641CE4EE9FC9
[2013/07/01 15:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\michael\Local Settings\Application Data\Caphyon
[2013/07/01 14:45:42 | 004,815,135 | ---- | C] (FileZilla Project) -- C:\Documents and Settings\michael\My Documents\FileZilla_3.7.1_win32-setup.exe
[2013/06/20 22:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/06/20 22:27:28 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/06/20 22:27:23 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/06/20 22:27:23 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/06/20 22:27:23 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/06/20 22:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/06/20 22:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/20 22:19:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/06/20 22:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/20 22:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/06/20 22:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/08/07 16:42:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\michael\Application Data\pcouffin.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/19 10:56:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4135196456-2245981685-3958195158-1115UA.job
[2013/07/19 10:42:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/19 10:32:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/19 10:31:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4135196456-2245981685-3958195158-1669UA.job
[2013/07/19 05:49:08 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2042E1E7-149E-4183-BAC1-E1C9954A48B2}.job
[2013/07/19 03:00:02 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\Laser App Enterprise Updates.job
[2013/07/18 21:42:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/18 17:31:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4135196456-2245981685-3958195158-1669Core.job
[2013/07/18 16:58:08 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/07/18 15:54:16 | 000,188,927 | ---- | M] () -- C:\Documents and Settings\michael\My Documents\FXJ-.pdf
[2013/07/18 13:56:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4135196456-2245981685-3958195158-1115Core.job
[2013/07/18 12:57:15 | 000,001,024 | ---- | M] () -- C:\alphanb.IDX
[2013/07/18 12:56:13 | 000,019,320 | ---- | M] () -- C:\WINDOWS\SetScan.ini
[2013/07/18 09:58:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/18 09:57:29 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/07/18 09:57:11 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/07/18 09:56:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/17 16:31:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/07/17 16:13:36 | 000,035,120 | ---- | M] () -- C:\Documents and Settings\michael\My Documents\S Smith- Xwind CPI.pdf
[2013/07/17 16:12:17 | 005,090,253 | R--- | M] (Swearware) -- C:\Documents and Settings\michael\Desktop\ComboFix.exe
[2013/07/17 00:30:00 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/07/16 20:31:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/07/16 09:50:13 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\michael\Desktop\Microsoft Office Outlook 2007.lnk
[2013/07/15 16:17:27 | 000,001,339 | ---- | M] () -- C:\Documents and Settings\michael\Desktop\ING Presents 2.lnk
[2013/07/15 14:34:59 | 000,043,030 | ---- | M] () -- C:\Documents and Settings\michael\My Documents\Homeowners Checklist.pdf
[2013/07/12 22:47:19 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/07/12 11:51:28 | 000,731,718 | ---- | M] () -- C:\Documents and Settings\michael\My Documents\Flor Garcia Herrera.pdf
[2013/07/12 11:36:00 | 000,711,176 | ---- | M] () -- C:\Documents and Settings\michael\My Documents\ING App Template.pdf
[2013/07/12 10:07:09 | 000,002,567 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Laser App Enterprise 10.lnk
[2013/07/11 17:01:28 | 000,000,425 | ---- | M] () -- C:\wTEMP.DBF
[2013/07/10 16:17:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/10 11:23:17 | 000,021,620 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/07/09 16:40:59 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/09 12:03:15 | 009,842,040 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Common Files\wruninstall.exe
[2013/07/08 17:00:59 | 000,657,107 | ---- | M] () -- C:\Documents and Settings\michael\My Documents\Marcela Brandt Trust New Account.pdf
[2013/07/08 16:57:43 | 000,652,895 | ---- | M] () -- C:\Documents and Settings\michael\My Documents\Luis Garcia Trust New Account.pdf
[2013/07/08 16:36:46 | 000,732,486 | ---- | M] () -- C:\Documents and Settings\michael\My Documents\Marcela Brandt.pdf
[2013/07/08 16:36:02 | 000,734,978 | ---- | M] () -- C:\Documents and Settings\michael\My Documents\Luis Garcia Herrera.pdf
[2013/07/08 16:27:14 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/07/08 15:31:19 | 000,418,638 | ---- | M] () -- C:\Documents and Settings\michael\My Documents\ING 2013 Blotter.pdf
[2013/07/08 12:36:00 | 000,642,902 | ---- | M] () -- C:\Documents and Settings\michael\My Documents\Oscar Padilla New Account Form.pdf
[2013/07/08 12:24:47 | 000,334,796 | ---- | M] () -- C:\Documents and Settings\michael\My Documents\Oscar Padilla Request for Conversion Form.pdf
[2013/07/03 13:59:45 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/07/03 13:59:17 | 000,001,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/07/03 10:16:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130703-141940.backup
[2013/07/01 15:25:53 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/01 14:46:34 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2013/07/01 14:46:12 | 004,815,135 | ---- | M] (FileZilla Project) -- C:\Documents and Settings\michael\My Documents\FileZilla_3.7.1_win32-setup.exe
[2013/06/28 01:21:04 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/28 01:21:04 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/28 01:21:04 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/20 22:20:57 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/06/20 22:07:16 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/07/18 15:54:14 | 000,188,927 | ---- | C] () -- C:\Documents and Settings\michael\My Documents\FXJ-.pdf
[2013/07/17 16:13:36 | 000,035,120 | ---- | C] () -- C:\Documents and Settings\michael\My Documents\S Smith- Xwind CPI.pdf
[2013/07/15 16:17:27 | 000,001,339 | ---- | C] () -- C:\Documents and Settings\michael\Desktop\ING Presents 2.lnk
[2013/07/15 14:34:59 | 000,043,030 | ---- | C] () -- C:\Documents and Settings\michael\My Documents\Homeowners Checklist.pdf
[2013/07/12 11:51:28 | 000,731,718 | ---- | C] () -- C:\Documents and Settings\michael\My Documents\Flor Garcia Herrera.pdf
[2013/07/10 11:18:20 | 000,021,620 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/07/09 10:21:26 | 000,000,986 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4135196456-2245981685-3958195158-1669UA.job
[2013/07/09 10:21:26 | 000,000,934 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4135196456-2245981685-3958195158-1669Core.job
[2013/07/09 10:09:05 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/09 10:09:04 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/07/08 17:00:59 | 000,657,107 | ---- | C] () -- C:\Documents and Settings\michael\My Documents\Marcela Brandt Trust New Account.pdf
[2013/07/08 16:57:26 | 000,652,895 | ---- | C] () -- C:\Documents and Settings\michael\My Documents\Luis Garcia Trust New Account.pdf
[2013/07/08 16:28:35 | 000,734,978 | ---- | C] () -- C:\Documents and Settings\michael\My Documents\Luis Garcia Herrera.pdf
[2013/07/08 16:27:14 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/07/08 12:36:00 | 000,642,902 | ---- | C] () -- C:\Documents and Settings\michael\My Documents\Oscar Padilla New Account Form.pdf
[2013/07/08 12:24:47 | 000,334,796 | ---- | C] () -- C:\Documents and Settings\michael\My Documents\Oscar Padilla Request for Conversion Form.pdf
[2013/07/03 13:59:45 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/07/03 13:59:45 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/07/03 13:59:44 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/07/03 13:59:17 | 000,001,889 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/07/03 13:59:17 | 000,001,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/07/03 09:48:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/03 09:48:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/03 09:48:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/03 09:48:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/03 09:48:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/01 15:33:53 | 000,987,263 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4135196456-2245981685-3958195158-1669-0.dat
[2013/07/01 15:33:45 | 000,320,830 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/28 01:21:04 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/26 13:21:09 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/26 13:21:08 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/20 22:20:57 | 000,001,589 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/06/20 22:07:16 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/03/20 09:36:11 | 000,695,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/11/30 14:48:52 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\michael\Local Settings\Application Data\dt.dat
[2012/11/24 16:56:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/07 16:42:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\michael\Application Data\pcouffin.cat
[2012/08/07 16:42:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\michael\Application Data\pcouffin.inf
[2012/08/07 16:19:58 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\michael\Local Settings\Application Data\imageCache.db
[2012/05/31 16:45:31 | 000,055,860 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/02 13:11:08 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/03/02 13:11:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/16 01:57:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/26 17:40:59 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/02 11:40:20 | 000,002,932 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2010/05/21 10:02:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 08:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:52 PM

Posted 19 July 2013 - 11:42 AM


Hello c0stabear

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    O3 - HKU\S-1-5-21-4135196456-2245981685-3958195158-1669\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
    O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
    O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
    O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.


Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 c0stabear

c0stabear
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 19 July 2013 - 12:35 PM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4135196456-2245981685-3958195158-1669\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adaware_XP not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\michael\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\michael\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: Administrator
 
User: administrator.AIG
->Java cache emptied: 7140 bytes
 
User: agent
->Java cache emptied: 68019855 bytes
 
User: All Users
 
User: barbara
 
User: Default User
 
User: Frank
 
User: kristin.cardenal
 
User: LocalService
 
User: michael
->Java cache emptied: 26632 bytes
 
User: NetworkService
 
Total Java Files Cleaned = 65.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: administrator.AIG
->Flash cache emptied: 456 bytes
 
User: agent
->Flash cache emptied: 57491 bytes
 
User: All Users
 
User: barbara
->Flash cache emptied: 929 bytes
 
User: Default User
->Flash cache emptied: 56468 bytes
 
User: Frank
->Flash cache emptied: 410 bytes
 
User: kristin.cardenal
->Flash cache emptied: 523 bytes
 
User: LocalService
 
User: michael
->Flash cache emptied: 57301 bytes
 
User: NetworkService
->Flash cache emptied: 1022 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07192013_131647

 

-----------------------------

 

I have not noticed a change using the machine thus far.

 

I'm also gonna be away from the PC over the weekend until Monday, so I will not be able to reply again until then! I will bump this again on Monday to confirm whether things are the same on my machine or not.


Edited by c0stabear, 19 July 2013 - 12:35 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users