Trying to clear out remnants of XP *** 2012 infection

OTL logfile created on: 2/16/2012 2:58:14 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 72.73% Memory free
7.09 Gb Paging File | 6.25 Gb Available in Paging File | 88.24% Paging File free
Paging file location(s): C:\pagefile.sys 4092 8184 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 41.94 Gb Free Space | 14.50% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.61 Gb Free Space | 6.87% Space Free | Partition Type: FAT32
Drive E: | 292.96 Gb Total Space | 291.94 Gb Free Space | 99.65% Space Free | Partition Type: NTFS
Drive J: | 638.55 Gb Total Space | 352.65 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive K: | 115.83 Gb Total Space | 23.11 Gb Free Space | 19.95% Space Free | Partition Type: NTFS

Computer Name: ELENGIL | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/16 13:49:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2012/02/16 11:47:04 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
PRC - [2012/02/15 22:42:44 | 000,388,608 | R--- | M] (Microsoft Corporation) -- C:\ComboFix\CF5325.3XE
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/19 16:10:32 | 008,563,624 | ---- | M] (Innovative Solutions) -- C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/10/21 21:57:00 | 000,379,328 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
PRC - [2011/10/21 21:56:58 | 003,065,568 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/06/23 18:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 02:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2011/04/19 09:07:10 | 002,809,856 | ---- | M] (SplitCam Co.) -- C:\Program Files\SplitCam\SplitCam.exe
PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/26 16:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
PRC - [2010/09/02 10:59:16 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2010/01/24 23:34:24 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/09/02 12:46:30 | 001,127,944 | ---- | M] (LSoft Technologies Inc) -- C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
PRC - [2008/11/18 00:15:14 | 000,417,136 | R--- | M] (Sysinternals) -- C:\ComboFix\handle.3XE
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/16 09:55:14 | 000,397,312 | ---- | M] (www.tortoisesvn.org) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2006/07/07 11:45:00 | 001,052,672 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe
PRC - [2006/04/06 20:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2005/09/18 18:40:42 | 001,421,824 | ---- | M] (Methlabs) -- C:\Program Files\PeerGuardian2\pg2.exe
PRC - [2005/08/02 18:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/02/01 18:28:12 | 001,469,952 | ---- | M] (Hagel Technologies) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2005/01/20 14:25:18 | 000,069,632 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\DCSUserProt.exe
PRC - [2005/01/20 14:24:02 | 000,280,064 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\procguard.exe
PRC - [2005/01/20 14:14:10 | 000,184,320 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\pgaccount.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/16 11:47:04 | 000,070,952 | ---- | M] () -- c:\Program Files\tbh\base\bin\tbhDaemon.exe
MOD - [2012/02/10 15:13:03 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2012/01/18 14:48:08 | 000,008,624 | ---- | M] () -- C:\Program Files\Innovative Solutions\DriverMax\sync.dll
MOD - [2011/06/23 18:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/03/25 06:25:12 | 003,668,992 | ---- | M] () -- C:\Program Files\SplitCam\DSFilters\Decoding\ffdshow.ax
MOD - [2011/03/11 10:06:28 | 000,958,464 | ---- | M] () -- C:\Program Files\SplitCam\cxcore110.dll
MOD - [2011/03/11 10:06:28 | 000,876,544 | ---- | M] () -- C:\Program Files\SplitCam\cv110.dll
MOD - [2011/03/11 10:06:28 | 000,389,120 | ---- | M] () -- C:\WINDOWS\system32\actskn43.ocx
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/11/10 10:37:09 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3548b262\mscorlib.dll
MOD - [2010/11/10 10:37:07 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_a16b8162\system.drawing.dll
MOD - [2010/11/10 10:36:54 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a54c19c5\system.windows.forms.dll
MOD - [2010/11/10 10:36:45 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_72096808\system.dll
MOD - [2010/11/10 10:36:37 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/09/02 10:59:16 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
MOD - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
MOD - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
MOD - [2010/02/05 13:14:43 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/24 23:34:24 | 000,070,952 | ---- | M] () -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Apps\F.lux\flux.exe
MOD - [2006/10/22 10:41:52 | 000,235,520 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2006/09/16 09:56:40 | 000,133,120 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\CrashRpt.dll
MOD - [2006/09/16 09:51:08 | 000,007,168 | ---- | M] () -- C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
MOD - [2006/09/16 09:51:06 | 000,010,752 | ---- | M] () -- C:\Program Files\TortoiseSVN\iconv\windows-1252.so
MOD - [2006/09/16 09:51:06 | 000,007,168 | ---- | M] () -- C:\Program Files\TortoiseSVN\iconv\utf-8.so
MOD - [2006/08/19 16:59:49 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006/08/19 16:59:48 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2006/05/13 23:23:40 | 000,138,752 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2005/08/02 18:19:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\armcex.dll
MOD - [2004/08/09 16:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2004/08/09 16:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2004/08/09 16:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/09 16:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/05/07 20:23:04 | 000,618,496 | ---- | M] () -- C:\Program Files\VDMSound\LaunchPad.dll
MOD - [1998/10/31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto | Stopped] -- -- (NFService)
SRV - File not found [Auto | Stopped] -- -- (imap4d32)
SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-092308-165331)
SRV - File not found [Auto | Stopped] -- -- (centennialclientagent)
SRV - [2012/02/10 15:13:03 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/21 21:57:00 | 000,379,328 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/17 02:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/26 16:25:10 | 000,319,568 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV - [2010/09/13 16:05:36 | 000,086,016 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/04/26 18:44:00 | 003,735,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2010/01/24 23:34:24 | 000,070,952 | ---- | M] () [Auto | Running] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/02 12:46:30 | 001,127,944 | ---- | M] (LSoft Technologies Inc) [Auto | Running] -- C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe -- (Active@ Disk Monitor)
SRV - [2007/05/04 09:00:12 | 005,701,632 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2006/09/29 05:56:44 | 000,574,976 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\Internet\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/01/20 14:25:18 | 000,069,632 | ---- | M] (DiamondCS) [Auto | Running] -- C:\Program Files\ProcessGuard\dcsuserprot.exe -- (DCSPGSRV)
SRV - [2004/08/09 16:00:00 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\w810bus.dll -- (SaiH040B)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2012/01/24 17:43:30 | 000,242,240 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/12/23 15:52:17 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SXUPTP.SYS -- (sxuptp)
DRV - [2011/12/23 15:52:17 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSADMDM.SYS -- (ssadmdm)
DRV - [2011/12/23 15:52:17 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSADMDFL.SYS -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/12/23 15:52:17 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BT848.SYS -- (BT848)
DRV - [2011/09/15 15:23:30 | 000,130,360 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2011/07/20 02:45:52 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/07/20 02:45:52 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/06/20 10:31:32 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/30 07:00:20 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/04/30 07:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 07:00:06 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/04/30 07:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 07:00:06 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/04/30 06:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2011/02/22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/02/22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:54 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/11 18:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010/08/04 21:16:54 | 002,127,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/06/23 18:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2010/03/25 20:06:28 | 000,123,856 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/03/25 20:06:26 | 000,041,680 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/01/22 12:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/01/22 12:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/11/25 19:12:00 | 000,354,176 | ---- | M] (TrueCrypt Foundation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\supersafer.sys -- (supersafer)
DRV - [2009/10/07 03:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 03:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2009/10/07 03:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 03:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/16 15:30:24 | 000,590,080 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/08/03 21:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009/07/28 03:55:00 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/24 13:03:54 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2007/06/28 19:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2007/02/06 11:27:02 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2007/01/23 15:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 15:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/01/23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/11/28 21:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/22 14:06:10 | 000,092,160 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/06/27 22:15:56 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/06/14 06:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 10:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 10:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/10 19:48:58 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 06:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 06:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/18 18:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2005/06/29 12:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/04/04 11:36:52 | 000,009,887 | ---- | M] (Ken Kato) [Kernel | On_Demand | Stopped] -- C:\VFD\vfd.sys -- (VirtualFD)
DRV - [2005/03/09 09:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/01 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/09 16:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/03 09:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 02:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2002/12/24 21:18:56 | 000,003,712 | ---- | M] (Hitachi Global Storage Technologies) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cfadisk.sys -- (cfadisk)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: bookmarks@cometmarks.com:1.81
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1
FF - prefs.js..extensions.enabledItems: {567F62D2-2162-43fe-A573-E5620D0934B2}:2.10
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.27.1
FF - prefs.js..extensions.enabledItems: {F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}:1.9
FF - prefs.js..extensions.enabledItems: {d4330680-c0ae-4226-8a21-0afe2fd1ac24}:3.8.0.8

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web-accelerator@google.com: C:\Program Files\Google\Web Accelerator\firefox [2007/08/09 10:16:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2012/02/06 22:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/06 22:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Components: C:\Program Files\Internet\Mozilla Firefox\components [2009/06/15 03:44:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.16\extensions\\Plugins: C:\Program Files\Internet\Mozilla Firefox\plugins [2009/08/24 03:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Internet\Mozilla Firefox 3\components [2010/12/08 00:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Internet\Mozilla Firefox 3\plugins [2010/12/08 00:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 1.5.0.12\Extensions\\Components: C:\Program Files\Internet\Mozilla Thunderbird\components\ [2011/04/20 18:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 1.5.0.12\Extensions\\Plugins: C:\Program Files\Internet\Mozilla Thunderbird\plugins\ [2009/08/24 03:32:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/06/07 14:17:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/06/07 14:15:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 1.5.0.12\Extensions\\Components: C:\Program Files\Internet\Mozilla Thunderbird\components\ [2011/04/20 18:11:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 1.5.0.12\Extensions\\Plugins: C:\Program Files\Internet\Mozilla Thunderbird\plugins\ [2009/08/24 03:32:01 | 000,000,000 | ---D | M]

[2010/06/07 14:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/06/07 14:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/08/30 13:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Pink Paula / PP 2") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{075538f3-a7a9-498a-8e0d-12f2e2ff862a}
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Mostly Crystal") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{0cdfdd5e-eea6-45ff-b035-81243cf02efb}
[2008/09/22 06:21:40 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2008/07/30 12:39:25 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2008/08/01 13:54:22 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2008/09/02 18:37:29 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2008/09/22 06:21:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("IE Tab") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/07/30 12:39:12 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2008/09/22 06:21:38 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2008/06/06 22:35:00 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/08/30 13:04:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2008/07/30 12:39:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Daisy") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{C985DAC8-338E-11DB-8AF6-B622A1EF5492}
[2008/06/19 10:15:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/06/19 10:15:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/06/19 10:15:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/09/22 06:21:38 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Ctrl Tab Preview") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\ctrltabpreview@extensions.hesslow.se
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Firebug") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\firebug@software.joehewitt.com
[2008/05/24 16:47:03 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\linkalert.conlan@addons.mozilla.com
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("Video Download") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\piraton@enchufados.net
[2007/09/23 07:09:23 | 000,000,000 | ---D | M] ("VideoDownloader") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\videodowloader@videodownloader.net
[2007/03/14 12:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\ctrltabpreview@extensions.hesslow.se\chrome
[2012/01/31 23:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions
[2009/09/07 12:52:35 | 000,000,000 | ---D | M] ("Pink Paula / PP 3.5.1") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{075538f3-a7a9-498a-8e0d-12f2e2ff862a}
[2008/10/13 00:11:50 | 000,000,000 | ---D | M] ("Mostly Crystal") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{0cdfdd5e-eea6-45ff-b035-81243cf02efb}
[2011/09/09 23:33:55 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/26 23:31:44 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/06/28 16:03:53 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/07/28 01:14:33 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2010/12/19 14:25:45 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2011/06/28 16:04:27 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011/09/09 23:33:55 | 000,000,000 | ---D | M] (Vyprázdnit vyrovnávacÃ* paměť) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
[2009/09/28 21:30:28 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2012/01/05 10:09:35 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2011/09/09 23:33:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/06 07:36:13 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/04/26 23:31:49 | 000,000,000 | ---D | M] (View Cookies) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
[2010/05/12 23:38:50 | 000,000,000 | ---D | M] (4chan) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2009/08/31 07:20:37 | 000,000,000 | ---D | M] (AvantGarde Rosepetal) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{9f94fab0-58a2-11dd-ae16-0800200c9a66}
[2011/08/10 21:01:33 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/12/19 14:25:48 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/08/30 13:04:41 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/13 14:52:45 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/11/13 14:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/10/29 15:43:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/10 21:01:34 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/09/09 23:33:57 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/10/16 15:42:01 | 000,000,000 | ---D | M] ("Show my Password") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2011/08/10 21:01:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/19 14:25:51 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/06/28 16:04:02 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/08/13 04:48:19 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/09/09 23:34:03 | 000,000,000 | ---D | M] (Better Facebook!) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\betterfacebook@mattkruse.com
[2011/08/10 21:01:38 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\DeviceDetection@logitech.com
[2010/05/12 23:38:43 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\firebug@software.joehewitt.com
[2011/09/09 23:34:02 | 000,000,000 | ---D | M] (Lazarus: Form Recovery) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\lazarus@interclue.com
[2011/06/28 16:03:34 | 000,000,000 | ---D | M] ("Link Alert") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\linkalert.conlan@addons.mozilla.com
[2012/01/05 10:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\staged-xpis
[2009/10/04 11:30:26 | 000,000,000 | ---D | M] (VacuumPlaces Extension) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\VacuumPlaces@revertron.com
[2011/06/28 16:03:47 | 000,000,000 | ---D | M] (Weather Watcher Live) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\weatherwatcherlive@singerscreations.com
[2010/05/12 23:38:52 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\webmaster@keep-tube.com
[2010/06/07 14:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\SeaMonkey\Profiles\7tyw5yzt.default\extensions
[2012/02/04 15:12:54 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Internet\Mozilla Firefox 3\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Internet\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Internet\Mozilla Firefox 3\plugins\npBitCometAgent.dll
CHR - plugin: 3D Life Player (Enabled) = C:\Program Files\Internet\Mozilla Firefox\plugins\npvirtools.dll
CHR - plugin: thriXXX WebLaunch (Enabled) = C:\Program Files\Internet\Mozilla Firefox\plugins\npWebLaunch.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Internet\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Super Mario Bros. Crossover = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeecbbkpegiknjlkklkajceokkdgipbm\2.1_0\
CHR - Extension: Lord of Ultima = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.11_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Poppit = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\

O1 HOSTS File: ([2012/02/16 11:48:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - Reg Error: Value error. File not found
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Internet\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O4 - HKLM..\Run: [!1_pgaccount] C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [!1_ProcessGuard_Startup] C:\Program Files\ProcessGuard\procguard.exe (DiamondCS)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [SplitCam] C:\Program Files\SplitCam\SplitCam.exe (SplitCam Co.)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)
O4 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3220704123-1705262036-168104783-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\Internet\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\Internet\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Internet\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Internet\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\HP_Administrator\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Bubble This URL - {A3A0268C-3146-431d-84EE-2789B750ABD2} - C:\Program Files\Bubbles\BubblesHBO.dll (3D3R)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\Internet\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287561639000 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1594FE92-FEC5-43E7-902C-E92A362EBDCF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B743EA3-719A-4C2C-A274-07437BDFF65F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/19 17:40:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/08/06 01:11:04 | 000,000,000 | ---D | M] - J:\Autohotkey -- [ NTFS ]
O32 - AutoRun File - [2006/05/26 12:25:18 | 000,712,704 | ---- | M] () - K:\AutoRAR.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: MRESP50a64 - File not found
NetSvcs: wps - File not found
NetSvcs: MSFWDrv - File not found
NetSvcs: point32 - File not found
NetSvcs: MTC0001_ESB - File not found
NetSvcs: se59mgmt - File not found
NetSvcs: queuemgr - File not found
NetSvcs: cmdmon - File not found
NetSvcs: Nsynas32 - File not found
NetSvcs: mirrorv3 - File not found
NetSvcs: GTPTSER - File not found
NetSvcs: x10nets - File not found
NetSvcs: houdinilicenseserver - File not found
NetSvcs: sfhlp02 - File not found
NetSvcs: mgabgexe - File not found
NetSvcs: int15 - File not found
NetSvcs: wmconnectcds - File not found
NetSvcs: issimon - File not found
NetSvcs: NWFILTER - File not found
NetSvcs: s116nd5 - File not found
NetSvcs: lusbaudio - File not found
NetSvcs: clmtomcatstartersvc - File not found
NetSvcs: foldersize - File not found
NetSvcs: ikfilesec - File not found
NetSvcs: centennialclientagent - File not found
NetSvcs: SaiH040B - C:\WINDOWS\system32\w810bus.dll (Oak Technology Inc.)
NetSvcs: imap4d32 - File not found
NetSvcs: nmindexingservice - File not found
NetSvcs: pclepci - File not found
NetSvcs: CAM1210 - File not found
NetSvcs: portmapper - File not found
NetSvcs: lxbx_device - File not found
NetSvcs: dwusbdnt - File not found
NetSvcs: mcusrmgr - File not found
NetSvcs: SQTECH9080 - File not found
NetSvcs: s117mdm - File not found
NetSvcs: iPassPeriodicUpdateApp - File not found
NetSvcs: SMCB000 - File not found
NetSvcs: sthda - File not found
NetSvcs: st330service - File not found
NetSvcs: icraplus - File not found
NetSvcs: com0com - File not found
NetSvcs: lxbt_device - File not found
NetSvcs: cpqnicmgmt - File not found
NetSvcs: SaiNtHid - File not found
NetSvcs: toscosrv - File not found
NetSvcs: NuidFltr - File not found
NetSvcs: k56 - File not found
NetSvcs: infrastructure - File not found
NetSvcs: vwlogger - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.D263 - C:\WINDOWS\System32\xl_x263dec.dll (Xirlink, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/16 13:49:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2012/02/16 12:01:36 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2012/02/15 22:43:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/12 00:26:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\Cookies
[2012/02/11 23:17:52 | 004,402,217 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2012/02/11 20:58:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/11 20:52:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/11 20:52:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/11 20:52:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/11 20:52:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/11 20:52:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/11 20:52:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 06:22:28 | 000,000,000 | ---D | C] -- C:\found.001
[2012/02/04 16:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2012/02/04 16:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/02/04 15:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThreatFire
[2012/02/04 15:16:59 | 000,069,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2012/02/04 15:16:59 | 000,051,984 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2012/02/04 15:16:59 | 000,033,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2012/02/04 15:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2012/02/04 15:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/02/03 17:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Threats
[2012/02/02 12:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatExpert Memory Scanner
[2012/02/02 12:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThreatExpert Memory Scanner
[2012/01/29 15:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Argente - Uninstall Manager
[2012/01/29 15:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\Argente - Uninstall Manager
[2012/01/26 03:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/01/24 17:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools Lite
[2012/01/24 17:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/12/05 22:02:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2010/12/05 22:02:08 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[2010/08/06 04:16:53 | 001,618,432 | ---- | C] (factormystic.net) -- C:\Program Files\Default Programs Editor.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/16 14:52:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/16 14:52:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/16 13:49:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2012/02/16 12:02:32 | 000,001,226 | ---- | M] () -- C:\WINDOWS\SplitCam.INI
[2012/02/16 12:01:36 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2012/02/16 11:49:46 | 000,000,185 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/02/16 11:48:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/16 11:46:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/16 11:46:01 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 11:45:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/02/16 11:45:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2012/02/15 22:41:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 22:29:31 | 000,278,096 | ---- | M] () -- C:\WINDOWS\System32\pghash.dat
[2012/02/15 20:29:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/15 02:18:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/14 13:54:07 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/13 19:21:12 | 000,336,993 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2012/02/12 15:46:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/11 23:38:33 | 000,504,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/11 23:38:32 | 000,088,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/11 20:58:30 | 000,000,364 | RHS- | M] () -- C:\boot.ini
[2012/02/11 20:45:27 | 004,402,217 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2012/02/11 19:52:11 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat
[2012/02/06 22:24:35 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/06 22:24:35 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/06 22:17:57 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2012/02/06 22:10:05 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2012/02/06 22:07:09 | 088,369,140 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/05 00:04:01 | 000,335,823 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/04 15:21:40 | 000,272,096 | ---- | M] () -- C:\WINDOWS\System32\pguard.dat
[2012/02/04 15:17:01 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2012/01/26 22:13:01 | 000,252,080 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/01/26 22:13:01 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/01/24 17:43:30 | 000,242,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/01/24 03:08:32 | 000,000,039 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shutdown Stopper.ini
[2012/01/21 01:38:42 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverMax.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/15 23:34:09 | 3487,744,000 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/13 20:31:37 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/02/13 20:23:35 | 000,242,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/02/13 19:45:10 | 000,336,993 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2012/02/11 20:52:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/11 20:52:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/11 20:52:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/11 20:52:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/11 20:52:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/11 19:52:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat
[2012/02/06 22:17:38 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2012/02/04 15:17:01 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2012/01/25 18:19:23 | 000,001,226 | ---- | C] () -- C:\WINDOWS\SplitCam.INI
[2012/01/24 03:08:30 | 000,000,039 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shutdown Stopper.ini
[2011/12/27 03:07:29 | 000,000,986 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix
[2011/12/27 03:07:29 | 000,000,986 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix
[2011/12/25 21:21:44 | 000,002,234 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\wpiyhave0j0l
[2011/12/25 21:21:44 | 000,002,234 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wpiyhave0j0l
[2011/12/21 13:41:21 | 000,278,096 | ---- | C] () -- C:\WINDOWS\System32\pghash.dat
[2011/12/21 13:41:20 | 000,272,096 | ---- | C] () -- C:\WINDOWS\System32\pguard.dat
[2011/12/20 16:10:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\procguard.dll
[2011/12/18 19:10:03 | 000,000,146 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/12/16 15:09:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\HJ82c.exe.b
[2011/12/16 15:06:53 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Xmnj5x8.dat
[2011/12/16 14:53:32 | 000,013,984 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\556743u6e382q717x083h0cov2n3
[2011/12/16 14:53:32 | 000,013,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\556743u6e382q717x083h0cov2n3
[2011/10/14 01:04:26 | 000,007,633 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\.freeciv-client-rc-2.3
[2011/08/20 00:16:09 | 000,267,614 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/16 05:16:24 | 000,337,722 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3220704123-1705262036-168104783-1007-0.dat
[2011/07/26 17:26:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/07/26 17:26:46 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/07/26 17:26:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/07/26 17:26:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/07/26 17:26:46 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/07/03 15:47:49 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/03 15:47:49 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/06/30 16:22:07 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/04/20 17:19:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ddiwezipahal.dat
[2011/04/20 17:19:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ksuzebic.bin
[2010/12/16 06:06:58 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\setup_ldm.iss
[2010/12/05 20:12:55 | 000,042,535 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/12/05 19:13:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\SuperSafer.cfg
[2010/12/05 19:13:08 | 002,771,968 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_core_vc_custom.dll
[2010/12/05 19:13:08 | 001,163,776 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_vc_custom.dll
[2010/12/05 19:13:08 | 000,681,472 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_adv_vc_custom.dll
[2010/12/05 19:13:08 | 000,492,032 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_xrc_vc_custom.dll
[2010/12/05 19:13:08 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_html_vc_custom.dll
[2010/12/05 19:13:08 | 000,119,808 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_net_vc_custom.dll
[2010/12/05 19:13:08 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_xml_vc_custom.dll
[2010/12/05 19:13:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\verify.dll
[2010/12/05 19:13:08 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\config.dll
[2010/12/03 13:58:47 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/12/03 13:58:47 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/12/03 13:58:44 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/12/03 13:58:44 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/12/03 13:56:42 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/12/03 13:44:08 | 000,049,152 | R--- | C] () -- C:\WINDOWS\DAOD.exe
[2010/12/03 13:44:05 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/12/03 13:44:02 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/12/03 13:43:52 | 000,033,790 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/12/03 13:43:50 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/12/03 13:12:20 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/03 13:12:18 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/03 13:12:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/12/03 12:53:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/10 10:44:49 | 000,266,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/20 03:40:01 | 000,102,038 | ---- | C] () -- C:\WINDOWS\System32\HCW848UN.EXE
[2010/10/20 03:13:29 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2010/09/15 03:34:39 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/08/28 02:18:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/28 02:18:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/08/28 02:18:28 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/26 18:22:18 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/06/18 14:42:43 | 000,000,043 | ---- | C] () -- C:\WINDOWS\FFS20ChtReg.ini
[2010/05/23 15:13:31 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/04/21 00:16:46 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/01/30 01:20:02 | 000,000,430 | ---- | C] () -- C:\WINDOWS\Memory.ini
[2010/01/30 01:17:31 | 000,000,361 | ---- | C] () -- C:\WINDOWS\MasMind.INI
[2009/12/29 08:01:05 | 000,004,620 | ---- | C] () -- C:\WINDOWS\XChange.dat
[2009/12/25 18:22:41 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/06 01:46:45 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/11/07 16:23:36 | 000,000,279 | ---- | C] () -- C:\WINDOWS\YAHTZEE.INI
[2009/11/07 16:22:56 | 000,000,049 | ---- | C] () -- C:\WINDOWS\TTT.INI
[2009/11/07 16:22:06 | 000,000,050 | ---- | C] () -- C:\WINDOWS\pmachine.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/31 05:59:39 | 000,000,093 | ---- | C] () -- C:\WINDOWS\othello.ini
[2009/08/31 05:56:54 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Blip.ini
[2009/07/31 22:57:06 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/07/31 21:43:51 | 001,377,162 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\speech.wav
[2009/07/02 03:37:07 | 000,003,464 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\springsettings.cfg
[2009/07/01 15:04:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/04/20 23:32:39 | 000,001,160 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\MPQEditor.ini
[2009/04/09 04:35:45 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini
[2009/03/25 02:10:00 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/25 02:10:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/24 05:41:58 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/03/20 06:47:41 | 000,004,226 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Cosmos Prefs
[2009/03/17 23:07:43 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gfact.ini
[2009/03/07 08:54:47 | 000,019,840 | ---- | C] () -- C:\WINDOWS\W2BNEUnin.dat
[2009/03/04 20:01:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2009/01/20 12:43:35 | 000,005,292 | ---- | C] () -- C:\WINDOWS\DiabUnin.dat
[2008/12/03 11:57:29 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2008/12/03 11:57:28 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2008/10/29 03:16:02 | 000,088,456 | ---- | C] () -- C:\WINDOWS\Network Measurement Agent Uninstaller.exe
[2008/10/12 23:56:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2008/10/11 18:53:40 | 000,000,047 | ---- | C] () -- C:\WINDOWS\WinBIN2ISO.INI
[2008/09/07 19:52:55 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\WavCodec.wff
[2008/08/19 21:46:41 | 000,000,216 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2008/05/21 05:30:54 | 000,000,062 | ---- | C] () -- C:\WINDOWS\TSW12.INI
[2008/05/12 17:46:11 | 000,000,516 | ---- | C] () -- C:\WINDOWS\ROPatch.ini
[2008/04/21 03:26:52 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\sprview.dll
[2008/03/05 18:38:08 | 001,457,024 | ---- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2008/02/07 06:56:54 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/09/26 13:16:55 | 000,308,928 | ---- | C] () -- C:\WINDOWS\System32\ivflt08.dll
[2007/09/26 13:16:55 | 000,211,456 | ---- | C] () -- C:\WINDOWS\System32\ivbas08.dll
[2007/09/19 23:50:09 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2007/08/19 15:11:59 | 000,000,311 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2007/07/25 23:15:41 | 000,000,626 | ---- | C] () -- C:\WINDOWS\roughdraft.INI
[2007/06/28 19:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/03/31 23:40:54 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Mp3Decode.INI
[2007/03/21 21:21:10 | 000,703,258 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2007/03/21 21:21:10 | 000,003,381 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/03/03 21:13:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\settings.ini
[2007/02/18 05:33:34 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/02/05 11:11:36 | 000,007,725 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\.googlewebacchosts
[2007/01/18 02:46:39 | 000,000,635 | ---- | C] () -- C:\WINDOWS\Sta2.INI
[2006/11/13 00:09:16 | 000,000,007 | -H-- | C] () -- C:\WINDOWS\TFSFILE5.DAT
[2006/11/06 03:44:43 | 000,004,929 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/06 01:11:30 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/11/06 00:56:25 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/05 22:09:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/05 21:04:56 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/19 18:08:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/19 17:44:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/19 17:44:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/19 17:41:13 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/19 17:29:45 | 000,004,567 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/19 17:29:06 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/19 17:29:06 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/19 17:24:22 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/19 17:23:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/19 17:21:15 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll.hcw
[2006/08/19 17:20:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/19 17:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/19 17:18:35 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/19 16:57:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/19 16:57:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/19 16:57:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/08/04 19:24:28 | 000,010,747 | ---- | C] () -- C:\WINDOWS\System32\UDBDef.exe
[2006/06/27 22:15:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2006/06/16 06:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/07 17:32:46 | 003,088,384 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-4.dll
[2005/11/04 21:57:14 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2005/08/30 16:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 16:07:46 | 000,504,792 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 16:07:46 | 000,088,586 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 16:05:30 | 000,230,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 16:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 15:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 16:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 16:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/09 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 02:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/07/25 00:23:32 | 001,000,583 | ---- | C] () -- C:\WINDOWS\System32\gnet-1.1.dll
[2002/12/12 22:24:04 | 000,653,824 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll
[2001/08/23 03:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 03:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011/01/19 14:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2012/01/07 17:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/19 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2011/01/02 05:20:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/01/24 17:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2006/08/19 17:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/05/23 16:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Divinity 2
[2011/07/29 01:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2011/02/10 01:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2007/04/02 04:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
[2007/03/14 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Handy Software Lab
[2010/07/17 02:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2010/12/05 21:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/02/28 07:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2011/02/10 02:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/04/10 20:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/01/29 18:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/01/07 14:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/09/09 01:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
[2011/02/10 02:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/08/04 02:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/01/07 10:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/12/18 19:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2009/06/25 09:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2011/08/19 19:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/02/04 16:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/02/13 15:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPORE
[2010/12/05 19:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spotmau
[2009/07/02 03:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spring
[2010/07/17 02:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2007/12/09 18:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/02/10 02:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2006/11/06 03:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/12/25 00:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/05/25 12:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{27ED786F-D773-47F8-93EB-8A249414AD30}
[2011/11/13 14:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2011/04/20 18:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Thunderbird
[2012/02/12 15:46:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/02/15 02:18:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/02/12 00:23:04 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2012/02/16 11:45:56 | 000,030,729 | ---- | M] () -- C:\aaw7boot.log
[2006/08/19 17:40:56 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/05/19 03:22:41 | 000,000,061 | ---- | M] () -- C:\Avi2Dvd_Log.txt
[2012/01/03 03:54:54 | 000,000,325 | ---- | M] () -- C:\Boot.bak
[2012/02/11 20:58:30 | 000,000,364 | RHS- | M] () -- C:\boot.ini
[2012/02/11 19:57:19 | 000,068,122 | ---- | M] () -- C:\bootkit_remover_debug_log.txt
[2010/10/20 03:42:47 | 120,334,472 | ---- | M] () -- C:\CAPTURE.AVI
[2004/08/09 16:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/16 12:01:27 | 000,033,975 | ---- | M] () -- C:\ComboFix.txt
[2005/08/30 16:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/06/20 11:13:46 | 000,000,230 | ---- | M] () -- C:\config.xml
[2007/04/03 00:02:17 | 000,001,701 | ---- | M] () -- C:\Current.m3u
[2009/02/16 09:34:15 | 000,000,000 | ---- | M] () -- C:\dbg_log.txt
[2008/01/28 01:58:21 | 000,000,980 | ---- | M] () -- C:\demux.log
[2010/08/12 01:39:59 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/06/18 14:51:00 | 000,025,214 | ---- | M] () -- C:\favicon.ico
[2010/12/21 03:56:26 | 000,657,070 | ---- | M] () -- C:\FileList.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/10/20 03:39:20 | 000,016,743 | ---- | M] () -- C:\hcwclear.txt
[2012/02/16 11:46:01 | 3487,744,000 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/19 17:48:33 | 000,000,051 | ---- | M] () -- C:\hpWebHelper.log
[2007/01/04 21:07:37 | 000,036,918 | ---- | M] () -- C:\img.BMP
[2009/06/24 18:32:38 | 000,003,148 | ---- | M] () -- C:\init_data.xml
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/08/30 16:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/09 11:15:35 | 000,918,016 | ---- | M] () -- C:\libiconv-2.dll
[2009/05/09 11:15:35 | 000,076,800 | ---- | M] () -- C:\libintl-8.dll
[2009/09/09 02:07:35 | 225,951,718 | ---- | M] () -- C:\log_fs.log
[2009/05/09 11:15:35 | 000,135,680 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\magic1.dll
[2011/12/21 02:39:20 | 000,000,000 | ---- | M] () -- C:\Malware
[2009/05/09 11:15:33 | 000,005,694 | ---- | M] () -- C:\matroskalogo_big.ico
[2009/05/09 11:15:34 | 002,244,096 | ---- | M] () -- C:\mkvextract.exe
[2009/05/09 11:15:34 | 001,447,936 | ---- | M] () -- C:\mkvinfo.exe
[2009/05/09 11:15:35 | 004,721,664 | ---- | M] () -- C:\mkvmerge.exe
[2009/05/09 11:15:35 | 002,660,864 | ---- | M] () -- C:\mmg.exe
[2005/08/30 16:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/09 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/09 16:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2012/02/16 11:45:59 | 4290,772,992 | -HS- | M] () -- C:\pagefile.sys
[2010/10/31 17:34:05 | 000,000,093 | ---- | M] () -- C:\Prodinfo.txt
[2008/06/11 02:59:40 | 000,000,143 | ---- | M] () -- C:\rapidhacker.dll
[2009/05/09 11:15:35 | 000,079,360 | ---- | M] (GnuWin32 <http://gnuwin32.sourceforge.net>) -- C:\regex2.dll
[2007/05/19 03:13:00 | 000,000,020 | ---- | M] () -- C:\rules.qdb
[2007/05/19 03:25:46 | 000,000,000 | ---- | M] () -- C:\s18c
[2006/11/06 13:34:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2006/11/06 13:34:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2006/11/18 06:13:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2006/12/11 02:31:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007/02/05 02:58:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2011/12/18 15:15:35 | 000,074,914 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_18.12.2011_15.10.46_log.txt
[2007/05/27 06:53:13 | 000,002,804 | ---- | M] () -- C:\tempsend.dzk
[2009/01/20 22:33:56 | 000,021,004 | ---- | M] () -- C:\TEMP_BDT.CHA
[2008/04/20 00:23:22 | 000,000,004 | ---- | M] () -- C:\test.raw
[2008/04/20 00:20:40 | 000,017,136 | ---- | M] () -- C:\testpath.raw
[2008/04/30 17:32:00 | 000,107,596 | ---- | M] () -- C:\toolkit_widget.gif
[2010/10/20 02:47:19 | 000,000,350 | ---- | M] () -- C:\updatedatfix.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2009/05/09 11:15:35 | 001,369,088 | ---- | M] () -- C:\wxbase28u_gcc_custom.dll
[2009/05/09 11:15:35 | 003,418,624 | ---- | M] () -- C:\wxmsw28u_core_gcc_custom.dll
[2009/05/09 11:15:35 | 000,538,624 | ---- | M] () -- C:\wxmsw28u_html_gcc_custom.dll
[2009/05/09 11:15:35 | 000,075,264 | ---- | M] (Zlib) -- C:\zlib1.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >
[2006/02/19 05:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2005/08/30 16:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2006/08/03 01:24:50 | 000,208,896 | ---- | M] (Space Sciences Laboratory) -- C:\WINDOWS\boinc.scr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/02/14 15:01:50 | 001,618,432 | ---- | M] (factormystic.net) -- C:\Program Files\Default Programs Editor.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/30 08:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/30 08:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/08/30 08:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/08/30 16:02:10 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2008/07/30 00:33:11 | 000,000,178 | -HS- | M] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.ini

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/11/05 21:09:21 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/07/02 16:25:44 | 001,545,216 | ---- | M] (Maël Hörz) -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HxD.exe
[2005/08/30 16:06:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/02/11 20:45:27 | 004,402,217 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2012/02/13 19:21:12 | 000,336,993 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FSS.exe
[2011/04/29 23:08:07 | 251,426,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\metalassault_us_installer_20110429.exe
[2012/02/16 13:49:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2012/01/03 03:16:39 | 000,212,415 | ---- | M] (Paul Watson) -- C:\Documents and Settings\HP_Administrator\Desktop\Shutdown Stopper.exe
[2010/12/12 20:04:49 | 019,985,265 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\vlc-1.1.5-win32.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/09 16:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/11/05 21:08:33 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\Desktop.ini
[2010/05/08 16:58:22 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
No captured output from command...

< dir /b "%systemroot%\*.exe" | find /i " " /c >
No captured output from command...

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/02/16 14:50:49 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/09 16:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/09 16:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/03 19:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/03 19:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/03 19:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/10/13 11:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/03 19:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/03 19:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/03 19:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/03 19:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/03 19:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 04:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe
[2001/02/01 16:10:20 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

Extras file wont post...

You have included 8 images in your message. You are limited to using 6 images so please go back and correct the problem and then continue again.

Images include use of smilies, the BB code

Computer seems to be doing ok, still getting popups, and AVG seems to be neutered (tray icon is there, but its not reporting any of its services working...)

The popups were random (and so far havent popped back up, but im suspicious since they have gone days w/o one)
Any browser, but pop up in Firefox (default)
Not sure, I rarely had no browser open.




On Preparing Done! in Security Check, it errors with netsh.exe

The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll

Dunno if this is an issue, so waiting to see if I should go forward anyway (it did pop up a log of sorts regardless)



All processes killed
========== OTL ==========
Error: No service named rpcapd) Remote Packet Capture Protocol v.0 (experimental was found to stop!
Service\Driver key rpcapd) Remote Packet Capture Protocol v.0 (experimental not found.
Service NFService stopped successfully!
Service NFService deleted successfully!
Service imap4d32 stopped successfully!
Service imap4d32 deleted successfully!
Service GoogleDesktopManager-092308-165331 stopped successfully!
Service GoogleDesktopManager-092308-165331 deleted successfully!
Service centennialclientagent stopped successfully!
Service centennialclientagent deleted successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-3220704123-1705262036-168104783-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\WINDOWS\system32\dds_trash_log.cmd moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix moved successfully.
C:\Documents and Settings\All Users\Application Data\3wypc81pasp27g3e0aetpba643751l426a77ix moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\wpiyhave0j0l moved successfully.
C:\Documents and Settings\All Users\Application Data\wpiyhave0j0l moved successfully.
C:\WINDOWS\system32\HJ82c.exe.b moved successfully.
C:\Documents and Settings\All Users\Application Data\Xmnj5x8.dat moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\556743u6e382q717x083h0cov2n3 moved successfully.
C:\Documents and Settings\All Users\Application Data\556743u6e382q717x083h0cov2n3 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56502 bytes

User: HP_Administrator
->Temp folder emptied: 31384341 bytes
->Temporary Internet Files folder emptied: 649789 bytes
->Java cache emptied: 636770 bytes
->FireFox cache emptied: 173753805 bytes
->Google Chrome cache emptied: 114963658 bytes
->Flash cache emptied: 473137012 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 14093 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 15574 bytes

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 299218 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 158734 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 758.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: HP_Administrator
->Java cache emptied: 0 bytes

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.32.0 log created on 02192012_204248

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\HP_Administrator\Local Settings\Temp\JET9CC3.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6a4.dat not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_d04.dat not found!

Registry entries deleted on Reboot...



Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 2012
ESET Online Scanner v3
Privatefirewall 7.0
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Spybot - Search & Destroy
Windows Defender
ThreatFire
HijackThis 2.0.2
CCleaner
WinCleaner Memory Optimizer Version 5.2
Java(TM) 6 Update 31
Out of date Java installed!
Adobe Flash Player 11.1.102.62
Mozilla Thunderbird (1.5.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
Privatefirewall 6.1 pfsvc.exe
Privacyware Privatefirewall 7.0 PFGUI.exe
``````````End of Log````````````


I call bullshit on "out of date" java...

Popup happened... (I was right to be suspicious!)

http://filter.popxml.com/search.php...1dOEiYsKUsWRQRhXxgRSVZEYFxXV04SIShKWUU=&xnx=1

GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:06 on 20/02/2012 (HP_Administrator)
Firefox version 3.5.5 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0987m8tw.default\extensions\
ctrltabpreview@extensions.hesslow.se [17:31 14/03/2007]
firebug@software.joehewitt.com [11:43 07/05/2007]
linkalert.conlan@addons.mozilla.com [21:47 24/05/2008]
piraton@enchufados.net [15:14 09/08/2007]
videodowloader@videodownloader.net [07:00 07/03/2007]
{075538f3-a7a9-498a-8e0d-12f2e2ff862a} [22:01 11/09/2007]
{0cdfdd5e-eea6-45ff-b035-81243cf02efb} [02:50 11/02/2007]
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [11:21 22/09/2008]
{35106bca-6c78-48c7-ac28-56df30b51d2a} [17:39 30/07/2008]
{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [18:54 01/08/2008]
{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} [23:37 02/09/2008]
{73a6fe31-595d-460b-a920-fcc0f8843232} [11:21 22/09/2008]
{77b819fa-95ad-4f2c-ac7c-486b356188a9} [04:01 18/06/2007]
{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [17:39 30/07/2008]
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [11:21 22/09/2008]
{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [03:35 07/06/2008]
{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [18:04 30/08/2010]
{c50ca3c4-5656-43c2-a061-13e717f73fc8} [17:39 30/07/2008]
{C985DAC8-338E-11DB-8AF6-B622A1EF5492} [15:15 16/03/2007]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [15:15 19/06/2008]
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [15:15 19/06/2008]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [15:15 19/06/2008]
{F807FACD-E46A-4793-B345-D58CB177673C} [11:21 22/09/2008]

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\o17z89r9.Firefox3\extensions\
betterfacebook@mattkruse.com [04:34 10/09/2011]
DeviceDetection@logitech.com [02:01 11/08/2011]
firebug@software.joehewitt.com [04:38 13/05/2010]
lazarus@interclue.com [04:34 10/09/2011]
linkalert.conlan@addons.mozilla.com [21:03 28/06/2011]
staged-xpis [05:27 03/10/2009]
VacuumPlaces@revertron.com [16:30 04/10/2009]
weatherwatcherlive@singerscreations.com [21:03 28/06/2011]
webmaster@keep-tube.com [04:38 13/05/2010]
{075538f3-a7a9-498a-8e0d-12f2e2ff862a} [17:52 07/09/2009]
{0cdfdd5e-eea6-45ff-b035-81243cf02efb} [05:11 13/10/2008]
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [04:33 10/09/2011]
{35106bca-6c78-48c7-ac28-56df30b51d2a} [04:31 27/04/2010]
{37E4D8EA-8BDA-4831-8EA1-89053939A250} [21:03 28/06/2011]
{3EC9C995-8072-4fc0-953E-4F30620D17F3} [06:14 28/07/2009]
{45d8ff86-d909-11db-9705-005056c00008} [19:25 19/12/2010]
{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [21:04 28/06/2011]
{563e4790-7e70-11da-a72b-0800200c9a66} [04:33 10/09/2011]
{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} [02:30 29/09/2009]
{71328583-3CA7-4809-B4BA-570A85818FBB} [15:09 05/01/2012]
{73a6fe31-595d-460b-a920-fcc0f8843232} [04:33 10/09/2011]
{77b819fa-95ad-4f2c-ac7c-486b356188a9} [12:36 06/06/2009]
{8F6A6FD9-0619-459f-B9D0-81DE065D4E21} [04:31 27/04/2010]
{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [04:38 13/05/2010]
{9f94fab0-58a2-11dd-ae16-0800200c9a66} [12:20 31/08/2009]
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [02:01 11/08/2011]
{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [19:25 19/12/2010]
{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [18:04 30/08/2010]
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [19:52 13/11/2011]
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [19:52 13/11/2011]
{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [20:43 29/10/2011]
{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [02:01 11/08/2011]
{c50ca3c4-5656-43c2-a061-13e717f73fc8} [04:33 10/09/2011]
{cd617372-6743-4ee4-bac4-fbf60f35719e} [20:42 16/10/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [02:01 11/08/2011]
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [19:25 19/12/2010]
{DDC359D1-844A-42a7-9AA1-88A850A938A8} [21:04 28/06/2011]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [09:48 13/08/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"web-accelerator@google.com"="C:\Program Files\Google\Web Accelerator\firefox" [16:01 26/01/2007]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [03:09 18/04/2009]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG2012\Firefox4\" [21:35 19/02/2012]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG2012\Firefox\" [21:35 19/02/2012]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [04:51 20/02/2012]

-=E.O.F=-

AVG is popping up MRXSMB.sys

Farbar Service Scanner Version: 13-02-2012
Ran by HP_Administrator (administrator) on 20-02-2012 at 17:47:57
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Yahoo IP returend error: Yahoo IP is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainP

rofile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standar

dProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2004-08-09 16:00] - [2006-05-19 07:59] - 0111616 ____N (Microsoft Corporation)

EF545E1A4B043DA4C84E230DD471C55F

C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-09 16:00] - [2008-08-14 04:51] - 0138368 ____A (Microsoft Corporation)

55E6E1C51B6D30E54335750955453702

C:\WINDOWS\system32\Drivers\netbt.sys
[2012-02-12 20:42] - [2004-08-09 16:00] - 0162816 ____A (Microsoft Corporation)

0C80E410CD2F47134407EE7DD19CC86B

C:\WINDOWS\system32\Drivers\tcpip.sys
[2004-08-09 16:00] - [2008-06-20 05:45] - 0360320 ____A (Microsoft Corporation)

2A5554FC5B1E04E131230E3CE035C3F9

C:\WINDOWS\system32\Drivers\ipsec.sys
[2004-08-09 16:00] - [2004-08-09 16:00] - 0074752 ____A (Microsoft Corporation)

64537AA5C003A6AFEEE1DF819062D0D1

C:\WINDOWS\system32\dnsrslvr.dll
[2004-08-09 16:00] - [2008-02-20 00:32] - 0045568 ____A (Microsoft Corporation)

AAC8FFBFD61E784FA3BAC851D4A0BD5F

C:\WINDOWS\system32\ipnathlp.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0331264 ____N (Microsoft Corporation)

36CC8C01B5E50163037BEF56CB96DEFF

C:\WINDOWS\system32\netman.dll
[2004-08-09 16:00] - [2005-08-22 13:29] - 0197632 ____A (Microsoft Corporation)

36739B39267914BA69AD0610A0299732

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0144896 ____N (Microsoft Corporation)

F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\srsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0170496 ____N (Microsoft Corporation)

92BDF74F12D6CBEC43C94D4B7F804838

C:\WINDOWS\system32\Drivers\sr.sys
[2004-08-09 16:00] - [2004-08-09 16:00] - 0073472 ____N (Microsoft Corporation)

E41B6D037D6CD08461470AF04500DC24

C:\WINDOWS\system32\wscsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0081408 ____A (Microsoft Corporation)

4D59DAA66C60858CDF4F67A900F42D4A

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0144896 ____N (Microsoft Corporation)

F399242A80C4066FD155EFA4CF96658E

C:\WINDOWS\system32\wuauserv.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0006656 ____A (Microsoft Corporation)

13D72740963CBA12D9FF76A7F218BCD8

C:\WINDOWS\system32\qmgr.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0382464 ____N (Microsoft Corporation)

2C69EC7E5A311334D10DD95F338FCCEA

C:\WINDOWS\system32\es.dll
[2004-08-09 16:00] - [2008-07-07 15:32] - 0253952 ____A (Microsoft Corporation)

60D1A6342238378BFB7545C81EE3606C

C:\WINDOWS\system32\cryptsvc.dll
[2004-08-09 16:00] - [2004-08-09 16:00] - 0060416 ____N (Microsoft Corporation)

10654F9DDCEA9C46CFB77554231BE73B

C:\WINDOWS\system32\svchost.exe
[2004-08-09 16:00] - [2004-08-09 16:00] - 0014336 ____N (Microsoft Corporation)

8F078AE4ED187AAABC0A305146DE6716

C:\WINDOWS\system32\rpcss.dll
[2004-08-09 16:00] - [2009-02-09 05:20] - 0399360 ____A (Microsoft Corporation)

01095FEBF33BEEA00C2A0730B9B3EC28

C:\WINDOWS\system32\services.exe
[2004-08-09 16:00] - [2009-02-06 12:14] - 0110592 ____N (Microsoft Corporation)

37561F8D4160D62DA86D24AE41FAE8DE


Extra List:
=======
Avgtdix(14) Bridge(12) BridgeMP(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) pwipf6(13) Tcpip(3)
0x0E00000004000000010000000200000003000000080000000A0000000E000000050000000600000007000000090000000B

0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

C:\Documents and Settings\HP_Administrator\Desktop\Stuff\xnews\downloads\d-1036me1\DVT.rar

probably a variant of Win32/Agent.CXGAPFH trojan deleted - quarantined
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\asc-setup.exe a variant of

Win32/Toolbar.Widgi application deleted - quarantined
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\gamebooster.exe a variant of

Win32/Toolbar.Widgi application deleted - quarantined
C:\Downloads\Astral.Masters.v1.4.WinALL.Incl.Keygen.ECLiPSE.zip probably a variant of

Win32/Agent.DRHDRYQ trojan deleted - quarantined
C:\Downloads\Temp\Babylon8_setup.exe a variant of Win32/Toolbar.Babylon application deleted -

quarantined
C:\Downloads\Temp\cnet2_pgsetup_exe.exe a variant of Win32/InstallCore.D application cleaned by

deleting - quarantined
C:\Downloads\Temp\freez_online_tv.exe Win32/Adware.ADON application deleted - quarantined
C:\Downloads\Temp\sophie_nudealbum_june7.zip a variant of Win32/Injector.AIB trojan deleted -

quarantined
C:\GamesCampus\SoulMaster\smc.exe a variant of Win32/Packed.Themida application cleaned by

deleting - quarantined
C:\hp\bin\wbug\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application

deleted - quarantined
C:\mirc\xserv.mrc IRC/Azzura trojan cleaned by deleting - quarantined
C:\Program Files\Internet\Hirc\download\mircbot.zip IRC/Azzura trojan deleted -

quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\dtsoftbus01.sys.vir a variant of

Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir a variant of Win32/Sirefef.DA trojan

cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\serial.sys.vir a variant of Win32/Sirefef.DA trojan

cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180246.com

Win32/TrojanDownloader.Unruy.BN trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180262.sys a

variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180311.exe a

variant of Win32/Toolbar.Babylon application deleted - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180312.exe a

variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180313.exe

Win32/Adware.ADON application deleted - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180314.exe a

variant of Win32/Packed.Themida application cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180315.exe a

variant of Win32/Toolbar.MyWebSearch application deleted - quarantined
C:\WINDOWS\system32\sfsync02.dll probably a variant of Win32/Sirefef.ER trojan cleaned by

deleting - quarantined
C:\WINDOWS\system32\Vundo.7z multiple threats deleted - quarantined
C:\WINDOWS\system32\w810bus.dll probably a variant of Win32/Sirefef.ER trojan cleaned by deleting

- quarantined
C:\WINDOWS\system32\drivers\mrxsmb.sys a variant of Win32/Sirefef.DA trojan unable to clean
D:\I386\APPS\APP14197\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch

application deleted - quarantined
D:\I386\APPS\APP14197\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch

application deleted - quarantined
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180338.exe a

variant of Win32/Toolbar.MyWebSearch application deleted - quarantined
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP479\A0180339.exe a

variant of Win32/Toolbar.MyWebSearch application deleted - quarantined
J:\Documents and Settings\All Users\Start Menu\Programs\Internet Tools\Webcamspy\Help\Webcam Spy

Supportpage.lnk LNK/URL.B trojan cleaned by deleting - quarantined
J:\Documents and Settings\Circuit City\Desktop\Stuff\wwwhack\more_names.txt probably a variant

of Win32/IRCBot.JSAITPW trojan cleaned by deleting - quarantined
J:\Downloads\Torrents\Fallout.3.FinalFix.Skullptura.rar probably a variant of Win32/Agent.DSLWBHV

trojan deleted - quarantined
J:\Downloads\Torrents\MorphVox Pro 4.2.0.0 + patch by [misterT].zip a variant of

Win32/Injector.AIB trojan deleted - quarantined
J:\Downloads\Torrents\Extreme Se7en 2010 Ultimate [Final + SP3]\[WinXP] Extreme Se7en 2010 Ultimate

[Final + SP3] Created By Jcberry526 [CW OS Team].iso multiple threats deleted -

quarantined
J:\Downloads\Torrents\SoulMaster_Setup\SoulMaster_Setup.exe a variant of Win32/Packed.Themida

application deleted - quarantined
J:\Downloads\Torrents\Virtual Sex_Doctor and Nurse-[games anime hentai games]\Doc_and_Nurse.rar a

variant of Win32/Chepdu.AC trojan deleted - quarantined
J:\Downloads\Torrents\WM.Recorder.v10.1.Incl.Keygen.and.Patch-

iNFECTED\WM.Recorder.v10.1.Incl.Keygen.and.Patch-iNFECTED.ZIP probably a variant of

Win32/Agent.FJRKSRJ trojan deleted - quarantined
K:\mIRCbot.zip IRC/Azzura trojan deleted - quarantined
K:\CDS\[WinXP] Extreme Se7en 2010 Ultimate [Final + SP3] Created By Jcberry526 [CW OS Team].iso

multiple threats deleted - quarantined
K:\Download\3DSexVilla.2.058.002.Full.Offline.By.FreeCoder.zip a variant of Win32/Inject.NDT trojan

deleted - quarantined
Operating memory Win32/Sirefef.DN trojan

Was waiting just a bit for something to finish when a 'delayed write failed' error popped up and froze the system. Now it isn't booting normally and I can only get into a very slow safe mode. I have tdss downloaded before it did this despite 'bad write' issues. Should I just do it in safe mode or try what worked before (Surface scan from a boot cd) and run in normal mode?

Wasn't a tool. Just a movie that I didn't think would take more than a few minutes to finish downloading. I hadn't seen that error pop up in a week or so and kinda hoped it was gone.

15:13:54.0968 1580 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
15:13:55.0062 1580 ============================================================
15:13:55.0062 1580 Current date / time: 2012/02/24 15:13:55.0062
15:13:55.0062 1580 SystemInfo:
15:13:55.0062 1580
15:13:55.0062 1580 OS Version: 5.1.2600 ServicePack: 2.0
15:13:55.0062 1580 Product type: Workstation
15:13:55.0062 1580 ComputerName: ELENGIL
15:13:55.0062 1580 UserName: HP_Administrator
15:13:55.0062 1580 Windows directory: C:\WINDOWS
15:13:55.0062 1580 System windows directory: C:\WINDOWS
15:13:55.0062 1580 Processor architecture: Intel x86
15:13:55.0062 1580 Number of processors: 6
15:13:55.0062 1580 Page size: 0x1000
15:13:55.0062 1580 Boot type: Safe boot
15:13:55.0062 1580 ============================================================
15:14:20.0093 1580 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DCE0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFE, Type 'K0', Flags 0x00000054
15:14:20.0109 1580 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:14:20.0125 1580 Drive \Device\Harddisk2\DR2 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:14:20.0187 1580 \Device\Harddisk0\DR0:
15:14:20.0187 1580 MBR used
15:14:20.0187 1580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x249ED825
15:14:20.0203 1580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x249ED8A3, BlocksNum 0x4FD1811E
15:14:20.0203 1580 \Device\Harddisk1\DR1:
15:14:20.0203 1580 MBR used
15:14:20.0203 1580 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x242776FE
15:14:20.0203 1580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2427B5FE, BlocksNum 0x11B20C3
15:14:20.0203 1580 \Device\Harddisk2\DR2:
15:14:20.0203 1580 MBR used
15:14:20.0218 1580 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x4B0E7A2, BlocksNum 0xE7A66D1
15:14:20.0593 1580 Initialize success
15:14:20.0593 1580 ============================================================
15:14:31.0984 1600 ============================================================
15:14:31.0984 1600 Scan started
15:14:31.0984 1600 Mode: Manual;
15:14:31.0984 1600 ============================================================
15:14:33.0171 1600 .avgtdix - ok
15:14:33.0187 1600 .dtsoftbus01 - ok
15:14:33.0218 1600 .redbook - ok
15:14:33.0687 1600 Abiosdsk - ok
15:14:34.0140 1600 abp480n5 - ok
15:14:34.0718 1600 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:14:34.0828 1600 ACPI - ok
15:14:35.0296 1600 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:14:35.0296 1600 ACPIEC - ok
15:14:35.0765 1600 adpu160m - ok
15:14:36.0296 1600 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
15:14:36.0375 1600 aec - ok
15:14:36.0921 1600 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
15:14:37.0031 1600 AFD - ok
15:14:37.0500 1600 AFGMp50 - ok
15:14:37.0968 1600 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
15:14:37.0984 1600 AFGSp50 - ok
15:14:38.0421 1600 Aha154x - ok
15:14:38.0843 1600 aic78u2 - ok
15:14:39.0328 1600 aic78xx - ok
15:14:39.0781 1600 AliIde - ok
15:14:40.0281 1600 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
15:14:40.0296 1600 AmdK8 - ok
15:14:40.0828 1600 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
15:14:40.0875 1600 AmdPPM - ok
15:14:41.0312 1600 amsint - ok
15:14:41.0796 1600 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
15:14:41.0812 1600 androidusb - ok
15:14:42.0296 1600 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
15:14:42.0312 1600 aracpi - ok
15:14:42.0796 1600 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
15:14:42.0796 1600 arhidfltr - ok
15:14:43.0281 1600 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
15:14:43.0281 1600 arkbcfltr - ok
15:14:43.0734 1600 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
15:14:43.0734 1600 armoucfltr - ok
15:14:44.0234 1600 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:14:44.0265 1600 Arp1394 - ok
15:14:44.0781 1600 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
15:14:44.0796 1600 ARPolicy - ok
15:14:45.0296 1600 asc - ok
15:14:45.0718 1600 asc3350p - ok
15:14:46.0140 1600 asc3550 - ok
15:14:46.0625 1600 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys
15:14:46.0625 1600 AsIO - ok
15:14:47.0078 1600 Aspi32 - ok
15:14:47.0546 1600 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:14:47.0546 1600 AsyncMac - ok
15:14:48.0078 1600 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:14:48.0078 1600 atapi - ok
15:14:48.0562 1600 Atdisk - ok
15:14:49.0046 1600 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:14:49.0093 1600 Atmarpc - ok
15:14:49.0625 1600 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:14:49.0625 1600 audstub - ok
15:14:50.0187 1600 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
15:14:50.0265 1600 AVGIDSDriver - ok
15:14:50.0750 1600 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
15:14:50.0765 1600 AVGIDSEH - ok
15:14:51.0250 1600 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
15:14:51.0265 1600 AVGIDSFilter - ok
15:14:51.0765 1600 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
15:14:51.0765 1600 AVGIDSShim - ok
15:14:52.0390 1600 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:14:52.0531 1600 Avgldx86 - ok
15:14:53.0015 1600 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:14:53.0046 1600 Avgmfx86 - ok
15:14:53.0546 1600 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:14:53.0578 1600 Avgrkx86 - ok
15:14:54.0031 1600 Avgtdix - ok
15:14:54.0546 1600 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
15:14:54.0546 1600 bb-run - ok
15:14:55.0046 1600 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:14:55.0046 1600 Beep - ok
15:14:55.0578 1600 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
15:14:55.0609 1600 Bridge - ok
15:14:55.0671 1600 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
15:14:55.0671 1600 BridgeMP - ok
15:14:56.0187 1600 BT848 (703ab1e942c1606c7e1ecaf8bf89dd66) C:\WINDOWS\system32\DRIVERS\BT848.sys
15:14:56.0187 1600 BT848 - ok
15:14:56.0687 1600 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
15:14:56.0687 1600 Cardex - ok
15:14:56.0796 1600 catchme - ok
15:14:57.0296 1600 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:14:57.0312 1600 cbidf2k - ok
15:14:57.0796 1600 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:14:57.0812 1600 CCDECODE - ok
15:14:58.0265 1600 cd20xrnt - ok
15:14:58.0734 1600 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:14:58.0750 1600 Cdaudio - ok
15:14:59.0281 1600 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
15:14:59.0312 1600 Cdfs - ok
15:14:59.0843 1600 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:14:59.0875 1600 Cdrom - ok
15:15:00.0375 1600 cfadisk (b9f8223f5edbdcb089969aec5406d95a) C:\WINDOWS\system32\DRIVERS\cfadisk.sys
15:15:00.0375 1600 cfadisk - ok
15:15:00.0828 1600 Changer - ok
15:15:01.0312 1600 CmdIde - ok
15:15:01.0750 1600 Cpqarray - ok
15:15:02.0218 1600 dac2w2k - ok
15:15:02.0656 1600 dac960nt - ok
15:15:03.0171 1600 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
15:15:03.0187 1600 Disk - ok
15:15:04.0109 1600 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
15:15:04.0593 1600 dmboot - ok
15:15:05.0187 1600 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
15:15:05.0265 1600 dmio - ok
15:15:05.0734 1600 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:15:05.0750 1600 dmload - ok
15:15:06.0250 1600 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
15:15:06.0281 1600 DMusic - ok
15:15:06.0750 1600 dpti2o - ok
15:15:07.0218 1600 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
15:15:07.0218 1600 drmkaud - ok
15:15:07.0703 1600 dtsoftbus01 - ok
15:15:08.0140 1600 EagleNT - ok
15:15:08.0640 1600 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
15:15:08.0671 1600 EAPPkt - ok
15:15:09.0250 1600 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
15:15:09.0328 1600 Fastfat - ok
15:15:09.0843 1600 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
15:15:09.0859 1600 Fdc - ok
15:15:10.0390 1600 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
15:15:10.0406 1600 FilterService - ok
15:15:10.0906 1600 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
15:15:10.0921 1600 Fips - ok
15:15:11.0390 1600 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:15:11.0406 1600 Flpydisk - ok
15:15:11.0937 1600 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:15:12.0031 1600 FltMgr - ok
15:15:12.0531 1600 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:15:12.0531 1600 Fs_Rec - ok
15:15:13.0046 1600 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:15:13.0125 1600 Ftdisk - ok
15:15:13.0671 1600 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
15:15:13.0765 1600 ftsata2 - ok
15:15:14.0187 1600 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
15:15:14.0328 1600 giveio - ok
15:15:14.0796 1600 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:15:14.0812 1600 Gpc - ok
15:15:15.0453 1600 hcwPP2 (9436fbf3ca45a0fb726856b409734d7a) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
15:15:15.0578 1600 hcwPP2 - ok
15:15:16.0125 1600 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:15:16.0125 1600 HDAudBus - ok
15:15:16.0625 1600 HidIr (07577916997e89563ed508c2ab6ff415) C:\WINDOWS\system32\DRIVERS\hidir.sys
15:15:16.0640 1600 HidIr - ok
15:15:17.0125 1600 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:15:17.0140 1600 HidUsb - ok
15:15:17.0578 1600 hpn - ok
15:15:18.0203 1600 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
15:15:18.0343 1600 HSXHWBS2 - ok
15:15:19.0343 1600 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
15:15:19.0859 1600 HSX_DP - ok
15:15:20.0406 1600 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
15:15:20.0421 1600 HTCAND32 - ok
15:15:21.0046 1600 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
15:15:21.0203 1600 HTTP - ok
15:15:21.0671 1600 i2omgmt - ok
15:15:22.0109 1600 i2omp - ok
15:15:22.0640 1600 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:15:22.0671 1600 i8042prt - ok
15:15:23.0187 1600 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:15:23.0203 1600 Imapi - ok
15:15:23.0687 1600 ini910u - ok
15:15:26.0531 1600 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:15:28.0890 1600 IntcAzAudAddService - ok
15:15:29.0390 1600 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:15:29.0390 1600 IntelIde - ok
15:15:29.0875 1600 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\drivers\intelppm.sys
15:15:29.0890 1600 intelppm - ok
15:15:30.0406 1600 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:15:30.0421 1600 Ip6Fw - ok
15:15:30.0937 1600 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:15:30.0968 1600 IpFilterDriver - ok
15:15:31.0421 1600 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:15:31.0437 1600 IpInIp - ok
15:15:31.0984 1600 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:15:32.0062 1600 IpNat - ok
15:15:32.0578 1600 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:15:32.0625 1600 IPSec - ok
15:15:33.0218 1600 IrBus (0461e205fa8870f9020ffe7c64721e75) C:\WINDOWS\system32\DRIVERS\IrBus.sys
15:15:33.0234 1600 IrBus - ok
15:15:33.0718 1600 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:15:33.0718 1600 IRENUM - ok
15:15:34.0218 1600 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:15:34.0234 1600 isapnp - ok
15:15:34.0734 1600 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys
15:15:34.0750 1600 ivusb - ok
15:15:35.0250 1600 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:15:35.0265 1600 Kbdclass - ok
15:15:35.0765 1600 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:15:35.0781 1600 kbdhid - ok
15:15:36.0343 1600 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
15:15:36.0437 1600 kmixer - ok
15:15:36.0984 1600 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
15:15:37.0031 1600 KSecDD - ok
15:15:37.0515 1600 L8042Kbd (58759156a6918913edd368f995be3e53) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:15:37.0531 1600 L8042Kbd - ok
15:15:38.0015 1600 L8042mou (973f78482aa2f2760323900b3a501c40) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
15:15:38.0046 1600 L8042mou - ok
15:15:38.0218 1600 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
15:15:38.0234 1600 Lavasoft Kernexplorer - ok
15:15:38.0765 1600 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
15:15:38.0796 1600 Lbd - ok
15:15:39.0281 1600 LBeepKE (5644acfa1b281ce2212353552147d1a0) C:\WINDOWS\system32\Drivers\LBeepKE.sys
15:15:39.0281 1600 LBeepKE - ok
15:15:39.0734 1600 lbrtfdc - ok
15:15:40.0218 1600 LEqdUsb (0fe8fefe98626509661b50ea20ecd129) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
15:15:40.0250 1600 LEqdUsb - ok
15:15:40.0781 1600 LHidEqd (93657522a5dd7da4c81fb347973ae01c) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
15:15:40.0781 1600 LHidEqd - ok
15:15:41.0296 1600 LHidFilt (05d6b85ecc3204931923ab7940b9596e) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:15:41.0296 1600 LHidFilt - ok
15:15:41.0828 1600 LMouFilt (053dbcc1082fdf74ab145a71917a6556) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:15:41.0828 1600 LMouFilt - ok
15:15:42.0328 1600 LMouKE (2a3e4db78b20b2cd2c548a48a8e6b1b7) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
15:15:42.0375 1600 LMouKE - ok
15:15:42.0859 1600 LUsbFilt (95dab70d56bbac7ddb7e6d0017d71369) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
15:15:42.0859 1600 LUsbFilt - ok
15:15:43.0390 1600 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
15:15:43.0453 1600 lvpopflt - ok
15:15:43.0937 1600 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
15:15:43.0953 1600 LVPr2Mon - ok
15:15:44.0546 1600 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
15:15:44.0703 1600 LVRS - ok
15:15:48.0796 1600 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
15:15:52.0484 1600 LVUVC - ok
15:15:53.0015 1600 mcdbus (cf156a4797551f88fea61567e052dcec) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
15:15:53.0062 1600 mcdbus - ok
15:15:53.0546 1600 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:15:53.0562 1600 mdmxsdk - ok
15:15:54.0031 1600 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:15:54.0031 1600 MHNDRV - ok
15:15:54.0484 1600 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:15:54.0500 1600 mnmdd - ok
15:15:54.0968 1600 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
15:15:54.0984 1600 Modem - ok
15:15:55.0468 1600 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:15:55.0468 1600 Mouclass - ok
15:15:55.0953 1600 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:15:55.0953 1600 mouhid - ok
15:15:56.0468 1600 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
15:15:56.0484 1600 MountMgr - ok
15:15:56.0937 1600 mraid35x - ok
15:15:57.0484 1600 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:15:57.0593 1600 MRxDAV - ok
15:15:58.0312 1600 MRxSmb (a2c21446c741fde74afb3efc779b9d25) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:15:58.0546 1600 MRxSmb ( Virus.Win32.ZAccess.c ) - infected
15:15:58.0546 1600 MRxSmb - detected Virus.Win32.ZAccess.c (0)
15:15:59.0046 1600 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
15:15:59.0062 1600 Msfs - ok
15:15:59.0531 1600 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:15:59.0531 1600 MSKSSRV - ok
15:16:00.0031 1600 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:16:00.0031 1600 MSPCLOCK - ok
15:16:00.0531 1600 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
15:16:00.0531 1600 MSPQM - ok
15:16:01.0000 1600 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:16:01.0000 1600 mssmbios - ok
15:16:01.0500 1600 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
15:16:01.0500 1600 MSTEE - ok
15:16:01.0984 1600 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
15:16:01.0984 1600 MTsensor - ok
15:16:02.0515 1600 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
15:16:02.0593 1600 Mup - ok
15:16:03.0140 1600 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:16:03.0203 1600 NABTSFEC - ok
15:16:03.0734 1600 NCHSSVAD (0df9cc7b5cc173f545723f23e68fac93) C:\WINDOWS\system32\drivers\nchssvad.sys
15:16:03.0750 1600 NCHSSVAD - ok
15:16:04.0328 1600 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
15:16:04.0437 1600 NDIS - ok
15:16:04.0921 1600 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:16:04.0921 1600 NdisIP - ok
15:16:05.0437 1600 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:16:05.0437 1600 NdisTapi - ok
15:16:05.0937 1600 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:16:05.0937 1600 Ndisuio - ok
15:16:06.0515 1600 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:16:06.0593 1600 NdisWan - ok
15:16:07.0093 1600 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
15:16:07.0125 1600 NDProxy - ok
15:16:07.0593 1600 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:16:07.0609 1600 NetBIOS - ok
15:16:08.0203 1600 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:16:08.0296 1600 NetBT - ok
15:16:08.0828 1600 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:16:08.0859 1600 NIC1394 - ok
15:16:09.0390 1600 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
15:16:09.0421 1600 nm - ok
15:16:09.0937 1600 NPF (243126da7ba441d7c7c3262dcf435a9c) C:\WINDOWS\system32\drivers\npf.sys
15:16:09.0953 1600 NPF - ok
15:16:10.0453 1600 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
15:16:10.0468 1600 Npfs - ok
15:16:10.0921 1600 npkcrypt - ok
15:16:11.0390 1600 npkycryp - ok
15:16:11.0843 1600 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
15:16:11.0953 1600 NPPTNT2 - ok
15:16:12.0750 1600 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
15:16:13.0078 1600 Ntfs - ok
15:16:13.0593 1600 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:16:13.0593 1600 Null - ok
15:16:14.0078 1600 nusb3hub (9a3879b890f395ef8007a69543b56e8d) C:\WINDOWS\system32\DRIVERS\nusb3hub.sys
15:16:14.0125 1600 nusb3hub - ok
15:16:14.0687 1600 nusb3xhc (61c3a3c6b35f596831358d954d20712f) C:\WINDOWS\system32\DRIVERS\nusb3xhc.sys
15:16:14.0765 1600 nusb3xhc - ok
15:16:20.0687 1600 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:16:26.0093 1600 nv - ok
15:16:26.0593 1600 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:16:26.0640 1600 NVENETFD - ok
15:16:27.0203 1600 NVHDA (50acb7253d1104e5917e15a0670d63d5) C:\WINDOWS\system32\drivers\nvhda32.sys
15:16:27.0281 1600 NVHDA - ok
15:16:27.0781 1600 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:16:27.0796 1600 nvnetbus - ok
15:16:28.0281 1600 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:16:28.0281 1600 NwlnkFlt - ok
15:16:28.0765 1600 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:16:28.0781 1600 NwlnkFwd - ok
15:16:29.0281 1600 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:16:29.0328 1600 ohci1394 - ok
15:16:29.0859 1600 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
15:16:29.0890 1600 Parport - ok
15:16:30.0375 1600 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
15:16:30.0390 1600 PartMgr - ok
15:16:30.0859 1600 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:16:30.0859 1600 ParVdm - ok
15:16:31.0375 1600 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
15:16:31.0390 1600 PCASp50 - ok
15:16:31.0953 1600 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
15:16:31.0984 1600 PCI - ok
15:16:32.0421 1600 PCIDump - ok
15:16:32.0890 1600 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:16:32.0906 1600 PCIIde - ok
15:16:33.0437 1600 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:16:33.0500 1600 Pcmcia - ok
15:16:33.0968 1600 PDCOMP - ok
15:16:34.0406 1600 PDFRAME - ok
15:16:34.0890 1600 PDIDRV - ok
15:16:35.0359 1600 PDRELI - ok
15:16:35.0812 1600 PDRFRAME - ok
15:16:36.0265 1600 perc2 - ok
15:16:36.0718 1600 perc2hib - ok
15:16:36.0875 1600 pgfilter (79bad6756154335d5304f0fe39961f5b) C:\Program Files\PeerGuardian2\pgfilter.sys
15:16:36.0890 1600 pgfilter - ok
15:16:37.0406 1600 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:16:37.0421 1600 PptpMiniport - ok
15:16:37.0875 1600 PQNTDrv - ok
15:16:38.0359 1600 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
15:16:38.0375 1600 Processor - ok
15:16:38.0875 1600 PROCEXP113 (36c46561fdc566fd4943216aba090343) C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
15:16:38.0890 1600 PROCEXP113 - ok
15:16:39.0343 1600 procguard - ok
15:16:39.0828 1600 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
15:16:39.0843 1600 Ps2 - ok
15:16:40.0375 1600 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
15:16:40.0406 1600 PSched - ok
15:16:40.0890 1600 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:16:40.0906 1600 Ptilink - ok
15:16:41.0468 1600 pwipf6 (8c8eb906238b79b30621e0756d8eefe8) C:\WINDOWS\system32\DRIVERS\pwipf6.sys
15:16:41.0546 1600 pwipf6 - ok
15:16:42.0031 1600 PxHelp20 - ok
15:16:42.0500 1600 ql1080 - ok
15:16:42.0937 1600 Ql10wnt - ok
15:16:43.0390 1600 ql12160 - ok
15:16:43.0828 1600 ql1240 - ok
15:16:44.0265 1600 ql1280 - ok
15:16:44.0734 1600 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:16:44.0750 1600 RasAcd - ok
15:16:45.0250 1600 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:16:45.0281 1600 Rasl2tp - ok
15:16:45.0781 1600 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:16:45.0812 1600 RasPppoe - ok
15:16:46.0281 1600 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:16:46.0281 1600 Raspti - ok
15:16:46.0843 1600 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:16:46.0953 1600 Rdbss - ok
15:16:47.0468 1600 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:16:47.0468 1600 RDPCDD - ok
15:16:48.0031 1600 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:16:48.0140 1600 rdpdr - ok
15:16:48.0687 1600 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
15:16:48.0765 1600 RDPWD - ok
15:16:49.0234 1600 redbook - ok
15:16:49.0750 1600 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:16:49.0765 1600 rtl8139 - ok
15:16:50.0562 1600 RTL8192su (94fd6cab93f06045efd3068eba874e65) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
15:16:50.0875 1600 RTL8192su - ok
15:16:51.0437 1600 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:16:51.0515 1600 RTLE8023xp - ok
15:16:52.0046 1600 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:16:52.0062 1600 Secdrv - ok
15:16:52.0562 1600 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:16:52.0562 1600 Serenum - ok
15:16:53.0078 1600 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
15:16:53.0125 1600 Serial - ok
15:16:53.0625 1600 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:16:53.0625 1600 Sfloppy - ok
15:16:54.0093 1600 Simbad - ok
15:16:54.0515 1600 SjyPkt - ok
15:16:55.0000 1600 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:16:55.0000 1600 SLIP - ok
15:16:55.0453 1600 Sparrow - ok
15:16:55.0875 1600 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
15:16:55.0921 1600 speedfan - ok
15:16:56.0390 1600 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
15:16:56.0390 1600 splitter - ok
15:16:56.0890 1600 sptd (703ab1e942c1606c7e1ecaf8bf89dd66) C:\WINDOWS\System32\Drivers\sptd.sys
15:16:56.0906 1600 sptd - ok
15:16:57.0437 1600 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
15:16:57.0484 1600 sr - ok
15:16:58.0125 1600 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
15:16:58.0328 1600 Srv - ok
15:16:58.0875 1600 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
15:16:58.0937 1600 ssadbus - ok
15:16:59.0421 1600 ssadmdfl (703ab1e942c1606c7e1ecaf8bf89dd66) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
15:16:59.0421 1600 ssadmdfl - ok
15:16:59.0906 1600 ssadmdm (703ab1e942c1606c7e1ecaf8bf89dd66) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
15:16:59.0921 1600 ssadmdm - ok
15:17:00.0406 1600 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
15:17:00.0406 1600 StarOpen - ok
15:17:00.0890 1600 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:17:00.0906 1600 streamip - ok
15:17:01.0562 1600 supersafer (28f0f7f8e4c9039289c80ca1385bc4b7) C:\WINDOWS\system32\drivers\supersafer.sys
15:17:01.0750 1600 supersafer - ok
15:17:02.0218 1600 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:17:02.0234 1600 swenum - ok
15:17:02.0750 1600 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:17:02.0781 1600 swmidi - ok
15:17:03.0281 1600 sxuptp (703ab1e942c1606c7e1ecaf8bf89dd66) C:\WINDOWS\system32\DRIVERS\sxuptp.sys
15:17:03.0281 1600 sxuptp - ok
15:17:03.0718 1600 symc810 - ok
15:17:04.0156 1600 symc8xx - ok
15:17:04.0609 1600 sym_hi - ok
15:17:05.0031 1600 sym_u3 - ok
15:17:05.0546 1600 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:17:05.0578 1600 sysaudio - ok
15:17:06.0078 1600 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
15:17:06.0078 1600 TBPanel - ok
15:17:06.0781 1600 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:17:06.0968 1600 Tcpip - ok
15:17:07.0453 1600 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:17:07.0468 1600 TDPIPE - ok
15:17:07.0937 1600 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
15:17:07.0953 1600 TDTCP - ok
15:17:08.0437 1600 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:17:08.0453 1600 TermDD - ok
15:17:08.0968 1600 TfFsMon (a56ec942ecabfb7849bfa76060f929fb) C:\WINDOWS\system32\drivers\TfFsMon.sys
15:17:09.0000 1600 TfFsMon - ok
15:17:09.0531 1600 TfNetMon (917ef522563f6047685486efa486fb3c) C:\WINDOWS\system32\drivers\TfNetMon.sys
15:17:09.0562 1600 TfNetMon - ok
15:17:10.0078 1600 TfSysMon (57edbb5fe7ff09bb21121d13bb950ba5) C:\WINDOWS\system32\drivers\TfSysMon.sys
15:17:10.0125 1600 TfSysMon - ok
15:17:10.0578 1600 TosIde - ok
15:17:11.0093 1600 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
15:17:11.0140 1600 Udfs - ok
15:17:11.0609 1600 ultra - ok
15:17:12.0171 1600 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
15:17:12.0281 1600 Update - ok
15:17:12.0828 1600 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
15:17:12.0859 1600 usbaudio - ok
15:17:13.0359 1600 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:17:13.0375 1600 usbccgp - ok
15:17:13.0875 1600 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:17:13.0890 1600 usbehci - ok
15:17:14.0375 1600 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:17:14.0406 1600 usbhub - ok
15:17:14.0875 1600 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:17:14.0890 1600 usbohci - ok
15:17:15.0359 1600 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:17:15.0375 1600 usbscan - ok
15:17:15.0890 1600 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:17:15.0906 1600 usbstor - ok
15:17:16.0375 1600 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:17:16.0390 1600 usbuhci - ok
15:17:16.0890 1600 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:17:16.0953 1600 usbvideo - ok
15:17:17.0531 1600 VBoxDrv (12525f65e8c561b66e0bce2de2018c0c) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
15:17:17.0593 1600 VBoxDrv - ok
15:17:18.0109 1600 VBoxUSBMon (4ac4d33350cdd927cd575934cf983e68) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
15:17:18.0125 1600 VBoxUSBMon - ok
15:17:18.0625 1600 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
15:17:18.0625 1600 VgaSave - ok
15:17:20.0234 1600 VIAHdAudAddService (3082f6f16f90ebcc85bf2a3d9880f3c5) C:\WINDOWS\system32\drivers\viahduaa.sys
15:17:21.0406 1600 VIAHdAudAddService - ok
15:17:21.0906 1600 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:17:21.0906 1600 ViaIde - ok
15:17:21.0953 1600 VirtualFD (2d8d84d0b90c9055c0b83050d8a17a89) C:\VFD\vfd.sys
15:17:21.0968 1600 VirtualFD - ok
15:17:22.0468 1600 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
15:17:22.0500 1600 VolSnap - ok
15:17:22.0984 1600 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:17:23.0000 1600 Wanarp - ok
15:17:23.0765 1600 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:17:23.0765 1600 Wdf01000 - ok
15:17:24.0203 1600 WDICA - ok
15:17:24.0718 1600 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
15:17:24.0765 1600 wdmaud - ok
15:17:25.0609 1600 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
15:17:26.0000 1600 winachsx - ok
15:17:26.0562 1600 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:17:26.0562 1600 WmiAcpi - ok
15:17:27.0093 1600 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
15:17:27.0125 1600 WpdUsb - ok
15:17:27.0656 1600 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:17:27.0671 1600 WS2IFSL - ok
15:17:28.0187 1600 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:17:28.0187 1600 WSTCODEC - ok
15:17:28.0718 1600 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:17:28.0765 1600 WudfPf - ok
15:17:29.0281 1600 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:17:29.0328 1600 WudfRd - ok
15:17:29.0781 1600 XIRLINK - ok
15:17:29.0828 1600 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:17:29.0843 1600 \Device\Harddisk0\DR0 - ok
15:17:29.0875 1600 MBR (0x1B8) (ed18b096bc416bfb306882a7c2eba877) \Device\Harddisk1\DR1
15:17:29.0906 1600 \Device\Harddisk1\DR1 - ok
15:17:29.0937 1600 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk2\DR2
15:17:34.0250 1600 \Device\Harddisk2\DR2 - ok
15:17:34.0265 1600 Boot (0x1200) (b4e7675a9609f26a47f5597aa7d80b51) \Device\Harddisk0\DR0\Partition0
15:17:34.0265 1600 \Device\Harddisk0\DR0\Partition0 - ok
15:17:34.0281 1600 Boot (0x1200) (63692a67f6157d55c53814b86070c931) \Device\Harddisk0\DR0\Partition1
15:17:34.0281 1600 \Device\Harddisk0\DR0\Partition1 - ok
15:17:34.0296 1600 Boot (0x1200) (746b78273524474defce7f478965233d) \Device\Harddisk1\DR1\Partition0
15:17:34.0296 1600 \Device\Harddisk1\DR1\Partition0 - ok
15:17:34.0328 1600 Boot (0x1200) (3c751e0d229d8db11ca3c4ac39e217a3) \Device\Harddisk1\DR1\Partition1
15:17:34.0328 1600 \Device\Harddisk1\DR1\Partition1 - ok
15:17:34.0343 1600 Boot (0x1200) (357315808c931252d0bcb3c80d07bf1d) \Device\Harddisk2\DR2\Partition0
15:17:34.0343 1600 \Device\Harddisk2\DR2\Partition0 - ok
15:17:34.0343 1600 ============================================================
15:17:34.0343 1600 Scan finished
15:17:34.0343 1600 ============================================================
15:17:34.0359 1592 Detected object count: 1
15:17:34.0359 1592 Actual detected object count: 1
15:42:09.0046 1592 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
15:42:09.0390 1592 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\mrxsmb.sys) error 1813
15:42:16.0031 1592 Backup copy found, using it..
15:42:16.0328 1592 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
15:42:55.0265 1592 MRxSmb ( Virus.Win32.ZAccess.c ) - User select action: Cure
15:44:13.0843 1576 Deinitialize success