Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Analize the virus problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Analize the virus problem

Unread postby gpm18 » June 26th, 2012, 10:43 pm

Hi,
My computer seems to have virus or malware.
Some programs closed by themselves, such windows messenger live, I choose to remove this program, I will install it again, but first Ill like to see what could be the problem with my laptop..

This is the DDS.Txt- Notepad...Enclosed you will find the attach.txt-Notepad
thank you very much in advance!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by grace at 21:26:15 on 2012-06-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.51.1033.18.3998.2140 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\conime.exe
C:\Users\grace\AppData\Local\Temp\HouseCall32\housecall.bin
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer proporcionado por Yahoo!
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
TB: {AD06FB5F-FEF7-4A84-8C58-DCA34F8E3D36} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resourc ... oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
TCP: DhcpNameServer = 200.48.225.130 200.48.225.146
TCP: Interfaces\{6D39A6B8-8705-4543-B5A3-8FB557DAF24A} : DhcpNameServer = 200.48.225.130 200.48.225.146
TCP: Interfaces\{D28A5955-C488-4D29-8595-77952E726C60} : DhcpNameServer = 200.48.225.130 200.48.225.146
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
TB-X64: {AD06FB5F-FEF7-4A84-8C58-DCA34F8E3D36} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;WatchDog de AVG;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-18 193840]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\system32\DRIVERS\seehcri.sys --> C:\Windows\system32\DRIVERS\seehcri.sys [?]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9f90e19417b70;Servicio de actualización de Google (gupdate1c9f90e19417b70);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-29 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-29 133104]
S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-2 89920]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-18 365904]
S4 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-4-22 296320]
S4 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-4-22 116104]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-27 02:11:54 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-06-27 01:40:30 -------- d-----w- C:\Users\grace\AppData\Local\{A1B9FF72-A4F2-441D-9EDF-A1664E46E08D}
2012-06-27 01:40:07 -------- d-----w- C:\Users\grace\AppData\Roaming\AVG
2012-06-27 01:39:18 -------- d-----w- C:\Users\grace\AppData\Local\{EA89FAC6-36EF-4556-A8AD-461D2A2B038B}
2012-06-27 01:39:08 -------- d-----w- C:\Users\grace\AppData\Local\{64371FFA-EE5D-4396-B107-C0CA4EEAED64}
2012-06-26 00:32:48 -------- d-----w- C:\Users\grace\AppData\Local\{0DE39C79-EFC8-4B76-8FEC-6DB6C94EE6C7}
2012-06-26 00:32:35 -------- d-----w- C:\Users\grace\AppData\Local\{201756A9-7255-4DE0-A57C-99B18894000B}
2012-06-24 18:04:34 -------- d-----w- C:\Users\grace\AppData\Local\{9F7D865A-60C7-4544-AF15-29769BF62BDB}
2012-06-24 18:04:28 -------- d-----w- C:\Users\grace\AppData\Local\{54BC9F7C-D5A1-451E-8A17-F328EB6F34C3}
2012-06-24 04:22:10 -------- d-----w- C:\Users\grace\AppData\Local\{1D3EFA5F-582B-4164-B12B-43906F751FB4}
2012-06-24 04:22:01 -------- d-----w- C:\Users\grace\AppData\Local\{1697D277-9703-48D1-902F-4F092D60A398}
2012-06-23 14:20:27 -------- d-----w- C:\Users\grace\AppData\Local\{9D663760-DA99-4E3C-88C4-A0F52ACC7355}
2012-06-23 14:20:25 -------- d-----w- C:\Users\grace\AppData\Local\{9FEC1524-FD7D-408F-B568-6469BDCBDE50}
2012-06-22 17:49:24 -------- d-----w- C:\Users\grace\AppData\Local\{B0DE37E4-213D-4355-82F7-C1AF48358506}
2012-06-22 17:49:06 -------- d-----w- C:\Users\grace\AppData\Local\{B765AD8B-BFCB-4E62-ACD3-8F6041B616B0}
2012-06-22 04:08:26 73728 ---ha-w- C:\Users\grace\AppData\Roaming\RBRegEx550.dll
2012-06-22 04:08:26 39936 ---ha-w- C:\Users\grace\AppData\Roaming\RBShell555.dll
2012-06-22 01:41:44 -------- d-----w- C:\Users\grace\AppData\Local\{D1ADB0F6-0FAB-404C-A452-C701123FE64C}
2012-06-22 01:41:30 -------- d-----w- C:\Users\grace\AppData\Local\{F981BCC7-052D-435E-A94C-B02335F344E6}
2012-06-21 13:41:13 -------- d-----w- C:\Users\grace\AppData\Local\{7A3B092A-BD16-41C0-B599-BC3DF7A50B79}
2012-06-21 13:41:01 -------- d-----w- C:\Users\grace\AppData\Local\{AA8932DE-6D48-4B92-87CE-47468C3B4294}
2012-06-21 00:30:39 -------- d-----w- C:\Users\grace\AppData\Local\{3EC3A9CE-26F0-433E-AA38-BFDA6D4E2D25}
2012-06-21 00:30:38 -------- d-----w- C:\Users\grace\AppData\Local\{2ED0BD01-6E34-4675-95A5-BA37F0107719}
2012-06-19 23:52:06 -------- d-----w- C:\Users\grace\AppData\Local\{7EF33447-2E34-47E3-9A08-EEBC32DEDCFA}
2012-06-19 23:52:05 -------- d-----w- C:\Users\grace\AppData\Local\{D47B2524-1FAB-43B8-814D-55E3F61A8B69}
2012-06-19 01:56:21 -------- d-----w- C:\Users\grace\AppData\Local\{C1C23EEE-61D4-4836-AF75-3A5DF3C1915B}
2012-06-19 01:56:17 -------- d-----w- C:\Users\grace\AppData\Local\{2A9E83BA-2877-4DA2-B34C-1F58DBBC0D7D}
2012-06-18 03:49:50 -------- d-----w- C:\Users\grace\AppData\Local\{040BB49F-7085-447E-A088-E968F0848FC0}
2012-06-18 03:49:38 -------- d-----w- C:\Users\grace\AppData\Local\{17D2B49E-C438-4A6F-AA11-BA2FE1C37660}
2012-06-17 15:49:25 -------- d-----w- C:\Users\grace\AppData\Local\{881B7FF9-8A84-4EC6-8F34-B2E92DE4B98C}
2012-06-17 01:43:38 -------- d-----w- C:\Users\grace\AppData\Local\{06DDFA57-0F48-4572-8EDF-634A4985C5AC}
2012-06-16 13:43:25 -------- d-----w- C:\Users\grace\AppData\Local\{B4C80E88-4F11-4BBF-A2D2-CA2197BDA2D8}
2012-06-16 00:29:24 -------- d-----w- C:\Users\grace\AppData\Local\{876498A2-767F-42DE-A066-D0FD07CCC4F4}
2012-06-15 00:28:36 -------- d-----w- C:\Users\grace\AppData\Local\{F9B42D59-C0FA-4BA8-82FB-16CDA525048B}
2012-06-14 02:43:14 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 02:40:07 2767360 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 02:39:58 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-14 02:39:58 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-14 02:39:58 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-14 02:39:58 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-14 02:39:58 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-14 02:39:58 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-14 00:10:45 -------- d-----w- C:\Users\grace\AppData\Local\{A5C8CBC0-5C0D-4C37-9045-5EE0C02320FF}
2012-06-14 00:10:33 -------- d-----w- C:\Users\grace\AppData\Local\{F03F614A-DFEE-4021-B44E-88D67FF28CDD}
2012-06-13 00:31:36 -------- d-----w- C:\Users\grace\AppData\Local\{13355DE4-B5F7-4CD8-A1C4-0D4672909EE7}
2012-06-13 00:31:31 -------- d-----w- C:\Users\grace\AppData\Local\{9E5EC107-276F-4660-82FC-4AD8D385C2F1}
2012-06-12 06:30:59 -------- d-----w- C:\Users\grace\AppData\Local\{300B30AB-7155-4AE1-A1CB-6084F9E56A2A}
2012-06-12 06:30:46 -------- d-----w- C:\Users\grace\AppData\Local\{E3F25F90-0CA2-4A1D-8D93-580606DBD202}
2012-06-11 18:30:27 -------- d-----w- C:\Users\grace\AppData\Local\{2EC2F554-FC67-458C-87BC-1C0311D3F188}
2012-06-11 18:30:11 -------- d-----w- C:\Users\grace\AppData\Local\{5B3E7C40-5EB8-421D-A44E-08B54672171B}
2012-06-11 05:05:16 -------- d-----w- C:\Users\grace\AppData\Local\{E8B171A8-CD76-41C2-9FA4-F9D865DDDBA0}
2012-06-11 05:05:01 -------- d-----w- C:\Users\grace\AppData\Local\{65D9BD86-B1D8-4CA2-880E-4BD7C7D23255}
2012-06-10 17:03:04 -------- d-----w- C:\Users\grace\AppData\Local\{22CD9000-4AE6-4267-8427-B700A7D375CF}
2012-06-10 17:03:02 -------- d-----w- C:\Users\grace\AppData\Local\{F70882DE-ECA8-4154-8DA5-BA89175512B0}
2012-06-09 17:29:29 -------- d-----w- C:\Users\grace\AppData\Local\{210845E7-CDBB-4D75-BBFA-8261EC82A11E}
2012-06-09 17:29:28 -------- d-----w- C:\Users\grace\AppData\Local\{7935BC81-7A88-4F22-AA6D-065E488D9507}
2012-06-09 00:51:06 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-09 00:50:41 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-09 00:50:41 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-09 00:50:18 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-09 00:50:18 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-09 00:50:18 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-09 00:50:18 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-09 00:47:21 -------- d-----w- C:\Users\grace\AppData\Local\{47B87499-DE2A-4198-8D04-54804166A2F1}
2012-06-09 00:47:20 -------- d-----w- C:\Users\grace\AppData\Local\{D81EDD70-A670-43E6-B7DB-39332CB1BB7A}
2012-06-08 00:46:58 -------- d-----w- C:\Users\grace\AppData\Local\{B41CEF98-36AF-4FE9-A76A-0CD00322F170}
2012-06-08 00:46:46 -------- d-----w- C:\Users\grace\AppData\Local\{FDC08B24-3D9A-4EDB-A297-D231362FACDC}
2012-06-07 12:46:27 -------- d-----w- C:\Users\grace\AppData\Local\{EC87DA6D-E5EE-4EEB-AC47-66349ACB629D}
2012-06-07 12:46:26 -------- d-----w- C:\Users\grace\AppData\Local\{41457892-ACBA-4A86-B780-5B134E5FAA6D}
2012-06-07 00:17:22 -------- d-----w- C:\Users\grace\AppData\Local\{4507F996-54B1-4777-8C9F-252CBB3D8D0E}
2012-06-07 00:17:20 -------- d-----w- C:\Users\grace\AppData\Local\{F0B16FDE-936F-45E9-A97A-91FEFAC70C63}
2012-06-06 02:34:19 -------- d-----w- C:\Users\grace\AppData\Local\{059E821F-15C9-4086-A209-44EB23D4C079}
2012-06-06 02:34:13 -------- d-----w- C:\Users\grace\AppData\Local\{9498CA27-FE50-4BCB-A514-07AA18EA2E40}
2012-06-05 00:12:52 -------- d-----w- C:\Users\grace\AppData\Local\{50636A08-8BB5-4F33-BAB4-32E8F8E32B9C}
2012-06-05 00:12:40 -------- d-----w- C:\Users\grace\AppData\Local\{40264439-3674-4F58-98E1-EC68218F4E0F}
2012-06-04 11:42:45 -------- d-----w- C:\Users\grace\AppData\Local\{D3D1A34F-8387-470F-9056-FDBA00F45840}
2012-06-04 11:42:32 -------- d-----w- C:\Users\grace\AppData\Local\{6F9C1854-77AA-4945-9107-8BDB7501B985}
2012-06-03 15:50:00 -------- d-----w- C:\Users\grace\AppData\Local\{2249F2A0-954F-449C-A04A-5A7D8FFE19C7}
2012-06-03 15:49:48 -------- d-----w- C:\Users\grace\AppData\Local\{A07BB9E9-D236-4340-B931-2250D2D0B17E}
2012-06-02 23:51:52 -------- d-----w- C:\Users\grace\AppData\Local\{D6B10697-A284-4FD8-A43F-F74D0AE4945B}
2012-06-02 23:51:40 -------- d-----w- C:\Users\grace\AppData\Local\{6EA42306-F0FB-4173-99AA-874E33DAC20A}
2012-06-02 11:51:25 -------- d-----w- C:\Users\grace\AppData\Local\{58F6CBED-5F36-477B-8122-FA64B6315712}
2012-06-02 11:51:12 -------- d-----w- C:\Users\grace\AppData\Local\{80448608-0708-4C46-B1AB-4A1EF6CFEA38}
2012-06-01 23:51:06 -------- d-----w- C:\Users\grace\AppData\Local\{FE446ED6-7181-4F7F-9139-BA52366E3B61}
2012-06-01 23:50:49 -------- d-----w- C:\Users\grace\AppData\Local\{1A85BBEE-8AC0-4E41-89A5-56EC55B854B6}
2012-06-01 02:15:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-06-01 02:15:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-06-01 02:15:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-06-01 02:15:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-06-01 02:15:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-06-01 02:15:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-06-01 02:15:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-06-01 01:36:58 388096 ----a-r- C:\Users\grace\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-01 01:36:58 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-01 00:09:24 -------- d-----w- C:\Users\grace\AppData\Local\{C9D8B0C0-8F36-4EF7-BB46-8B182414D9F9}
2012-06-01 00:09:07 -------- d-----w- C:\Users\grace\AppData\Local\{0ADD321C-4BA1-4954-8D10-A1D932E11283}
2012-05-31 03:03:21 -------- d-----w- C:\Users\grace\AppData\Local\{E612E373-D7C6-472A-A34E-01E67400465E}
2012-05-31 03:03:15 -------- d-----w- C:\Users\grace\AppData\Local\{D74A853A-A99C-4270-A075-A6EEA5EA262B}
2012-05-29 23:58:24 -------- d-----w- C:\Users\grace\AppData\Local\{793FCCFE-8C28-49B9-8594-6CFC7D9B187C}
2012-05-29 23:58:10 -------- d-----w- C:\Users\grace\AppData\Local\{E62F5B71-8D41-4856-A003-303655BECA3B}
2012-05-29 00:55:02 -------- d-----w- C:\Users\grace\AppData\Local\{3A35807C-53DE-4BF8-B9DF-0E36A7F76587}
2012-05-29 00:54:49 -------- d-----w- C:\Users\grace\AppData\Local\{D0A55550-FF45-4262-890D-B6D232548269}
2012-05-28 04:51:35 -------- d-----w- C:\Users\grace\AppData\Local\{DC80ADAE-C1D4-490D-99D1-1C9A19994AB3}
2012-05-28 04:51:22 -------- d-----w- C:\Users\grace\AppData\Local\{075D3564-891D-41A9-878A-9BF67F5BBB8D}
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-05 19:03:58 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 19:03:58 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 19:03:50 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 21:27:11.76 ===============
You do not have the required permissions to view the files attached to this post.
gpm18
Active Member
 
Posts: 9
Joined: June 26th, 2012, 10:12 pm
Advertisement
Register to Remove

Re: Analize the virus problem

Unread postby askey127 » June 29th, 2012, 7:32 am

Hi gpm18,
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program Vuze in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

z2010MegawildAdverpopper
Vuze Remote Toolbar
Vuze

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Analize the virus problem

Unread postby gpm18 » June 29th, 2012, 2:24 pm

Hi askey127,

Thank you very much for your reply, I did what you say then Run a Scan with OTL, this is the report:

OTL Extras logfile created on: 29/06/2012 12:20:26 p.m. - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\grace\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000280A | Country: Peru | Language: ESR | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 64.59% Memory free
8.01 Gb Paging File | 6.21 Gb Available in Paging File | 77.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 52.38 Gb Free Space | 18.34% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.94 Gb Free Space | 15.58% Space Free | Partition Type: NTFS

Computer Name: GRACE-PC | User Name: grace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2658173272-2903899307-1307612828-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = E1 23 A3 DC 4A 75 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12A5B71D-0A18-489A-93ED-761CF345B70B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{164D6CAE-D8B3-41D8-B84E-68D162DCADCA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{18D67F30-CDD1-4344-98AD-B65DC3BF6A2F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{190057CF-3894-46EB-8D6B-1AB7FCC4B23F}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{1BBE6A24-625F-4D79-B1BC-64698D247E4E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1E2DAB62-5B08-433C-BA9D-AE52C586B754}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{3FC38731-CC26-4E4B-A561-591BCDB1845F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{49B76352-1668-412A-9D24-53FD03928EB8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5C734D96-F9E4-4D63-A2C5-864DF6278F8C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5F64AD6E-FC50-4DD9-8A7E-8CF80B240E54}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6FBD6DCB-134C-43A5-A657-22908F917247}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{7C8DBB83-F405-42C2-9CEE-C7F6F7C31547}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8C1E9276-22BF-49EA-B33F-0D2EC2B6F120}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{91EFA2A1-BA55-4879-B54A-2C4CEF43B646}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F801E41-169E-4B1D-9EFF-FDD228A8DCF1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AF7774C2-3038-4DE8-AF04-941D39FA9CA4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{B5F48ACA-C54A-44E9-AA71-9D064AC99E4D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B66D14BE-CAAF-4B9A-B2C7-3606DD4A9F6F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{BB618F89-C268-4DA0-A603-39D960039EB9}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{C9353B08-4682-48F4-82B6-4007E6A22F90}" = lport=10244 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FDD5682-F0F6-4E0A-B37C-D7DA2A25DF76}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{11C77B32-4479-4E02-8D8C-87F94BD950A6}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{1C28CBD9-7AEA-4B2E-BE80-3656218FB128}" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"{29A83587-417C-494D-BFC5-AB1B3CF90BB7}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{2F2B137B-F5FA-42A2-AA6D-81264C2B2DC8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{340110A6-0E93-4352-9B87-CB80079EE78C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{37ABD30F-08CC-4590-96E4-20466C19F902}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{38FB1890-A1C7-4249-BD6E-0B3699C2BA17}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{3F516FF5-E608-4860-97ED-3248664DFC43}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{427ED94A-4FC2-46D0-8ED0-E13FB1C6E6DA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{429AF435-833C-43EE-9324-A6AC1E01176E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{434BDE1D-965F-4406-9C91-DFF062BC80EA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{48CF39BC-008D-4214-BBB6-491FF0B63BA1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{5152E37F-C256-42F0-B1BC-421C012DAFE6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{515CE9A5-A02D-4EBB-AFBA-EED633278225}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{529A030E-5DA9-44DA-99FF-95AF4E875353}" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"{54373FE0-4589-4EF8-B2D3-13A0320C864D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{565B0490-3E45-4B20-81A3-A8F13B0001C0}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{5B98BDBE-2C48-4BD9-8D36-27C91C37EDFF}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{68EB682F-03A9-4925-9C03-8C5FD494BF6B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{6F33F219-6015-4445-8A81-398562217777}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{6F6E28E8-CE47-42D4-9FB2-70AE98615557}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{73450CA4-5BF7-438A-8756-7B5717DAF31D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{82085F3B-64D8-414D-B472-CEB6EA6725AC}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{85219B50-3913-4BCB-AF6B-FC178526D086}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{981F2EA8-439E-48A4-97D8-DB67849A4DD7}" = protocol=17 | dir=in | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{9F7D8C0D-C44D-4461-BFC1-9EEEEA73485D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A110676C-E247-4C73-AF18-F64A9421F69A}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{A273DC3F-D3A2-4B0B-999F-892036E4E8CA}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{A719E18C-FCDE-498B-B525-E4D5585DA62E}" = protocol=6 | dir=out | app=system |
"{A897DFB6-0803-406F-A60C-87F3C7EC9087}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{ACF032BF-AEC3-45ED-9165-071BE36FE14E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B0F65ADF-EC0B-425B-B49D-EC6A534117C4}" = protocol=6 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{B977C42E-C9B0-4A4E-A4F5-578215F45292}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{BC4C7395-0C4C-4970-A626-A888B9292E83}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{BD5E3F9A-71F7-43E7-B28E-1D55E1326A1E}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C1DF1782-D818-4F21-857B-55033C99F8F8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C48EE09B-5EFB-4517-9303-754E6C741A78}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C940FE2C-6D10-4BB4-9179-B4CC277CC657}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{D1610B54-C9D9-49DE-9137-C5039C42F36B}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{D675D73F-D1AD-43B4-A789-2A2B94FA2CC7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{DD36E5C1-8C58-443A-A1B5-CC7A0BA65A47}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{E502B54A-115A-496E-BEC6-F6C084AEF2A8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{EBDA91BD-0D7E-43C8-8651-266781E91386}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F3A91D83-97C6-450E-9275-B89682510E20}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{F6CB87A0-FD69-45EC-88C6-5813D8A993C3}" = protocol=17 | dir=out | app=c:\program files (x86)\windows media player\wmplayer.exe |
"{FA4ABDCB-0EFE-4281-901B-79684D36E0D6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"TCP Query User{069CBEB9-4293-4456-89AB-68399BB87D13}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{58C37896-CCD3-4F88-9C08-E70517775132}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{BB3BF842-91C0-492B-BADF-B88EA39FF694}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{C44251AD-D3E3-485D-B3E3-3A76ACC6A5B2}C:\program files (x86)\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"TCP Query User{EBF67C1B-9DFD-4AC5-BAB0-1B4D77539A49}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{FA3C5F47-85DB-4F42-A7B2-B63DCEA423AB}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{FF318D72-BF22-4ECA-A8BA-E680D3047B77}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{1F5EC084-A8E7-49E7-B5B5-5B40B469B656}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{78B1AE0C-283B-44DC-A69D-9FA17CCE9ACA}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{94342ACD-DDAB-40CC-A967-15056AD26005}C:\program files (x86)\windows live\contacts\wlcomm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"UDP Query User{98256A55-FEEB-468C-8F01-A9D14AED398A}C:\program files (x86)\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
"UDP Query User{A52927DE-B785-485E-9E91-5116DE71586B}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.0.2827 x64
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG" = AVG 2012
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1034-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Español
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Clarity recorder" = Clarity recorder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full)
"NSS" = Norton Security Scan
"PROPLUS" = Microsoft Office Professional Plus 2007
"RarZilla Free Unrar" = RarZilla Free Unrar
"VLC media player" = VLC media player 1.1.11
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WildTangent hp Master Uninstall" = HP Games
"WTA-32a8b01b-9897-4550-a874-36fbed82f632" = The Inquisitor
"WTA-4f5641c0-b193-4d23-889d-255b9299fa29" = Nancy Drew - Legend of the Crystal Skull
"WTA-4fbaa027-bb14-4a42-8520-09218ac671d2" = Adventure Chronicles
"WTA-5ccd7fe1-1384-45de-a7e7-8d5111ec980a" = Robinson Crusoe and the Cursed Pirates
"WTA-73256822-1930-4506-afe2-ae0590beb94b" = Nancy Drew - Curse of Blackmoor Manor
"WTA-913ebbbb-b37f-420b-a5d5-5cbf1b9ffcbd" = Mystery P.I. - The Lottery Ticket
"WTA-a07cbce4-c2b2-4126-a00f-33a2b7c16e92" = Agatha Christie - Peril at End House
"WTA-d79720f5-0bf1-42a3-a4ba-18e33fa3f12d" = FATE - The Traitor Soul

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2658173272-2903899307-1307612828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24/06/2012 04:08:47 p.m. | Computer Name = grace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7227355

Error - 24/06/2012 04:08:47 p.m. | Computer Name = grace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7227355

Error - 24/06/2012 08:08:33 p.m. | Computer Name = grace-PC | Source = WinMgmt | ID = 10
Description =

Error - 25/06/2012 03:26:48 p.m. | Computer Name = grace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 25/06/2012 03:26:48 p.m. | Computer Name = grace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64818790

Error - 25/06/2012 03:26:48 p.m. | Computer Name = grace-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64818790

Error - 26/06/2012 09:38:04 p.m. | Computer Name = grace-PC | Source = WinMgmt | ID = 10
Description =

Error - 27/06/2012 08:48:45 p.m. | Computer Name = grace-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/06/2012 08:17:08 p.m. | Computer Name = grace-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/06/2012 01:14:43 p.m. | Computer Name = grace-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 23/07/2009 04:09:27 p.m. | Computer Name = grace-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 20/08/2009 05:29:58 p.m. | Computer Name = grace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 05/12/2009 02:33:14 p.m. | Computer Name = grace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 27/02/2010 01:00:24 p.m. | Computer Name = grace-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 03/04/2010 01:20:23 p.m. | Computer Name = grace-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ OSession Events ]
Error - 30/03/2011 05:38:40 p.m. | Computer Name = grace-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/07/2011 05:39:16 p.m. | Computer Name = grace-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1869
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 18/07/2011 05:41:12 p.m. | Computer Name = grace-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 105
seconds with 60 seconds of active time. This session ended with a crash.

Error - 18/07/2011 05:43:54 p.m. | Computer Name = grace-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 154
seconds with 120 seconds of active time. This session ended with a crash.

Error - 18/07/2011 05:52:41 p.m. | Computer Name = grace-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 520
seconds with 360 seconds of active time. This session ended with a crash.

Error - 18/07/2011 07:34:43 p.m. | Computer Name = grace-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 6114
seconds with 840 seconds of active time. This session ended with a crash.

Error - 23/08/2011 01:27:38 p.m. | Computer Name = grace-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 4987
seconds with 900 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23/06/2012 06:34:58 p.m. | Computer Name = grace-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 24/06/2012 12:20:50 a.m. | Computer Name = grace-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 24/06/2012 08:08:33 p.m. | Computer Name = grace-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 26/06/2012 09:38:05 p.m. | Computer Name = grace-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 26/06/2012 09:47:10 p.m. | Computer Name = grace-PC | Source = DCOM | ID = 10005
Description =

Error - 26/06/2012 09:47:10 p.m. | Computer Name = grace-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 26/06/2012 09:47:10 p.m. | Computer Name = grace-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/06/2012 08:48:45 p.m. | Computer Name = grace-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 28/06/2012 08:17:14 p.m. | Computer Name = grace-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 29/06/2012 01:14:43 p.m. | Computer Name = grace-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
gpm18
Active Member
 
Posts: 9
Joined: June 26th, 2012, 10:12 pm

Re: Analize the virus problem

Unread postby askey127 » June 29th, 2012, 3:23 pm

You posted Extras.txt correctly.
Now how about posting the contents of OTL.txt as well?
If OTL.exe is on your desktop, then OTL.txt is there also.
You can double click to open it in Notepad.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Analize the virus problem

Unread postby gpm18 » June 29th, 2012, 6:05 pm

Hi,
Thank you for your help

Here it is OTL.tx
I copied the report in word, please find it enclosed

Is that ok?
Thanks again
You do not have the required permissions to view the files attached to this post.
gpm18
Active Member
 
Posts: 9
Joined: June 26th, 2012, 10:12 pm

Re: Analize the virus problem

Unread postby askey127 » June 29th, 2012, 8:32 pm

gpm18,

Please Run OTL.exe again. (right click and choose "run as administrator")
This time, set the OTL buttons according to this:
Files created within : File Age
Files modified within: File Age
File Age: 7 days
Extra registry : Use Safe List
Then click Scan.

When it's finished, it will pop up a file, probably already in Notepad.
DO NOT USE MS Office Word to open this.
Notepad is here : Start > programs > Accessories > Notepad
If necessary, open the file named OTL.txt on your desktop with Notepad..
Use Ctrl+A to Highlight the whole content; use Ctrl+C to copy it.
Then hit the reply button in your topic here, click Reply, click in the box , and hit Ctrl+V to paste it.

askey
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Analize the virus problem

Unread postby gpm18 » June 30th, 2012, 1:36 pm

Hi askey,
Here is the report OTL.txt:

OTL logfile created on: 30/06/2012 12:26:50 p.m. - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\grace\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000280A | Country: Peru | Language: ESR | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 62.25% Memory free
7.99 Gb Paging File | 6.17 Gb Available in Paging File | 77.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 47.61 Gb Free Space | 16.67% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.94 Gb Free Space | 15.58% Space Free | Partition Type: NTFS

Computer Name: GRACE-PC | User Name: grace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 12:08:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\grace\Downloads\OTL.exe
PRC - [2012/06/28 16:21:57 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/04/22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/09/26 05:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/28 16:21:56 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 16:21:53 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\pdf.dll
MOD - [2012/06/28 16:20:37 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\libglesv2.dll
MOD - [2012/06/28 16:20:35 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\libegl.dll
MOD - [2012/06/28 16:20:24 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\avutil-51.dll
MOD - [2012/06/28 16:20:23 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\avformat-54.dll
MOD - [2012/06/28 16:20:22 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\avcodec-54.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/04/22 22:53:22 | 000,267,656 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/04/22 22:53:22 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/04/22 22:53:20 | 000,349,480 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/21 21:12:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/09/11 06:53:00 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 19:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 15:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/05/05 14:03:58 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/23 14:18:52 | 000,365,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/11 15:30:52 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/22 03:18:58 | 001,522,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/09/19 20:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/11 06:54:44 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/07/15 03:20:42 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/06/19 20:37:42 | 000,325,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/04/15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 18:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/18 09:16:20 | 000,125,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016obex.sys -- (a016obex)
DRV:64bit: - [2008/01/18 09:16:18 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016mdm.sys -- (a016mdm)
DRV:64bit: - [2008/01/18 09:16:18 | 000,130,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/01/18 09:16:16 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016mdfl.sys -- (a016mdfl)
DRV:64bit: - [2008/01/18 09:16:14 | 000,109,096 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
DRV:64bit: - [2008/01/09 11:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/04/03 06:59:28 | 000,130,312 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV:64bit: - [2007/04/03 06:59:26 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616obex.sys -- (s616obex)
DRV:64bit: - [2007/04/03 06:59:24 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/04/03 06:59:22 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616mdm.sys -- (s616mdm)
DRV:64bit: - [2007/04/03 06:59:22 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616mdfl.sys -- (s616mdfl)
DRV:64bit: - [2007/04/03 06:59:20 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\SearchScopes\{207D725D-1F77-4F4C-8738-CC9CBA1114FF}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=RN&apn_dtid=YYYYYYYYPE&apn_uid=1A79A0D5-B5E9-47B1-921A-70CBA99D93CC&apn_sauid=8EDBE69B-1175-4B30-9F5A-8A5F8C8A52F0
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\SearchScopes\{2A4E71F6-78D9-4637-B34A-3E9DFB08016F}: "URL" = http://ar.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\SearchScopes\{3D065D3C-6037-4C6B-8F1D-22F88596A013}: "URL" = http://search.avg.com/?d=4dc59cb7&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_en
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\SearchScopes\{BA6C7244-F577-45C1-9B12-2336F84AB667}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849812
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\SearchScopes\{C5136337-56AB-4FEB-B161-D893C3C35B59}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 18:43:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/11 09:58:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/15 21:14:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/06 19:35:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 18:43:38 | 000,000,000 | ---D | M]

[2009/06/02 21:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grace\AppData\Roaming\Mozilla\Extensions
[2009/06/02 21:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grace\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/04/08 20:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grace\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/08 20:48:27 | 000,000,000 | ---D | M] (BittorrentBar_ES Community Toolbar) -- C:\Users\grace\AppData\Roaming\Mozilla\Firefox\extensions\{ad06fb5f-fef7-4a84-8c58-dca34f8e3d36}

========== Chrome ==========

CHR - default_search_provider: solosubtitulos.com (Enabled)
CHR - default_search_provider: search_url = http://www.solosubtitulos.com/?q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\grace\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Safe Search = C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2011/09/03 12:18:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\Toolbar\WebBrowser: (no name) - {AD06FB5F-FEF7-4A84-8C58-DCA34F8E3D36} - No CLSID value found.
O3 - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.48.225.130 200.48.225.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D39A6B8-8705-4543-B5A3-8FB557DAF24A}: DhcpNameServer = 200.48.225.130 200.48.225.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D28A5955-C488-4D29-8595-77952E726C60}: DhcpNameServer = 200.48.225.130 200.48.225.146
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\grace\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\grace\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 7 Days ==========

[2012/06/29 13:27:35 | 000,000,000 | ---D | C] -- C:\Users\grace\Desktop\OTL
[2012/06/26 21:11:54 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/06/26 20:49:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/26 20:40:30 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{A1B9FF72-A4F2-441D-9EDF-A1664E46E08D}
[2012/06/26 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Roaming\AVG
[2012/06/26 20:39:18 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{EA89FAC6-36EF-4556-A8AD-461D2A2B038B}
[2012/06/26 20:39:08 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{64371FFA-EE5D-4396-B107-C0CA4EEAED64}
[2012/06/25 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{0DE39C79-EFC8-4B76-8FEC-6DB6C94EE6C7}
[2012/06/25 19:32:35 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{201756A9-7255-4DE0-A57C-99B18894000B}
[2012/06/24 13:04:34 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{9F7D865A-60C7-4544-AF15-29769BF62BDB}
[2012/06/24 13:04:28 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{54BC9F7C-D5A1-451E-8A17-F328EB6F34C3}
[2012/06/23 23:22:10 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{1D3EFA5F-582B-4164-B12B-43906F751FB4}
[2012/06/23 23:22:01 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{1697D277-9703-48D1-902F-4F092D60A398}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012/06/30 12:22:59 | 100,838,686 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/30 12:22:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/30 12:19:28 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 12:19:28 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 12:19:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 12:19:16 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/29 16:54:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/29 16:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 21:29:28 | 000,213,391 | ---- | M] () -- C:\Users\grace\AppData\Local\census.cache
[2012/06/26 21:29:08 | 000,196,566 | ---- | M] () -- C:\Users\grace\AppData\Local\ars.cache
[2012/06/26 21:01:02 | 000,000,036 | ---- | M] () -- C:\Users\grace\AppData\Local\housecall.guid.cache
[2012/06/26 20:54:01 | 000,002,519 | ---- | M] () -- C:\Users\grace\Desktop\HiJackThis.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/26 21:29:28 | 000,213,391 | ---- | C] () -- C:\Users\grace\AppData\Local\census.cache
[2012/06/26 21:29:08 | 000,196,566 | ---- | C] () -- C:\Users\grace\AppData\Local\ars.cache
[2012/06/26 21:01:02 | 000,000,036 | ---- | C] () -- C:\Users\grace\AppData\Local\housecall.guid.cache
[2012/06/21 23:08:26 | 000,073,728 | -H-- | C] () -- C:\Users\grace\AppData\Roaming\RBRegEx550.dll
[2012/06/21 23:08:26 | 000,039,936 | -H-- | C] () -- C:\Users\grace\AppData\Roaming\RBShell555.dll
[2012/02/16 22:34:59 | 000,197,374 | ---- | C] () -- C:\ProgramData\1329449505.bdinstall.bin
[2012/01/22 16:53:32 | 000,003,173 | ---- | C] () -- C:\Users\grace\.ganttproject
[2011/12/05 20:14:39 | 000,000,340 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/22 20:40:58 | 000,811,269 | ---- | C] () -- C:\ProgramData\1322008926.bdinstall.bin
[2011/09/03 13:12:00 | 000,017,408 | ---- | C] () -- C:\Users\grace\AppData\Local\WebpageIcons.db
[2011/09/03 12:06:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/03 12:06:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/03 12:06:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/03 12:06:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/03 12:06:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/03 22:34:58 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/03 16:57:55 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/07/03 16:57:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/07/03 16:57:54 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/03 16:57:54 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/06 19:27:27 | 000,008,876 | ---- | C] () -- C:\Users\grace\AppData\Roaming\Cabos.plist
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/06/29 17:17:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/24 22:51:21 | 000,026,311 | ---- | C] () -- C:\Users\grace\AppData\Roaming\UserTile.png
[2009/03/20 16:06:34 | 000,007,052 | ---- | C] () -- C:\Users\grace\AppData\Local\d3d9caps.dat
[2009/03/13 11:01:39 | 000,231,424 | ---- | C] () -- C:\Users\grace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/06/26 20:40:07 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\AVG
[2010/11/25 22:43:19 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\AVG10
[2012/02/16 23:00:23 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\AVG2012
[2012/06/10 17:06:58 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\Azureus
[2012/06/21 23:14:08 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\Cabos
[2012/06/04 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\Dropbox
[2010/11/04 15:49:54 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\Flood Light Games
[2009/04/27 00:15:55 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\FloodLightGames
[2010/01/28 20:24:08 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\funkitron
[2011/07/31 12:14:59 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\iWin
[2010/10/29 16:03:39 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\MagicIndie
[2012/05/29 20:04:20 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\mjusbsp
[2012/02/16 22:41:15 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\PerformerSoft
[2011/08/31 21:55:22 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\Philipp Winterberg
[2011/01/05 21:22:45 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\PlayFirst
[2011/11/22 19:47:12 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\QuickScan
[2009/07/18 15:46:11 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\SecondLife
[2010/09/14 18:59:51 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\SmartDraw
[2011/05/09 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\Sony
[2011/01/06 22:57:25 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\SPORE Creature Creator
[2011/04/26 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\Telefónica
[2010/11/29 17:42:44 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\The Inquisitor
[2010/10/21 18:12:55 | 000,000,000 | ---D | M] -- C:\Users\grace\AppData\Roaming\Windows Live Writer
[2012/06/30 12:19:22 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\grace\Desktop\abajolasdrogas.jpg:BDU
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
gpm18
Active Member
 
Posts: 9
Joined: June 26th, 2012, 10:12 pm

Re: Analize the virus problem

Unread postby askey127 » June 30th, 2012, 4:12 pm

gpm18,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    "UDP Query User{98256A55-FEEB-468C-8F01-A9D14AED398A}C:\program files (x86)\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
    "TCP Query User{C44251AD-D3E3-485D-B3E3-3A76ACC6A5B2}C:\program files (x86)\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
    "UDP Query User{98256A55-FEEB-468C-8F01-A9D14AED398A}C:\program files (x86)\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\azureus\azureus.exe |
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\Toolbar\WebBrowser: (no name) - {AD06FB5F-FEF7-4A84-8C58-DCA34F8E3D36} - No CLSID value found.
    O3 - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-2658173272-2903899307-1307612828-1000\..\SearchScopes\{207D725D-1F77-4F4C-8738-CC9CBA1114FF}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=RN&apn_dtid=YYYYYYYYPE&apn_uid=1A79A0D5-B5E9-47B1-921A-70CBA99D93CC&apn_sauid=8EDBE69B-1175-4B30-9F5A-8A5F8C8A52F0
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE:64bit: - HKLM\..\SearchScopes\{0A2EA0A6-500B-43AC-83DB-176C72C2E6EF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    [2012/04/08 20:48:27 | 000,000,000 | ---D | M] (BittorrentBar_ES Community Toolbar) -- C:\Users\grace\AppData\Roaming\Mozilla\Firefox\extensions\{ad06fb5f-fef7-4a84-8c58-dca34f8e3d36}
    @Alternate Data Stream - 16 bytes -> C:\Users\grace\Desktop\abajolasdrogas.jpg:BDU
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1C28CBD9-7AEA-4B2E-BE80-3656218FB128}" =-
    "{529A030E-5DA9-44DA-99FF-95AF4E875353}" =-
    "TCP Query User{C44251AD-D3E3-485D-B3E3-3A76ACC6A5B2}C:\program files (x86)\azureus\azureus.exe" =-
    "UDP Query User{98256A55-FEEB-468C-8F01-A9D14AED398A}C:\program files (x86)\azureus\azureus.exe" =-
    
    :Files
    C:\program files (x86)\azureus\
    C:\Users\grace\AppData\Roaming\Azureus
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Analize the virus problem

Unread postby gpm18 » June 30th, 2012, 10:22 pm

Hi, did what u said..this is the report:


OTL logfile created on: 30/06/2012 09:11:38 p.m. - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\grace\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000280A | Country: Peru | Language: ESR | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 59.90% Memory free
7.98 Gb Paging File | 6.19 Gb Available in Paging File | 77.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 47.47 Gb Free Space | 16.62% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.94 Gb Free Space | 15.58% Space Free | Partition Type: NTFS

Computer Name: GRACE-PC | User Name: grace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 12:08:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\grace\Downloads\OTL.exe
PRC - [2012/06/28 16:21:57 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/04/22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/09/26 05:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/28 16:21:56 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 16:21:53 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\pdf.dll
MOD - [2012/06/28 16:20:37 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\libglesv2.dll
MOD - [2012/06/28 16:20:35 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\libegl.dll
MOD - [2012/06/28 16:20:24 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\avutil-51.dll
MOD - [2012/06/28 16:20:23 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\avformat-54.dll
MOD - [2012/06/28 16:20:22 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\avcodec-54.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/04/22 22:53:22 | 000,267,656 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/04/22 22:53:22 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/04/22 22:53:20 | 000,349,480 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/21 21:12:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/09/11 06:53:00 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 19:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 15:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/05/05 14:03:58 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/23 14:18:52 | 000,365,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/11 15:30:52 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/22 03:18:58 | 001,522,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/09/19 20:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/11 06:54:44 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/07/15 03:20:42 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/06/19 20:37:42 | 000,325,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/04/15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 18:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/18 09:16:20 | 000,125,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016obex.sys -- (a016obex)
DRV:64bit: - [2008/01/18 09:16:18 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016mdm.sys -- (a016mdm)
DRV:64bit: - [2008/01/18 09:16:18 | 000,130,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/01/18 09:16:16 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016mdfl.sys -- (a016mdfl)
DRV:64bit: - [2008/01/18 09:16:14 | 000,109,096 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
DRV:64bit: - [2008/01/09 11:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/04/03 06:59:28 | 000,130,312 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV:64bit: - [2007/04/03 06:59:26 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616obex.sys -- (s616obex)
DRV:64bit: - [2007/04/03 06:59:24 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/04/03 06:59:22 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616mdm.sys -- (s616mdm)
DRV:64bit: - [2007/04/03 06:59:22 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616mdfl.sys -- (s616mdfl)
DRV:64bit: - [2007/04/03 06:59:20 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{2A4E71F6-78D9-4637-B34A-3E9DFB08016F}: "URL" = http://ar.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{3D065D3C-6037-4C6B-8F1D-22F88596A013}: "URL" = http://search.avg.com/?d=4dc59cb7&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKCU\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_en
IE - HKCU\..\SearchScopes\{BA6C7244-F577-45C1-9B12-2336F84AB667}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849812
IE - HKCU\..\SearchScopes\{C5136337-56AB-4FEB-B161-D893C3C35B59}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 18:43:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/11 09:58:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/15 21:14:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/06 19:35:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 18:43:38 | 000,000,000 | ---D | M]

[2009/06/02 21:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grace\AppData\Roaming\Mozilla\Extensions
[2009/06/02 21:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grace\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/06/30 21:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grace\AppData\Roaming\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: solosubtitulos.com (Enabled)
CHR - default_search_provider: search_url = http://www.solosubtitulos.com/?q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\grace\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Safe Search = C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2011/09/03 12:18:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.48.225.130 200.48.225.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D39A6B8-8705-4543-B5A3-8FB557DAF24A}: DhcpNameServer = 200.48.225.130 200.48.225.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D28A5955-C488-4D29-8595-77952E726C60}: DhcpNameServer = 200.48.225.130 200.48.225.146
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\grace\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\grace\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 7 Days ==========

[2012/06/30 21:06:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/29 13:27:35 | 000,000,000 | ---D | C] -- C:\Users\grace\Desktop\OTL
[2012/06/26 21:11:54 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/06/26 20:49:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/26 20:40:30 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{A1B9FF72-A4F2-441D-9EDF-A1664E46E08D}
[2012/06/26 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Roaming\AVG
[2012/06/26 20:39:18 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{EA89FAC6-36EF-4556-A8AD-461D2A2B038B}
[2012/06/26 20:39:08 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{64371FFA-EE5D-4396-B107-C0CA4EEAED64}
[2012/06/25 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{0DE39C79-EFC8-4B76-8FEC-6DB6C94EE6C7}
[2012/06/25 19:32:35 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{201756A9-7255-4DE0-A57C-99B18894000B}
[2012/06/24 13:04:34 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{9F7D865A-60C7-4544-AF15-29769BF62BDB}
[2012/06/24 13:04:28 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{54BC9F7C-D5A1-451E-8A17-F328EB6F34C3}
[2012/06/23 23:22:10 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{1D3EFA5F-582B-4164-B12B-43906F751FB4}
[2012/06/23 23:22:01 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{1697D277-9703-48D1-902F-4F092D60A398}

========== Files - Modified Within 7 Days ==========

[2012/06/30 21:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/30 21:08:58 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/30 21:08:51 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 21:08:50 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 21:08:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/30 21:08:35 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 20:58:43 | 100,865,276 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/30 20:58:27 | 000,487,682 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/30 20:55:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/26 21:29:28 | 000,213,391 | ---- | M] () -- C:\Users\grace\AppData\Local\census.cache
[2012/06/26 21:29:08 | 000,196,566 | ---- | M] () -- C:\Users\grace\AppData\Local\ars.cache
[2012/06/26 21:01:02 | 000,000,036 | ---- | M] () -- C:\Users\grace\AppData\Local\housecall.guid.cache
[2012/06/26 20:54:01 | 000,002,519 | ---- | M] () -- C:\Users\grace\Desktop\HiJackThis.lnk

========== Files Created - No Company Name ==========

[2012/06/26 21:29:28 | 000,213,391 | ---- | C] () -- C:\Users\grace\AppData\Local\census.cache
[2012/06/26 21:29:08 | 000,196,566 | ---- | C] () -- C:\Users\grace\AppData\Local\ars.cache
[2012/06/26 21:01:02 | 000,000,036 | ---- | C] () -- C:\Users\grace\AppData\Local\housecall.guid.cache
[2012/06/21 23:08:26 | 000,073,728 | -H-- | C] () -- C:\Users\grace\AppData\Roaming\RBRegEx550.dll
[2012/06/21 23:08:26 | 000,039,936 | -H-- | C] () -- C:\Users\grace\AppData\Roaming\RBShell555.dll
[2012/02/16 22:34:59 | 000,197,374 | ---- | C] () -- C:\ProgramData\1329449505.bdinstall.bin
[2012/01/22 16:53:32 | 000,003,173 | ---- | C] () -- C:\Users\grace\.ganttproject
[2011/12/05 20:14:39 | 000,000,340 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/22 20:40:58 | 000,811,269 | ---- | C] () -- C:\ProgramData\1322008926.bdinstall.bin
[2011/09/03 13:12:00 | 000,017,408 | ---- | C] () -- C:\Users\grace\AppData\Local\WebpageIcons.db
[2011/09/03 12:06:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/03 12:06:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/03 12:06:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/03 12:06:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/03 12:06:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/03 22:34:58 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/03 16:57:55 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/07/03 16:57:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/07/03 16:57:54 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/03 16:57:54 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/06 19:27:27 | 000,008,876 | ---- | C] () -- C:\Users\grace\AppData\Roaming\Cabos.plist
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/06/29 17:17:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/24 22:51:21 | 000,026,311 | ---- | C] () -- C:\Users\grace\AppData\Roaming\UserTile.png
[2009/03/20 16:06:34 | 000,007,052 | ---- | C] () -- C:\Users\grace\AppData\Local\d3d9caps.dat
[2009/03/13 11:01:39 | 000,231,424 | ---- | C] () -- C:\Users\grace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >
gpm18
Active Member
 
Posts: 9
Joined: June 26th, 2012, 10:12 pm

Re: Analize the virus problem

Unread postby askey127 » July 1st, 2012, 8:16 am

gpm18,
Looks better. A few leftovers, and we will do a check to be sure you do not have a Rootkit-type infection.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    IE - HKCU\..\SearchScopes\{BA6C7244-F577-45C1-9B12-2336F84AB667}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849812
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
    DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys -- (bdftdif)
    
    :Files
    C:\Program Files\Common Files\Bitdefender
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
(This fix will remove your default Start Page in Internet Explorer. You can reset it to http://www.bing.com or something else by starting IE, and clicking Tools, Internet Options)
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

So we are looking for the latest OTL log, and the log file from TDSSKiller.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Analize the virus problem

Unread postby gpm18 » July 1st, 2012, 1:27 pm

Hi.. this are the results:
OTL.txt:

OTL logfile created on: 01/07/2012 12:05:45 p.m. - Run 5
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\grace\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000280A | Country: Peru | Language: ESR | Date Format: dd/MM/yyyy

3.90 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 59.76% Memory free
7.98 Gb Paging File | 6.23 Gb Available in Paging File | 78.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.62 Gb Total Space | 47.30 Gb Free Space | 16.56% Space Free | Partition Type: NTFS
Drive D: | 12.47 Gb Total Space | 1.94 Gb Free Space | 15.58% Space Free | Partition Type: NTFS

Computer Name: GRACE-PC | User Name: grace | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 12:08:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\grace\Downloads\OTL.exe
PRC - [2012/06/28 16:21:57 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/04/22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/09/26 05:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/28 16:21:56 | 000,442,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 16:21:53 | 003,997,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\pdf.dll
MOD - [2012/06/28 16:20:37 | 000,526,872 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\libglesv2.dll
MOD - [2012/06/28 16:20:35 | 000,104,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\libegl.dll
MOD - [2012/06/28 16:20:24 | 000,144,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\avutil-51.dll
MOD - [2012/06/28 16:20:23 | 000,266,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\avformat-54.dll
MOD - [2012/06/28 16:20:22 | 002,480,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\avcodec-54.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/04/22 22:53:22 | 000,267,656 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/04/22 22:53:22 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/04/22 22:53:20 | 000,349,480 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/21 21:12:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2008/09/11 06:53:00 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/06/27 10:53:06 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/03/18 19:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 15:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/05/05 14:03:58 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/23 14:18:52 | 000,365,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/04/15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/11 15:30:52 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/22 03:18:58 | 001,522,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/09/19 20:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/09/11 06:54:44 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/09/04 12:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/07/15 03:20:42 | 000,126,464 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2008/06/19 20:37:42 | 000,325,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/04/15 17:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/03/27 15:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 15:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 18:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/18 09:16:20 | 000,125,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016obex.sys -- (a016obex)
DRV:64bit: - [2008/01/18 09:16:18 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016mdm.sys -- (a016mdm)
DRV:64bit: - [2008/01/18 09:16:18 | 000,130,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016mgmt.sys -- (a016mgmt) Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/01/18 09:16:16 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016mdfl.sys -- (a016mdfl)
DRV:64bit: - [2008/01/18 09:16:14 | 000,109,096 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\a016bus.sys -- (a016bus) Sony Ericsson Device A016 driver (WDM)
DRV:64bit: - [2008/01/09 11:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2007/06/18 19:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/04/03 06:59:28 | 000,130,312 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
DRV:64bit: - [2007/04/03 06:59:26 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616obex.sys -- (s616obex)
DRV:64bit: - [2007/04/03 06:59:24 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007/04/03 06:59:22 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616mdm.sys -- (s616mdm)
DRV:64bit: - [2007/04/03 06:59:22 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616mdfl.sys -- (s616mdfl)
DRV:64bit: - [2007/04/03 06:59:20 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{2A4E71F6-78D9-4637-B34A-3E9DFB08016F}: "URL" = http://ar.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9
IE - HKCU\..\SearchScopes\{3D065D3C-6037-4C6B-8F1D-22F88596A013}: "URL" = http://search.avg.com/?d=4dc59cb7&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKCU\..\SearchScopes\{66F68601-0E0C-42D4-82B7-190449980FA2}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_en
IE - HKCU\..\SearchScopes\{C5136337-56AB-4FEB-B161-D893C3C35B59}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 18:43:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/11 09:58:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/15 21:14:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/06 19:35:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/19 18:43:38 | 000,000,000 | ---D | M]

[2009/06/02 21:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grace\AppData\Roaming\Mozilla\Extensions
[2009/06/02 21:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grace\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/06/30 21:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\grace\AppData\Roaming\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: solosubtitulos.com (Enabled)
CHR - default_search_provider: search_url = http://www.solosubtitulos.com/?q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.15\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\grace\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Safe Search = C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2011/09/03 12:18:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.48.225.130 200.48.225.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D39A6B8-8705-4543-B5A3-8FB557DAF24A}: DhcpNameServer = 200.48.225.130 200.48.225.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D28A5955-C488-4D29-8595-77952E726C60}: DhcpNameServer = 200.48.225.130 200.48.225.146
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\grace\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\grace\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 7 Days ==========

[2012/06/30 21:06:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/29 13:27:35 | 000,000,000 | ---D | C] -- C:\Users\grace\Desktop\OTL
[2012/06/26 21:11:54 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/06/26 20:49:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/26 20:40:30 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{A1B9FF72-A4F2-441D-9EDF-A1664E46E08D}
[2012/06/26 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Roaming\AVG
[2012/06/26 20:39:18 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{EA89FAC6-36EF-4556-A8AD-461D2A2B038B}
[2012/06/26 20:39:08 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{64371FFA-EE5D-4396-B107-C0CA4EEAED64}
[2012/06/25 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{0DE39C79-EFC8-4B76-8FEC-6DB6C94EE6C7}
[2012/06/25 19:32:35 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{201756A9-7255-4DE0-A57C-99B18894000B}
[2012/06/24 13:04:34 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{9F7D865A-60C7-4544-AF15-29769BF62BDB}
[2012/06/24 13:04:28 | 000,000,000 | ---D | C] -- C:\Users\grace\AppData\Local\{54BC9F7C-D5A1-451E-8A17-F328EB6F34C3}

========== Files - Modified Within 7 Days ==========

[2012/07/01 12:10:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/01 12:03:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/01 12:03:37 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 12:03:37 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 12:03:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 12:03:24 | 4193,472,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 11:55:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 11:54:10 | 100,891,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/30 20:58:27 | 000,487,682 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/26 21:29:28 | 000,213,391 | ---- | M] () -- C:\Users\grace\AppData\Local\census.cache
[2012/06/26 21:29:08 | 000,196,566 | ---- | M] () -- C:\Users\grace\AppData\Local\ars.cache
[2012/06/26 21:01:02 | 000,000,036 | ---- | M] () -- C:\Users\grace\AppData\Local\housecall.guid.cache
[2012/06/26 20:54:01 | 000,002,519 | ---- | M] () -- C:\Users\grace\Desktop\HiJackThis.lnk

========== Files Created - No Company Name ==========

[2012/06/26 21:29:28 | 000,213,391 | ---- | C] () -- C:\Users\grace\AppData\Local\census.cache
[2012/06/26 21:29:08 | 000,196,566 | ---- | C] () -- C:\Users\grace\AppData\Local\ars.cache
[2012/06/26 21:01:02 | 000,000,036 | ---- | C] () -- C:\Users\grace\AppData\Local\housecall.guid.cache
[2012/06/21 23:08:26 | 000,073,728 | -H-- | C] () -- C:\Users\grace\AppData\Roaming\RBRegEx550.dll
[2012/06/21 23:08:26 | 000,039,936 | -H-- | C] () -- C:\Users\grace\AppData\Roaming\RBShell555.dll
[2012/02/16 22:34:59 | 000,197,374 | ---- | C] () -- C:\ProgramData\1329449505.bdinstall.bin
[2012/01/22 16:53:32 | 000,003,173 | ---- | C] () -- C:\Users\grace\.ganttproject
[2011/12/05 20:14:39 | 000,000,340 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/22 20:40:58 | 000,811,269 | ---- | C] () -- C:\ProgramData\1322008926.bdinstall.bin
[2011/09/03 13:12:00 | 000,017,408 | ---- | C] () -- C:\Users\grace\AppData\Local\WebpageIcons.db
[2011/09/03 12:06:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/03 12:06:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/03 12:06:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/03 12:06:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/03 12:06:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/03 22:34:58 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/03 16:57:55 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/07/03 16:57:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/07/03 16:57:54 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/07/03 16:57:54 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/06 19:27:27 | 000,008,876 | ---- | C] () -- C:\Users\grace\AppData\Roaming\Cabos.plist
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/06/29 17:17:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/24 22:51:21 | 000,026,311 | ---- | C] () -- C:\Users\grace\AppData\Roaming\UserTile.png
[2009/03/20 16:06:34 | 000,007,052 | ---- | C] () -- C:\Users\grace\AppData\Local\d3d9caps.dat
[2009/03/13 11:01:39 | 000,231,424 | ---- | C] () -- C:\Users\grace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >
gpm18
Active Member
 
Posts: 9
Joined: June 26th, 2012, 10:12 pm

Re: Analize the virus problem

Unread postby gpm18 » July 1st, 2012, 1:28 pm

TDSSKiller report:


12:17:56.0659 5020 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
12:17:57.0252 5020 ============================================================
12:17:57.0252 5020 Current date / time: 2012/07/01 12:17:57.0252
12:17:57.0252 5020 SystemInfo:
12:17:57.0252 5020
12:17:57.0252 5020 OS Version: 6.0.6002 ServicePack: 2.0
12:17:57.0252 5020 Product type: Workstation
12:17:57.0252 5020 ComputerName: GRACE-PC
12:17:57.0252 5020 UserName: grace
12:17:57.0252 5020 Windows directory: C:\Windows
12:17:57.0252 5020 System windows directory: C:\Windows
12:17:57.0252 5020 Running under WOW64
12:17:57.0252 5020 Processor architecture: Intel x64
12:17:57.0252 5020 Number of processors: 2
12:17:57.0252 5020 Page size: 0x1000
12:17:57.0252 5020 Boot type: Normal boot
12:17:57.0252 5020 ============================================================
12:17:57.0876 5020 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:17:57.0891 5020 ============================================================
12:17:57.0891 5020 \Device\Harddisk0\DR0:
12:17:57.0891 5020 MBR partitions:
12:17:57.0891 5020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23B3BFC1
12:17:57.0891 5020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23B3C000, BlocksNum 0x18F1000
12:17:57.0891 5020 ============================================================
12:17:57.0907 5020 C: <-> \Device\Harddisk0\DR0\Partition0
12:17:57.0954 5020 D: <-> \Device\Harddisk0\DR0\Partition1
12:17:57.0954 5020 ============================================================
12:17:57.0954 5020 Initialize success
12:17:57.0954 5020 ============================================================
12:18:13.0429 3808 ============================================================
12:18:13.0429 3808 Scan started
12:18:13.0429 3808 Mode: Manual;
12:18:13.0429 3808 ============================================================
12:18:14.0256 3808 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:18:14.0256 3808 !SASCORE - ok
12:18:14.0458 3808 a016bus (25e6c904b273f97a5e6e2d16e859a70d) C:\Windows\system32\DRIVERS\a016bus.sys
12:18:14.0474 3808 a016bus - ok
12:18:14.0521 3808 a016mdfl (8676aaedea6e1bcc4b7d050a62ec0ed3) C:\Windows\system32\DRIVERS\a016mdfl.sys
12:18:14.0521 3808 a016mdfl - ok
12:18:14.0552 3808 a016mdm (451b692665e0a3d90a7c583d98a0fc47) C:\Windows\system32\DRIVERS\a016mdm.sys
12:18:14.0568 3808 a016mdm - ok
12:18:14.0630 3808 a016mgmt (1971b457b64377fa6243fc69b837c214) C:\Windows\system32\DRIVERS\a016mgmt.sys
12:18:14.0630 3808 a016mgmt - ok
12:18:14.0692 3808 a016obex (6042fc874ccb746173b80d73df293fd6) C:\Windows\system32\DRIVERS\a016obex.sys
12:18:14.0708 3808 a016obex - ok
12:18:14.0755 3808 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
12:18:14.0755 3808 Accelerometer - ok
12:18:14.0833 3808 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
12:18:14.0833 3808 ACPI - ok
12:18:14.0926 3808 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:18:14.0926 3808 AdobeARMservice - ok
12:18:15.0082 3808 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:18:15.0082 3808 AdobeFlashPlayerUpdateSvc - ok
12:18:15.0176 3808 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
12:18:15.0192 3808 adp94xx - ok
12:18:15.0254 3808 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
12:18:15.0254 3808 adpahci - ok
12:18:15.0285 3808 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
12:18:15.0285 3808 adpu160m - ok
12:18:15.0332 3808 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
12:18:15.0332 3808 adpu320 - ok
12:18:15.0379 3808 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
12:18:15.0379 3808 AeLookupSvc - ok
12:18:15.0488 3808 AESTFilters (7f66523a27754afcfecae2f5eb643a4a) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
12:18:15.0488 3808 AESTFilters - ok
12:18:15.0566 3808 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
12:18:15.0597 3808 AFD - ok
12:18:15.0660 3808 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
12:18:15.0660 3808 AgereModemAudio - ok
12:18:15.0831 3808 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
12:18:15.0878 3808 AgereSoftModem - ok
12:18:15.0909 3808 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
12:18:15.0925 3808 agp440 - ok
12:18:15.0956 3808 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
12:18:15.0956 3808 aic78xx - ok
12:18:15.0987 3808 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
12:18:15.0987 3808 ALG - ok
12:18:16.0018 3808 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
12:18:16.0018 3808 aliide - ok
12:18:16.0034 3808 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
12:18:16.0034 3808 amdide - ok
12:18:16.0050 3808 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
12:18:16.0050 3808 AmdK8 - ok
12:18:16.0096 3808 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
12:18:16.0096 3808 Appinfo - ok
12:18:16.0112 3808 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
12:18:16.0128 3808 arc - ok
12:18:16.0159 3808 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
12:18:16.0159 3808 arcsas - ok
12:18:16.0190 3808 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
12:18:16.0190 3808 AsyncMac - ok
12:18:16.0206 3808 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
12:18:16.0206 3808 atapi - ok
12:18:16.0268 3808 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
12:18:16.0284 3808 AudioEndpointBuilder - ok
12:18:16.0284 3808 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
12:18:16.0299 3808 AudioSrv - ok
12:18:16.0876 3808 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
12:18:17.0001 3808 AVGIDSAgent - ok
12:18:17.0157 3808 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:18:17.0173 3808 AVGIDSDriver - ok
12:18:17.0220 3808 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:18:17.0220 3808 AVGIDSFilter - ok
12:18:17.0251 3808 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
12:18:17.0251 3808 AVGIDSHA - ok
12:18:17.0329 3808 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
12:18:17.0344 3808 Avgldx64 - ok
12:18:17.0391 3808 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:18:17.0391 3808 Avgmfx64 - ok
12:18:17.0407 3808 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:18:17.0407 3808 Avgrkx64 - ok
12:18:17.0454 3808 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
12:18:17.0485 3808 Avgtdia - ok
12:18:17.0563 3808 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:18:17.0563 3808 avgwd - ok
12:18:17.0734 3808 BCM43XX (a4815907b039121d8d9221695cdc35f7) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:18:17.0766 3808 BCM43XX - ok
12:18:17.0922 3808 Beep - ok
12:18:17.0984 3808 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
12:18:18.0000 3808 BFE - ok
12:18:18.0109 3808 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
12:18:18.0109 3808 BITS - ok
12:18:18.0156 3808 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
12:18:18.0156 3808 blbdrive - ok
12:18:18.0249 3808 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:18:18.0249 3808 Bonjour Service - ok
12:18:18.0280 3808 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
12:18:18.0280 3808 bowser - ok
12:18:18.0343 3808 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
12:18:18.0343 3808 BrFiltLo - ok
12:18:18.0374 3808 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
12:18:18.0374 3808 BrFiltUp - ok
12:18:18.0421 3808 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
12:18:18.0421 3808 Browser - ok
12:18:18.0452 3808 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
12:18:18.0452 3808 Brserid - ok
12:18:18.0483 3808 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
12:18:18.0483 3808 BrSerWdm - ok
12:18:18.0499 3808 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
12:18:18.0499 3808 BrUsbMdm - ok
12:18:18.0514 3808 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
12:18:18.0514 3808 BrUsbSer - ok
12:18:18.0546 3808 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
12:18:18.0546 3808 BTHMODEM - ok
12:18:18.0561 3808 catchme - ok
12:18:18.0592 3808 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
12:18:18.0592 3808 cdfs - ok
12:18:18.0608 3808 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
12:18:18.0608 3808 cdrom - ok
12:18:18.0670 3808 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
12:18:18.0670 3808 CertPropSvc - ok
12:18:18.0686 3808 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
12:18:18.0686 3808 circlass - ok
12:18:18.0748 3808 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
12:18:18.0748 3808 CLFS - ok
12:18:18.0826 3808 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:18:18.0842 3808 clr_optimization_v2.0.50727_32 - ok
12:18:18.0889 3808 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:18:18.0889 3808 clr_optimization_v2.0.50727_64 - ok
12:18:18.0967 3808 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:18:18.0967 3808 clr_optimization_v4.0.30319_32 - ok
12:18:19.0029 3808 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:18:19.0045 3808 clr_optimization_v4.0.30319_64 - ok
12:18:19.0076 3808 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
12:18:19.0076 3808 CmBatt - ok
12:18:19.0092 3808 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
12:18:19.0092 3808 cmdide - ok
12:18:19.0185 3808 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:18:19.0185 3808 Com4QLBEx - ok
12:18:19.0185 3808 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
12:18:19.0201 3808 Compbatt - ok
12:18:19.0201 3808 COMSysApp - ok
12:18:19.0201 3808 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
12:18:19.0216 3808 crcdisk - ok
12:18:19.0294 3808 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
12:18:19.0310 3808 CryptSvc - ok
12:18:19.0388 3808 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
12:18:19.0404 3808 DcomLaunch - ok
12:18:19.0419 3808 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
12:18:19.0419 3808 DfsC - ok
12:18:19.0669 3808 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
12:18:19.0762 3808 DFSR - ok
12:18:19.0918 3808 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
12:18:19.0918 3808 Dhcp - ok
12:18:19.0950 3808 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
12:18:19.0950 3808 disk - ok
12:18:19.0996 3808 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
12:18:19.0996 3808 Dnscache - ok
12:18:20.0043 3808 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
12:18:20.0043 3808 dot3svc - ok
12:18:20.0090 3808 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
12:18:20.0090 3808 DPS - ok
12:18:20.0137 3808 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
12:18:20.0137 3808 drmkaud - ok
12:18:20.0246 3808 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
12:18:20.0277 3808 DXGKrnl - ok
12:18:20.0308 3808 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
12:18:20.0324 3808 E1G60 - ok
12:18:20.0340 3808 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
12:18:20.0340 3808 EapHost - ok
12:18:20.0386 3808 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
12:18:20.0402 3808 Ecache - ok
12:18:20.0464 3808 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
12:18:20.0480 3808 ehRecvr - ok
12:18:20.0511 3808 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
12:18:20.0511 3808 ehSched - ok
12:18:20.0527 3808 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
12:18:20.0527 3808 ehstart - ok
12:18:20.0574 3808 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
12:18:20.0574 3808 elxstor - ok
12:18:20.0636 3808 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
12:18:20.0652 3808 EMDMgmt - ok
12:18:20.0698 3808 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
12:18:20.0698 3808 enecir - ok
12:18:20.0730 3808 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
12:18:20.0730 3808 ErrDev - ok
12:18:20.0792 3808 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
12:18:20.0808 3808 EventSystem - ok
12:18:20.0808 3808 ewusbnet - ok
12:18:20.0854 3808 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
12:18:20.0870 3808 exfat - ok
12:18:20.0917 3808 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
12:18:20.0917 3808 fastfat - ok
12:18:20.0932 3808 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
12:18:20.0932 3808 fdc - ok
12:18:20.0964 3808 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
12:18:20.0964 3808 fdPHost - ok
12:18:20.0995 3808 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
12:18:20.0995 3808 FDResPub - ok
12:18:21.0010 3808 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
12:18:21.0010 3808 FileInfo - ok
12:18:21.0026 3808 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
12:18:21.0026 3808 Filetrace - ok
12:18:21.0042 3808 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:18:21.0042 3808 flpydisk - ok
12:18:21.0088 3808 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
12:18:21.0088 3808 FltMgr - ok
12:18:21.0229 3808 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
12:18:21.0244 3808 FontCache - ok
12:18:21.0307 3808 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:18:21.0307 3808 FontCache3.0.0.0 - ok
12:18:21.0354 3808 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
12:18:21.0354 3808 Fs_Rec - ok
12:18:21.0385 3808 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
12:18:21.0385 3808 gagp30kx - ok
12:18:21.0494 3808 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:18:21.0510 3808 GamesAppService - ok
12:18:21.0541 3808 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:18:21.0541 3808 GEARAspiWDM - ok
12:18:21.0650 3808 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
12:18:21.0666 3808 gpsvc - ok
12:18:21.0744 3808 gupdate1c9f90e19417b70 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:18:21.0744 3808 gupdate1c9f90e19417b70 - ok
12:18:21.0775 3808 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:18:21.0775 3808 gupdatem - ok
12:18:21.0837 3808 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
12:18:21.0853 3808 HdAudAddService - ok
12:18:21.0962 3808 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:18:21.0993 3808 HDAudBus - ok
12:18:22.0024 3808 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
12:18:22.0024 3808 HidBth - ok
12:18:22.0056 3808 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
12:18:22.0056 3808 HidIr - ok
12:18:22.0071 3808 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
12:18:22.0071 3808 hidserv - ok
12:18:22.0118 3808 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
12:18:22.0118 3808 HidUsb - ok
12:18:22.0149 3808 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
12:18:22.0165 3808 hkmsvc - ok
12:18:22.0274 3808 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
12:18:22.0274 3808 HP Health Check Service - ok
12:18:22.0305 3808 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
12:18:22.0321 3808 HpCISSs - ok
12:18:22.0321 3808 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
12:18:22.0336 3808 hpdskflt - ok
12:18:22.0352 3808 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:18:22.0368 3808 HpqKbFiltr - ok
12:18:22.0446 3808 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
12:18:22.0446 3808 hpqwmiex - ok
12:18:22.0477 3808 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
12:18:22.0492 3808 hpsrv - ok
12:18:22.0539 3808 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
12:18:22.0555 3808 HTTP - ok
12:18:22.0570 3808 Huawei - ok
12:18:22.0586 3808 hwdatacard - ok
12:18:22.0602 3808 hwusbdev - ok
12:18:22.0633 3808 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
12:18:22.0648 3808 i2omp - ok
12:18:22.0695 3808 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
12:18:22.0695 3808 i8042prt - ok
12:18:22.0773 3808 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:18:22.0773 3808 IAANTMON - ok
12:18:22.0820 3808 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
12:18:22.0836 3808 iaStor - ok
12:18:22.0867 3808 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
12:18:22.0867 3808 iaStorV - ok
12:18:22.0945 3808 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:18:22.0945 3808 IDriverT - ok
12:18:23.0054 3808 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:18:23.0070 3808 idsvc - ok
12:18:23.0772 3808 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:18:23.0943 3808 igfx - ok
12:18:24.0068 3808 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
12:18:24.0068 3808 iirsp - ok
12:18:24.0130 3808 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
12:18:24.0146 3808 IKEEXT - ok
12:18:24.0193 3808 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
12:18:24.0208 3808 IntcHdmiAddService - ok
12:18:24.0240 3808 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
12:18:24.0240 3808 intelide - ok
12:18:24.0255 3808 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
12:18:24.0255 3808 intelppm - ok
12:18:24.0302 3808 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
12:18:24.0302 3808 IPBusEnum - ok
12:18:24.0333 3808 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:18:24.0333 3808 IpFilterDriver - ok
12:18:24.0380 3808 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
12:18:24.0396 3808 iphlpsvc - ok
12:18:24.0396 3808 IpInIp - ok
12:18:24.0427 3808 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
12:18:24.0427 3808 IPMIDRV - ok
12:18:24.0458 3808 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
12:18:24.0458 3808 IPNAT - ok
12:18:24.0598 3808 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:18:24.0614 3808 iPod Service - ok
12:18:24.0630 3808 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
12:18:24.0630 3808 IRENUM - ok
12:18:24.0661 3808 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
12:18:24.0661 3808 isapnp - ok
12:18:24.0708 3808 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
12:18:24.0708 3808 iScsiPrt - ok
12:18:24.0723 3808 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
12:18:24.0723 3808 iteatapi - ok
12:18:24.0754 3808 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
12:18:24.0754 3808 iteraid - ok
12:18:24.0786 3808 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
12:18:24.0786 3808 kbdclass - ok
12:18:24.0817 3808 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
12:18:24.0817 3808 kbdhid - ok
12:18:24.0848 3808 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
12:18:24.0864 3808 KeyIso - ok
12:18:24.0910 3808 kl1 (5d470398aa182e502c520e48e7a09fa5) C:\Windows\system32\DRIVERS\kl1.sys
12:18:24.0926 3808 kl1 - ok
12:18:24.0988 3808 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
12:18:24.0988 3808 KSecDD - ok
12:18:25.0004 3808 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
12:18:25.0004 3808 ksthunk - ok
12:18:25.0051 3808 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
12:18:25.0082 3808 KtmRm - ok
12:18:25.0129 3808 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
12:18:25.0129 3808 LanmanServer - ok
12:18:25.0160 3808 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
12:18:25.0160 3808 LanmanWorkstation - ok
12:18:25.0254 3808 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:18:25.0254 3808 LightScribeService - ok
12:18:25.0269 3808 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
12:18:25.0269 3808 lltdio - ok
12:18:25.0300 3808 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
12:18:25.0316 3808 lltdsvc - ok
12:18:25.0332 3808 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
12:18:25.0332 3808 lmhosts - ok
12:18:25.0378 3808 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
12:18:25.0378 3808 LSI_FC - ok
12:18:25.0378 3808 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
12:18:25.0378 3808 LSI_SAS - ok
12:18:25.0394 3808 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
12:18:25.0394 3808 LSI_SCSI - ok
12:18:25.0410 3808 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
12:18:25.0410 3808 luafv - ok
12:18:25.0441 3808 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
12:18:25.0456 3808 Mcx2Svc - ok
12:18:25.0488 3808 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
12:18:25.0488 3808 megasas - ok
12:18:25.0550 3808 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
12:18:25.0550 3808 MegaSR - ok
12:18:25.0566 3808 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
12:18:25.0566 3808 MMCSS - ok
12:18:25.0581 3808 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
12:18:25.0597 3808 Modem - ok
12:18:25.0628 3808 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
12:18:25.0628 3808 monitor - ok
12:18:25.0644 3808 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
12:18:25.0644 3808 mouclass - ok
12:18:25.0690 3808 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
12:18:25.0690 3808 mouhid - ok
12:18:25.0706 3808 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
12:18:25.0706 3808 MountMgr - ok
12:18:25.0737 3808 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
12:18:25.0737 3808 mpio - ok
12:18:25.0753 3808 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
12:18:25.0768 3808 mpsdrv - ok
12:18:25.0831 3808 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
12:18:25.0846 3808 MpsSvc - ok
12:18:25.0862 3808 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
12:18:25.0862 3808 Mraid35x - ok
12:18:25.0878 3808 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
12:18:25.0878 3808 MRxDAV - ok
12:18:25.0909 3808 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:18:25.0909 3808 mrxsmb - ok
12:18:25.0956 3808 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:18:25.0971 3808 mrxsmb10 - ok
12:18:25.0987 3808 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:18:25.0987 3808 mrxsmb20 - ok
12:18:26.0018 3808 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
12:18:26.0018 3808 msahci - ok
12:18:26.0049 3808 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
12:18:26.0049 3808 msdsm - ok
12:18:26.0080 3808 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
12:18:26.0080 3808 MSDTC - ok
12:18:26.0112 3808 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
12:18:26.0112 3808 Msfs - ok
12:18:26.0143 3808 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
12:18:26.0143 3808 msisadrv - ok
12:18:26.0174 3808 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
12:18:26.0190 3808 MSiSCSI - ok
12:18:26.0205 3808 msiserver - ok
12:18:26.0236 3808 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
12:18:26.0236 3808 MSKSSRV - ok
12:18:26.0268 3808 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
12:18:26.0268 3808 MSPCLOCK - ok
12:18:26.0283 3808 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
12:18:26.0283 3808 MSPQM - ok
12:18:26.0392 3808 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
12:18:26.0392 3808 MsRPC - ok
12:18:26.0424 3808 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
12:18:26.0424 3808 mssmbios - ok
12:18:26.0470 3808 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
12:18:26.0470 3808 MSTEE - ok
12:18:26.0502 3808 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
12:18:26.0502 3808 Mup - ok
12:18:26.0564 3808 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
12:18:26.0580 3808 napagent - ok
12:18:26.0642 3808 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
12:18:26.0642 3808 NativeWifiP - ok
12:18:26.0736 3808 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
12:18:26.0736 3808 NDIS - ok
12:18:26.0767 3808 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
12:18:26.0767 3808 NdisTapi - ok
12:18:26.0782 3808 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
12:18:26.0782 3808 Ndisuio - ok
12:18:26.0829 3808 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
12:18:26.0845 3808 NdisWan - ok
12:18:26.0860 3808 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
12:18:26.0860 3808 NDProxy - ok
12:18:26.0907 3808 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
12:18:26.0907 3808 NetBIOS - ok
12:18:26.0938 3808 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
12:18:26.0954 3808 netbt - ok
12:18:26.0970 3808 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
12:18:26.0970 3808 Netlogon - ok
12:18:27.0016 3808 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
12:18:27.0016 3808 Netman - ok
12:18:27.0048 3808 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
12:18:27.0048 3808 netprofm - ok
12:18:27.0126 3808 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:18:27.0141 3808 NetTcpPortSharing - ok
12:18:27.0391 3808 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
12:18:27.0516 3808 NETw3v64 - ok
12:18:27.0640 3808 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
12:18:27.0640 3808 nfrd960 - ok
12:18:27.0687 3808 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
12:18:27.0687 3808 NlaSvc - ok
12:18:27.0718 3808 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
12:18:27.0718 3808 Npfs - ok
12:18:27.0734 3808 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
12:18:27.0734 3808 nsi - ok
12:18:27.0750 3808 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
12:18:27.0750 3808 nsiproxy - ok
12:18:27.0921 3808 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
12:18:27.0937 3808 Ntfs - ok
12:18:28.0046 3808 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
12:18:28.0046 3808 Null - ok
12:18:28.0077 3808 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
12:18:28.0077 3808 nvraid - ok
12:18:28.0108 3808 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
12:18:28.0108 3808 nvstor - ok
12:18:28.0140 3808 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
12:18:28.0155 3808 nv_agp - ok
12:18:28.0155 3808 NwlnkFlt - ok
12:18:28.0171 3808 NwlnkFwd - ok
12:18:28.0280 3808 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:18:28.0296 3808 odserv - ok
12:18:28.0342 3808 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
12:18:28.0342 3808 ohci1394 - ok
12:18:28.0374 3808 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:18:28.0389 3808 ose - ok
12:18:28.0498 3808 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
12:18:28.0514 3808 p2pimsvc - ok
12:18:28.0530 3808 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
12:18:28.0545 3808 p2psvc - ok
12:18:28.0576 3808 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
12:18:28.0576 3808 Parport - ok
12:18:28.0608 3808 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
12:18:28.0608 3808 partmgr - ok
12:18:28.0639 3808 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
12:18:28.0654 3808 PcaSvc - ok
12:18:28.0686 3808 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
12:18:28.0686 3808 pci - ok
12:18:28.0701 3808 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
12:18:28.0701 3808 pciide - ok
12:18:28.0732 3808 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
12:18:28.0748 3808 pcmcia - ok
12:18:28.0826 3808 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
12:18:28.0842 3808 PEAUTH - ok
12:18:28.0935 3808 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
12:18:28.0935 3808 PerfHost - ok
12:18:29.0091 3808 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
12:18:29.0107 3808 pla - ok
12:18:29.0138 3808 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
12:18:29.0154 3808 PlugPlay - ok
12:18:29.0232 3808 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
12:18:29.0247 3808 PNRPAutoReg - ok
12:18:29.0263 3808 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
12:18:29.0278 3808 PNRPsvc - ok
12:18:29.0325 3808 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
12:18:29.0341 3808 PolicyAgent - ok
12:18:29.0403 3808 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
12:18:29.0403 3808 PptpMiniport - ok
12:18:29.0434 3808 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
12:18:29.0434 3808 Processor - ok
12:18:29.0466 3808 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
12:18:29.0481 3808 ProfSvc - ok
12:18:29.0497 3808 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
12:18:29.0497 3808 ProtectedStorage - ok
12:18:29.0528 3808 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
12:18:29.0528 3808 PSched - ok
12:18:29.0653 3808 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
12:18:29.0653 3808 ql2300 - ok
12:18:29.0684 3808 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
12:18:29.0684 3808 ql40xx - ok
12:18:29.0715 3808 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
12:18:29.0731 3808 QWAVE - ok
12:18:29.0746 3808 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
12:18:29.0746 3808 QWAVEdrv - ok
12:18:29.0762 3808 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
12:18:29.0762 3808 RasAcd - ok
12:18:29.0793 3808 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
12:18:29.0793 3808 RasAuto - ok
12:18:29.0809 3808 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:18:29.0824 3808 Rasl2tp - ok
12:18:29.0856 3808 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
12:18:29.0871 3808 RasMan - ok
12:18:29.0887 3808 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
12:18:29.0887 3808 RasPppoe - ok
12:18:29.0918 3808 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
12:18:29.0918 3808 RasSstp - ok
12:18:29.0965 3808 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
12:18:29.0965 3808 rdbss - ok
12:18:29.0996 3808 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:18:29.0996 3808 RDPCDD - ok
12:18:30.0027 3808 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
12:18:30.0043 3808 rdpdr - ok
12:18:30.0058 3808 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
12:18:30.0058 3808 RDPENCDD - ok
12:18:30.0105 3808 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
12:18:30.0105 3808 RDPWD - ok
12:18:30.0214 3808 Recovery Service for Windows (d5f08cc3d19b1c7f49619b9dad43c0ce) C:\Program Files (x86)\SMINST\BLService.exe
12:18:30.0214 3808 Recovery Service for Windows - ok
12:18:30.0246 3808 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
12:18:30.0246 3808 RemoteAccess - ok
12:18:30.0292 3808 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
12:18:30.0292 3808 RemoteRegistry - ok
12:18:30.0355 3808 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
12:18:30.0370 3808 RichVideo - ok
12:18:30.0402 3808 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
12:18:30.0402 3808 RpcLocator - ok
12:18:30.0480 3808 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
12:18:30.0495 3808 RpcSs - ok
12:18:30.0542 3808 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
12:18:30.0542 3808 rspndr - ok
12:18:30.0604 3808 RTL8169 (af7074e1d6a8a66204067ee8b2a8327a) C:\Windows\system32\DRIVERS\Rtlh64.sys
12:18:30.0620 3808 RTL8169 - ok
12:18:30.0651 3808 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
12:18:30.0651 3808 RTSTOR - ok
12:18:30.0698 3808 s616bus (3b50c84f0a19944e9bcc48ef90e4c237) C:\Windows\system32\DRIVERS\s616bus.sys
12:18:30.0714 3808 s616bus - ok
12:18:30.0729 3808 s616mdfl (b3b6d1aabc5e4ced79a64edd6895d6b8) C:\Windows\system32\DRIVERS\s616mdfl.sys
12:18:30.0729 3808 s616mdfl - ok
12:18:30.0776 3808 s616mdm (aaca98666648a8c846e8ff57342266e6) C:\Windows\system32\DRIVERS\s616mdm.sys
12:18:30.0776 3808 s616mdm - ok
12:18:30.0838 3808 s616mgmt (ed198c01286ca7f32fbff216018d68c6) C:\Windows\system32\DRIVERS\s616mgmt.sys
12:18:30.0854 3808 s616mgmt - ok
12:18:30.0885 3808 s616obex (d365ed1c5179e1bbfc967cf73e969a39) C:\Windows\system32\DRIVERS\s616obex.sys
12:18:30.0885 3808 s616obex - ok
12:18:30.0932 3808 s616unic (17feb2a5f3dbfd9fa6186b052dfb4665) C:\Windows\system32\DRIVERS\s616unic.sys
12:18:30.0948 3808 s616unic - ok
12:18:30.0963 3808 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
12:18:30.0979 3808 SamSs - ok
12:18:31.0026 3808 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:18:31.0026 3808 SASDIFSV - ok
12:18:31.0041 3808 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:18:31.0041 3808 SASKUTIL - ok
12:18:31.0088 3808 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
12:18:31.0088 3808 sbp2port - ok
12:18:31.0119 3808 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
12:18:31.0119 3808 SCardSvr - ok
12:18:31.0228 3808 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
12:18:31.0244 3808 Schedule - ok
12:18:31.0260 3808 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
12:18:31.0260 3808 SCPolicySvc - ok
12:18:31.0291 3808 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
12:18:31.0291 3808 sdbus - ok
12:18:31.0338 3808 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
12:18:31.0338 3808 SDRSVC - ok
12:18:31.0416 3808 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:18:31.0416 3808 SeaPort - ok
12:18:31.0431 3808 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:18:31.0431 3808 secdrv - ok
12:18:31.0447 3808 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
12:18:31.0447 3808 seclogon - ok
12:18:31.0494 3808 seehcri (ede7a1d2715aac2190d51dc07afd44e3) C:\Windows\system32\DRIVERS\seehcri.sys
12:18:31.0494 3808 seehcri - ok
12:18:31.0525 3808 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
12:18:31.0525 3808 SENS - ok
12:18:31.0540 3808 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
12:18:31.0540 3808 Serenum - ok
12:18:31.0572 3808 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
12:18:31.0572 3808 Serial - ok
12:18:31.0587 3808 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
12:18:31.0603 3808 sermouse - ok
12:18:31.0634 3808 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
12:18:31.0634 3808 SessionEnv - ok
12:18:31.0650 3808 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
12:18:31.0650 3808 sffdisk - ok
12:18:31.0665 3808 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
12:18:31.0681 3808 sffp_mmc - ok
12:18:31.0696 3808 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
12:18:31.0696 3808 sffp_sd - ok
12:18:31.0712 3808 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
12:18:31.0712 3808 sfloppy - ok
12:18:31.0774 3808 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
12:18:31.0774 3808 SharedAccess - ok
12:18:31.0837 3808 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
12:18:31.0837 3808 ShellHWDetection - ok
12:18:31.0852 3808 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
12:18:31.0868 3808 SiSRaid2 - ok
12:18:31.0884 3808 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
12:18:31.0884 3808 SiSRaid4 - ok
12:18:32.0133 3808 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
12:18:32.0164 3808 slsvc - ok
12:18:32.0289 3808 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
12:18:32.0289 3808 SLUINotify - ok
12:18:32.0336 3808 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
12:18:32.0336 3808 Smb - ok
12:18:32.0398 3808 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
12:18:32.0398 3808 SNMPTRAP - ok
12:18:32.0430 3808 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
12:18:32.0430 3808 spldr - ok
12:18:32.0476 3808 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
12:18:32.0476 3808 Spooler - ok
12:18:32.0554 3808 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
12:18:32.0570 3808 srv - ok
12:18:32.0586 3808 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
12:18:32.0586 3808 srv2 - ok
12:18:32.0632 3808 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
12:18:32.0632 3808 srvnet - ok
12:18:32.0664 3808 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
12:18:32.0679 3808 SSDPSRV - ok
12:18:32.0742 3808 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
12:18:32.0742 3808 SstpSvc - ok
12:18:32.0866 3808 STacSV (3fb66e86ba667d627a613e1d677469b0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
12:18:32.0866 3808 STacSV - ok
12:18:32.0944 3808 STHDA (e01797a54f8a61512b7e590fde6d1988) C:\Windows\system32\DRIVERS\stwrt64.sys
12:18:32.0960 3808 STHDA - ok
12:18:33.0038 3808 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
12:18:33.0054 3808 stisvc - ok
12:18:33.0069 3808 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
12:18:33.0069 3808 swenum - ok
12:18:33.0132 3808 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
12:18:33.0132 3808 swprv - ok
12:18:33.0163 3808 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
12:18:33.0163 3808 Symc8xx - ok
12:18:33.0178 3808 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
12:18:33.0178 3808 Sym_hi - ok
12:18:33.0194 3808 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
12:18:33.0194 3808 Sym_u3 - ok
12:18:33.0225 3808 SynTP (c851305e2bcfce8aaa53342f912ddd7f) C:\Windows\system32\DRIVERS\SynTP.sys
12:18:33.0241 3808 SynTP - ok
12:18:33.0350 3808 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
12:18:33.0350 3808 SysMain - ok
12:18:33.0381 3808 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
12:18:33.0381 3808 TabletInputService - ok
12:18:33.0444 3808 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
12:18:33.0444 3808 TapiSrv - ok
12:18:33.0475 3808 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
12:18:33.0475 3808 TBS - ok
12:18:33.0662 3808 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
12:18:33.0678 3808 Tcpip - ok
12:18:33.0927 3808 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
12:18:33.0958 3808 Tcpip6 - ok
12:18:34.0099 3808 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
12:18:34.0099 3808 tcpipreg - ok
12:18:34.0130 3808 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
12:18:34.0130 3808 TDPIPE - ok
12:18:34.0177 3808 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
12:18:34.0177 3808 TDTCP - ok
12:18:34.0224 3808 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
12:18:34.0224 3808 tdx - ok
12:18:34.0270 3808 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
12:18:34.0270 3808 TermDD - ok
12:18:34.0348 3808 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
12:18:34.0348 3808 TermService - ok
12:18:34.0458 3808 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
12:18:34.0458 3808 Themes - ok
12:18:34.0489 3808 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
12:18:34.0489 3808 THREADORDER - ok
12:18:34.0520 3808 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
12:18:34.0536 3808 TrkWks - ok
12:18:34.0582 3808 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
12:18:34.0582 3808 TrustedInstaller - ok
12:18:34.0614 3808 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:18:34.0614 3808 tssecsrv - ok
12:18:34.0645 3808 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
12:18:34.0645 3808 tunmp - ok
12:18:34.0660 3808 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
12:18:34.0660 3808 tunnel - ok
12:18:34.0785 3808 TVCapSvc (4bc24ad1af866eb21c09d837a8a017e7) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
12:18:34.0785 3808 TVCapSvc - ok
12:18:34.0816 3808 TVSched (56196a4fd34a9985ab93531dcdc07dcb) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
12:18:34.0816 3808 TVSched - ok
12:18:34.0848 3808 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
12:18:34.0848 3808 uagp35 - ok
12:18:34.0910 3808 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
12:18:34.0926 3808 udfs - ok
12:18:34.0972 3808 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
12:18:34.0988 3808 UI0Detect - ok
12:18:35.0004 3808 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
12:18:35.0004 3808 uliagpkx - ok
12:18:35.0035 3808 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
12:18:35.0035 3808 uliahci - ok
12:18:35.0066 3808 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
12:18:35.0066 3808 UlSata - ok
12:18:35.0097 3808 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
12:18:35.0097 3808 ulsata2 - ok
12:18:35.0113 3808 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
12:18:35.0113 3808 umbus - ok
12:18:35.0160 3808 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
12:18:35.0160 3808 upnphost - ok
12:18:35.0191 3808 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:18:35.0191 3808 USBAAPL64 - ok
12:18:35.0269 3808 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
12:18:35.0269 3808 usbaudio - ok
12:18:35.0316 3808 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
12:18:35.0316 3808 usbccgp - ok
12:18:35.0347 3808 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
12:18:35.0347 3808 usbcir - ok
12:18:35.0378 3808 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
12:18:35.0378 3808 usbehci - ok
12:18:35.0425 3808 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
12:18:35.0456 3808 usbhub - ok
12:18:35.0472 3808 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
12:18:35.0472 3808 usbohci - ok
12:18:35.0518 3808 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
12:18:35.0518 3808 usbprint - ok
12:18:35.0550 3808 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:18:35.0550 3808 USBSTOR - ok
12:18:35.0581 3808 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
12:18:35.0581 3808 usbuhci - ok
12:18:35.0628 3808 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
12:18:35.0628 3808 usbvideo - ok
12:18:35.0643 3808 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
12:18:35.0659 3808 UxSms - ok
12:18:35.0721 3808 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
12:18:35.0721 3808 vds - ok
12:18:35.0768 3808 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
12:18:35.0768 3808 vga - ok
12:18:35.0799 3808 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
12:18:35.0799 3808 VgaSave - ok
12:18:35.0815 3808 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
12:18:35.0815 3808 viaide - ok
12:18:35.0846 3808 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
12:18:35.0862 3808 volmgr - ok
12:18:35.0908 3808 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
12:18:35.0924 3808 volmgrx - ok
12:18:35.0955 3808 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
12:18:35.0971 3808 volsnap - ok
12:18:36.0002 3808 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
12:18:36.0002 3808 vsmraid - ok
12:18:36.0142 3808 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
12:18:36.0174 3808 VSS - ok
12:18:36.0298 3808 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
12:18:36.0314 3808 W32Time - ok
12:18:36.0361 3808 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
12:18:36.0361 3808 WacomPen - ok
12:18:36.0408 3808 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
12:18:36.0408 3808 Wanarp - ok
12:18:36.0423 3808 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
12:18:36.0423 3808 Wanarpv6 - ok
12:18:36.0486 3808 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
12:18:36.0501 3808 wcncsvc - ok
12:18:36.0532 3808 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
12:18:36.0532 3808 WcsPlugInService - ok
12:18:36.0548 3808 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
12:18:36.0548 3808 Wd - ok
12:18:36.0610 3808 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:18:36.0610 3808 Wdf01000 - ok
12:18:36.0642 3808 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
12:18:36.0642 3808 WdiServiceHost - ok
12:18:36.0642 3808 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
12:18:36.0642 3808 WdiSystemHost - ok
12:18:36.0673 3808 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
12:18:36.0688 3808 WebClient - ok
12:18:36.0720 3808 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
12:18:36.0720 3808 Wecsvc - ok
12:18:36.0751 3808 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
12:18:36.0751 3808 wercplsupport - ok
12:18:36.0782 3808 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
12:18:36.0782 3808 WerSvc - ok
12:18:36.0829 3808 WinDefend - ok
12:18:36.0844 3808 WinHttpAutoProxySvc - ok
12:18:36.0907 3808 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
12:18:36.0907 3808 Winmgmt - ok
12:18:37.0141 3808 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
12:18:37.0188 3808 WinRM - ok
12:18:37.0375 3808 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
12:18:37.0390 3808 Wlansvc - ok
12:18:37.0453 3808 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:18:37.0453 3808 WmiAcpi - ok
12:18:37.0546 3808 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
12:18:37.0546 3808 wmiApSrv - ok
12:18:37.0593 3808 WMPNetworkSvc - ok
12:18:37.0640 3808 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
12:18:37.0640 3808 WPCSvc - ok
12:18:37.0718 3808 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
12:18:37.0718 3808 WPDBusEnum - ok
12:18:37.0796 3808 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
12:18:37.0796 3808 WpdUsb - ok
12:18:37.0983 3808 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:18:37.0999 3808 WPFFontCache_v0400 - ok
12:18:38.0030 3808 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
12:18:38.0030 3808 ws2ifsl - ok
12:18:38.0061 3808 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
12:18:38.0061 3808 wscsvc - ok
12:18:38.0077 3808 WSearch - ok
12:18:38.0295 3808 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:18:38.0326 3808 wuauserv - ok
12:18:38.0451 3808 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:18:38.0451 3808 WUDFRd - ok
12:18:38.0482 3808 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
12:18:38.0498 3808 wudfsvc - ok
12:18:38.0545 3808 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
12:18:38.0560 3808 yukonx64 - ok
12:18:38.0638 3808 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
12:18:38.0638 3808 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
12:18:38.0670 3808 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
12:18:38.0748 3808 \Device\Harddisk0\DR0 - ok
12:18:38.0763 3808 Boot (0x1200) (cead4ce2578bee1165dd63076e3b8c55) \Device\Harddisk0\DR0\Partition0
12:18:38.0763 3808 \Device\Harddisk0\DR0\Partition0 - ok
12:18:38.0763 3808 Boot (0x1200) (46fbfd493a46aaa0805f1bca774d1798) \Device\Harddisk0\DR0\Partition1
12:18:38.0763 3808 \Device\Harddisk0\DR0\Partition1 - ok
12:18:38.0763 3808 ============================================================
12:18:38.0779 3808 Scan finished
12:18:38.0779 3808 ============================================================
12:18:38.0779 5116 Detected object count: 0
12:18:38.0779 5116 Actual detected object count: 0
12:21:03.0483 4596 Deinitialize success
gpm18
Active Member
 
Posts: 9
Joined: June 26th, 2012, 10:12 pm

Re: Analize the virus problem

Unread postby askey127 » July 1st, 2012, 2:33 pm

gpm18,
As a cross-check you can run a full scan with your antivirus and have it remove anything it finds.
The logs look OK to me now.
If you don't have any remaining problems, you should be good to go.
Good luck!
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Analize the virus problem

Unread postby gpm18 » July 1st, 2012, 5:17 pm

thank you very much askey!
gpm18
Active Member
 
Posts: 9
Joined: June 26th, 2012, 10:12 pm

Re: Analize the virus problem

Unread postby askey127 » July 1st, 2012, 10:03 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware