-
IDP.Trojan.1C8D1A13 & Crypt.AQLW
G'day Guys I'm not a techo & new here. Was pointed in this direction to run ERUNT (this wouldn't run due to no internet access on pc) & DDS log.
First can I say before I found your site & had discovered the virus (see notes below) I had tried to run Combofix but it didn't work (i think, as I have lost internet access on my PC)
I hope I've done it right so far??
--------------------------------------------------------------------------
My 7 year old son mainly uses our pc for playing games & printing out coloring in pages etc.
I run AVG & it's now coming up with following;
IDP.Trojan.1C8D1A13 & Crypt.AQLW
I've tried to find a tool to remove it (as avg cant get rid of it) but can't find anything. Don't really know what else to do?
If you can an help me I would really appreciate it (fyi the pc runs xppro).
Cheers Andy
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Cameron at 11:05:22 on 2012-04-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1410 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\FingerPrint\FingerPrint.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - c:\program files\rewardsarcade\RewardsArcade.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Help the General-Search Project: {ca4520f3-ae13-4fb1-a513-58e23991c86d} - c:\docume~1\cameron\applic~1\mediaf~1\extens~1\GENCRA~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\9.0"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [uipre] rundll32.exe "c:\docume~1\cameron\locals~1\temp\uipre.dll",Vec3TransformCoord
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\cameron\startm~1\programs\startup\myprog~1.lnk - c:\program files\fingerprint\FingerPrint.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{A4A02AAB-A392-4FBC-8929-A0CB65998009} : DhcpNameServer = 10.1.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-6-23 127352]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
S2 antivirservice;Ctljystk;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FingerPrint;FingerPrint Service;c:\program files\fingerprint\fingerprintservice.exe -start --> c:\program files\fingerprint\FingerPrintService.exe -start [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-28 116648]
S2 mcvsrte;Roxmediadb;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 mks_scan;Z525obex;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 nod32krn;Kerbkey;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 ofcpfwsvc;Websensecpmcommunicationagent;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 pavdrv;Pnp680r;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 symantecantibotdriver;Tmesrv3;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 symantecantibotshim;Oracle%oracle_home_service%clientcache80;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 vsdatant;HFACSVC;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-5-10 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-28 116648]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-12-15 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-24 05:19:22 -------- d-----w- c:\documents and settings\cameron\local settings\application data\NPE
2012-04-24 05:19:22 -------- d-----w- c:\documents and settings\all users.windows\application data\Norton
2012-04-24 05:08:19 -------- d-----w- c:\documents and settings\all users.windows\application data\COMODO
2012-04-24 05:08:10 -------- d-----w- c:\documents and settings\cameron\application data\Comodo
2012-04-23 00:07:36 -------- d-----w- c:\documents and settings\cameron\application data\Uqycux
2012-04-23 00:07:36 -------- d-----w- c:\documents and settings\cameron\application data\Rofeen
2012-04-22 15:48:12 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Identities
2012-04-22 15:47:58 -------- d-----w- c:\documents and settings\cameron\application data\Ypaxad
2012-04-22 15:47:58 -------- d-----w- c:\documents and settings\cameron\application data\Ydod
2012-04-20 00:23:16 -------- d-----w- C:\sh4ldr
2012-04-20 00:23:16 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 00:21:59 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-20 00:21:30 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-04-19 23:49:31 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-19 23:48:04 -------- d-----w- c:\documents and settings\all users.windows\application data\F4D55F2C000BBBB74E027CC6D151FC4E
2012-04-17 00:41:07 -------- d--h--w- c:\documents and settings\all users.windows\application data\CanonIJFAX
2012-04-17 00:40:16 315392 ----a-w- c:\windows\system32\CNC410L.dll
2012-04-17 00:40:16 1347584 ----a-w- c:\windows\system32\CNC410C.dll
2012-04-17 00:40:16 114688 ----a-w- c:\windows\system32\CNC410I.dll
2012-04-17 00:40:16 106496 ----a-w- c:\windows\system32\CNC410U.dll
2012-04-17 00:36:39 -------- d-----w- c:\documents and settings\cameron\application data\Canon Easy-WebPrint EX
2012-04-17 00:32:02 257024 ----a-w- c:\windows\system32\CNCALAL.DLL
2012-04-17 00:31:49 74752 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAL.DLL
2012-04-17 00:31:49 303104 ----a-w- c:\windows\system32\CNMLMAL.DLL
2012-04-17 00:31:49 28672 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAL.DLL
2012-04-17 00:31:42 94208 ----a-w- c:\windows\system32\CNC410O.dll
2012-04-17 00:31:39 180224 ----a-w- c:\windows\system32\CNMIUAL.DLL
2012-04-07 08:55:58 -------- d-sh--w- C:\found.000
2012-04-07 07:42:52 -------- d-----w- C:\big w prints
2012-04-07 07:07:12 -------- d-----w- C:\Vuze
2012-04-07 06:48:39 -------- d-----w- C:\To Transfer
2012-04-06 00:19:51 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 03:09:26 -------- d-----r- C:\g on Home PC (B03f21ae66bf49c)
2012-03-28 07:22:27 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Plex
2012-03-28 07:22:20 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Deployment
2012-03-28 07:19:19 -------- d-----w- c:\documents and settings\all users.windows\application data\boost_interprocess
2012-03-28 07:19:17 -------- d-----w- c:\documents and settings\cameron\local settings\application data\Plex Media Server
2012-03-28 07:19:01 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-03-28 07:18:44 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-03-28 07:18:33 -------- d-----w- c:\windows\Logs
2012-03-28 07:16:08 -------- d-----w- c:\program files\Plex
2012-03-26 11:07:43 -------- d-----w- c:\documents and settings\cameron\application data\searchquband
2012-03-26 11:07:43 -------- d-----w- c:\documents and settings\cameron\AppData
.
==================== Find3M ====================
.
2012-04-14 15:02:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-15 03:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 03:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22:18 1860096 ------w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:06:10.65 ===============
Last edited by tashi; 2012-04-25 at 05:54.
Reason: Copy pasted log into topic :-)
-
Hi jacknjaspa, welcome to the forum.
To make cleaning this machine easier- Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs. - Please do not run any scans other than those requested
- Please follow all instructions in the order posted
- All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
- Do not attach any logs/reports, etc.. unless specifically requested to do so.
- If you have problems with or do not understand the instructions, Please ask before continuing.
- Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
I take it you are posting from a different computer?
Please download Farbar Service Scanner, transfer it to the effected computer.- double click the file to run it
- make sure Internet Service is checked (RpcSs and PlugPlay should be checked by default and greyed out)
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
-
G'day mate yeh I have a wireles connection at home & have an old notebook that that I am using to post. I'll do what you said but hope it doesn't matter that I can't get an Internet connection on my pc?
I'll do it as soon as I can & post the file as instructed.
-
G'day mate heres the FSS.txt log. Thanks for your help
Farbar Service Scanner Version: 24-04-2012
Ran by Cameron (administrator) on 25-04-2012 at 17:34:57
Running from "H:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2008-04-14 20:00] - [2011-08-17 21:49] - 0138496 ____A () 1D495EE1D3A836801D1FD816FF4A93F9
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
AegisP(1) Avgtdix(2) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000003000000040000000800000002000000060000000700000001000000
IpSec Tag value is correct.
**** End of log ****
-
-
Yep I'm back on the internet & sending this form my pc.
Heres the TDSSKiller log;
You guys are legends!!
21:16:27.0828 1836 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
21:16:27.0843 1836 ============================================================
21:16:27.0843 1836 Current date / time: 2012/04/25 21:16:27.0843
21:16:27.0843 1836 SystemInfo:
21:16:27.0843 1836
21:16:27.0843 1836 OS Version: 5.1.2600 ServicePack: 3.0
21:16:27.0843 1836 Product type: Workstation
21:16:27.0843 1836 ComputerName: B03F21AE66BF49C
21:16:27.0843 1836 UserName: Cameron
21:16:27.0843 1836 Windows directory: C:\WINDOWS
21:16:27.0843 1836 System windows directory: C:\WINDOWS
21:16:27.0843 1836 Processor architecture: Intel x86
21:16:27.0843 1836 Number of processors: 2
21:16:27.0843 1836 Page size: 0x1000
21:16:27.0843 1836 Boot type: Normal boot
21:16:27.0843 1836 ============================================================
21:16:28.0765 1836 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:16:28.0765 1836 Drive \Device\Harddisk1\DR14 - Size: 0x3CDD2200 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:16:28.0765 1836 Drive \Device\Harddisk2\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:16:31.0718 1836 ============================================================
21:16:31.0718 1836 \Device\Harddisk0\DR0:
21:16:31.0734 1836 MBR partitions:
21:16:31.0734 1836 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
21:16:31.0734 1836 \Device\Harddisk1\DR14:
21:16:31.0734 1836 MBR partitions:
21:16:31.0734 1836 \Device\Harddisk1\DR14\Partition0: MBR, Type 0xB, StartLBA 0xF7, BlocksNum 0x1E6B69
21:16:31.0734 1836 \Device\Harddisk2\DR3:
21:16:31.0734 1836 MBR partitions:
21:16:31.0734 1836 \Device\Harddisk2\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
21:16:31.0734 1836 ============================================================
21:16:31.0765 1836 C: <-> \Device\Harddisk0\DR0\Partition0
21:16:31.0843 1836 G: <-> \Device\Harddisk2\DR3\Partition0
21:16:31.0843 1836 ============================================================
21:16:31.0843 1836 Initialize success
21:16:31.0843 1836 ============================================================
21:17:10.0218 2452 ============================================================
21:17:10.0218 2452 Scan started
21:17:10.0218 2452 Mode: Manual; SigCheck; TDLFS;
21:17:10.0218 2452 ============================================================
21:17:10.0625 2452 .avgtdix - ok
21:17:11.0187 2452 2wirepcp - ok
21:17:11.0187 2452 3dkeybd - ok
21:17:11.0187 2452 61883 - ok
21:17:11.0203 2452 Abiosdsk - ok
21:17:11.0203 2452 abp480n5 - ok
21:17:11.0250 2452 ACPI (ea38c961260f29295c6d03070fa9d0b5) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:17:11.0250 2452 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: ea38c961260f29295c6d03070fa9d0b5, Fake md5: 8fd99680a539792a30e97944fdaecf17
21:17:11.0250 2452 ACPI ( Virus.Win32.Rloader.a ) - infected
21:17:11.0250 2452 ACPI - detected Virus.Win32.Rloader.a (0)
21:17:11.0265 2452 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:17:11.0796 2452 ACPIEC - ok
21:17:11.0812 2452 ACS (233235123f3d73228ec3d2bba0e7143d) C:\WINDOWS\system32\acs.exe
21:17:11.0812 2452 ACS ( UnsignedFile.Multi.Generic ) - warning
21:17:11.0812 2452 ACS - detected UnsignedFile.Multi.Generic (1)
21:17:11.0812 2452 admjoy - ok
21:17:11.0875 2452 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:17:11.0890 2452 AdobeFlashPlayerUpdateSvc - ok
21:17:11.0890 2452 adpu160m - ok
21:17:11.0921 2452 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:17:11.0984 2452 aec - ok
21:17:12.0015 2452 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:17:12.0031 2452 AegisP ( UnsignedFile.Multi.Generic ) - warning
21:17:12.0031 2452 AegisP - detected UnsignedFile.Multi.Generic (1)
21:17:12.0062 2452 AFD (1d495ee1d3a836801d1fd816ff4a93f9) C:\WINDOWS\System32\drivers\afd.sys
21:17:12.0062 2452 AFD ( Virus.Win32.ZAccess.c ) - infected
21:17:12.0062 2452 AFD - detected Virus.Win32.ZAccess.c (0)
21:17:12.0062 2452 Aha154x - ok
21:17:12.0078 2452 aic78u2 - ok
21:17:12.0078 2452 aic78xx - ok
21:17:12.0078 2452 aksusb - ok
21:17:12.0109 2452 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:17:12.0203 2452 Alerter - ok
21:17:12.0218 2452 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:17:12.0250 2452 ALG - ok
21:17:12.0250 2452 AliIde - ok
21:17:12.0250 2452 AlKernel - ok
21:17:12.0343 2452 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:17:12.0453 2452 Ambfilt - ok
21:17:12.0468 2452 ami0nt - ok
21:17:12.0484 2452 amsint - ok
21:17:12.0484 2452 ANC - ok
21:17:12.0484 2452 antivirservice - ok
21:17:12.0546 2452 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:17:12.0562 2452 Apple Mobile Device - ok
21:17:12.0593 2452 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:17:12.0640 2452 AppMgmt - ok
21:17:12.0640 2452 appnnode - ok
21:17:12.0687 2452 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WG311T13.sys
21:17:12.0718 2452 AR5211 - ok
21:17:12.0750 2452 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:17:12.0812 2452 Arp1394 - ok
21:17:12.0828 2452 asc - ok
21:17:12.0828 2452 asc3350p - ok
21:17:12.0828 2452 asc3550 - ok
21:17:12.0828 2452 aslm75 - ok
21:17:12.0828 2452 ASMMAP - ok
21:17:12.0921 2452 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:17:12.0937 2452 aspnet_state - ok
21:17:12.0937 2452 aswmon2 - ok
21:17:12.0953 2452 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:17:13.0031 2452 AsyncMac - ok
21:17:13.0046 2452 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:17:13.0140 2452 atapi - ok
21:17:13.0140 2452 Atdisk - ok
21:17:13.0156 2452 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:17:13.0234 2452 Atmarpc - ok
21:17:13.0250 2452 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:17:13.0328 2452 AudioSrv - ok
21:17:13.0343 2452 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:17:13.0421 2452 audstub - ok
21:17:13.0421 2452 AVCSTRM - ok
21:17:13.0421 2452 AVerBDA - ok
21:17:13.0640 2452 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:17:13.0828 2452 AVGIDSAgent - ok
21:17:13.0937 2452 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:17:13.0937 2452 AVGIDSDriver - ok
21:17:13.0953 2452 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:17:13.0968 2452 AVGIDSEH - ok
21:17:13.0984 2452 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:17:13.0984 2452 AVGIDSFilter - ok
21:17:14.0000 2452 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:17:14.0015 2452 AVGIDSShim - ok
21:17:14.0031 2452 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:17:14.0046 2452 Avgldx86 - ok
21:17:14.0046 2452 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:17:14.0062 2452 Avgmfx86 - ok
21:17:14.0078 2452 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:17:14.0078 2452 Avgrkx86 - ok
21:17:14.0093 2452 Avgtdix (d9a14d3bf565a33d9878ac6a8117b4f0) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:17:14.0109 2452 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\avgtdix.sys. md5: d9a14d3bf565a33d9878ac6a8117b4f0
21:17:14.0109 2452 Avgtdix ( Virus.Win32.ZAccess.c ) - infected
21:17:14.0109 2452 Avgtdix - detected Virus.Win32.ZAccess.c (0)
21:17:14.0187 2452 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:17:14.0203 2452 avgwd - ok
21:17:14.0203 2452 backuplauncher - ok
21:17:14.0218 2452 bcm43xx - ok
21:17:14.0218 2452 beatjammusicstreamingserver - ok
21:17:14.0250 2452 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:17:14.0328 2452 Beep - ok
21:17:14.0328 2452 belgium_id_card_service - ok
21:17:14.0328 2452 besclient - ok
21:17:14.0328 2452 bglivesvc - ok
21:17:14.0328 2452 bhmonitorservice - ok
21:17:14.0390 2452 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:17:14.0484 2452 BITS - ok
21:17:14.0484 2452 BoiHwsetup - ok
21:17:14.0531 2452 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:17:14.0546 2452 Bonjour Service - ok
21:17:14.0546 2452 bridgemp - ok
21:17:14.0593 2452 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:17:14.0656 2452 Browser - ok
21:17:14.0671 2452 BrPar - ok
21:17:14.0671 2452 btfirst - ok
21:17:14.0671 2452 bthidenum - ok
21:17:14.0671 2452 cachemgr - ok
21:17:14.0671 2452 CAMFLT - ok
21:17:14.0703 2452 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:17:14.0781 2452 cbidf2k - ok
21:17:14.0781 2452 CBN - ok
21:17:14.0781 2452 ccalib8 - ok
21:17:14.0812 2452 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:17:14.0890 2452 CCDECODE - ok
21:17:14.0890 2452 cd20xrnt - ok
21:17:14.0906 2452 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:17:15.0000 2452 Cdaudio - ok
21:17:15.0015 2452 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:17:15.0093 2452 Cdfs - ok
21:17:15.0093 2452 Changer - ok
21:17:15.0140 2452 CinemaNow Service (127d4d0e9f78834ffd1eeea3fcfb47c1) C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
21:17:15.0156 2452 CinemaNow Service - ok
21:17:15.0187 2452 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:17:15.0265 2452 CiSvc - ok
21:17:15.0296 2452 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:17:15.0375 2452 ClipSrv - ok
21:17:15.0390 2452 clisvc - ok
21:17:15.0468 2452 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:17:15.0484 2452 clr_optimization_v2.0.50727_32 - ok
21:17:15.0531 2452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:17:15.0546 2452 clr_optimization_v4.0.30319_32 - ok
21:17:15.0546 2452 CmdIde - ok
21:17:15.0546 2452 cmigameport - ok
21:17:15.0546 2452 COMSysApp - ok
21:17:15.0546 2452 Cpqarray - ok
21:17:15.0562 2452 cpqdmi - ok
21:17:15.0562 2452 cq_mem - ok
21:17:15.0593 2452 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:17:15.0671 2452 CryptSvc - ok
21:17:15.0671 2452 dac2w2k - ok
21:17:15.0687 2452 dac960nt - ok
21:17:15.0687 2452 DCamUSBMke - ok
21:17:15.0734 2452 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:17:15.0750 2452 DcomLaunch - ok
21:17:15.0750 2452 deventagent - ok
21:17:15.0796 2452 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:17:15.0875 2452 Dhcp - ok
21:17:15.0875 2452 dirms_defragmentation - ok
21:17:15.0890 2452 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:17:15.0984 2452 Disk - ok
21:17:16.0000 2452 dktknsrv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\QWAVE.dll
21:17:16.0000 2452 dktknsrv ( Backdoor.Multi.ZAccess.gen ) - infected
21:17:16.0000 2452 dktknsrv - detected Backdoor.Multi.ZAccess.gen (0)
21:17:16.0000 2452 dlaudfam - ok
21:17:16.0015 2452 DM9102 - ok
21:17:16.0015 2452 dmadmin - ok
21:17:16.0062 2452 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:17:16.0156 2452 dmboot - ok
21:17:16.0156 2452 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:17:16.0234 2452 dmio - ok
21:17:16.0250 2452 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:17:16.0328 2452 dmload - ok
21:17:16.0359 2452 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:17:16.0437 2452 dmserver - ok
21:17:16.0453 2452 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:17:16.0546 2452 DMusic - ok
21:17:16.0578 2452 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:17:16.0593 2452 Dnscache - ok
21:17:16.0593 2452 dnwhodisp - ok
21:17:16.0609 2452 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:17:16.0687 2452 Dot3svc - ok
21:17:16.0687 2452 dot4print - ok
21:17:16.0687 2452 dpti2o - ok
21:17:16.0703 2452 DritekPortIO - ok
21:17:16.0703 2452 driverhardwarev2 - ok
21:17:16.0718 2452 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:17:16.0796 2452 drmkaud - ok
21:17:16.0796 2452 dsbrokerservice - ok
21:17:16.0796 2452 dtscsi - ok
21:17:16.0796 2452 EagleNT - ok
21:17:16.0828 2452 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:17:16.0906 2452 EapHost - ok
21:17:16.0906 2452 EIO_XP - ok
21:17:16.0906 2452 elnkservice - ok
21:17:16.0906 2452 enodpl - ok
21:17:16.0921 2452 enxpsvc - ok
21:17:16.0921 2452 epsonbidirectionalagent - ok
21:17:16.0921 2452 epson_pm_rpcv2_02 - ok
21:17:16.0937 2452 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:17:17.0015 2452 ERSvc - ok
21:17:17.0046 2452 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:17:17.0062 2452 Eventlog - ok
21:17:17.0093 2452 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:17:17.0109 2452 EventSystem - ok
21:17:17.0109 2452 FA312 - ok
21:17:17.0140 2452 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:17:17.0250 2452 Fastfat - ok
21:17:17.0281 2452 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:17:17.0312 2452 FastUserSwitchingCompatibility - ok
21:17:17.0312 2452 fcprintservice - ok
21:17:17.0328 2452 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:17:17.0406 2452 Fdc - ok
21:17:17.0406 2452 FETNDIS - ok
21:17:17.0453 2452 FingerPrint - ok
21:17:17.0468 2452 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:17:17.0546 2452 Fips - ok
21:17:17.0546 2452 flashcomadmin - ok
21:17:17.0546 2452 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:17:17.0625 2452 Flpydisk - ok
21:17:17.0640 2452 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:17:17.0718 2452 FltMgr - ok
21:17:17.0828 2452 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:17:17.0828 2452 FontCache3.0.0.0 - ok
21:17:17.0828 2452 freepops - ok
21:17:17.0859 2452 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:17:17.0953 2452 Fs_Rec - ok
21:17:17.0953 2452 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:17:18.0046 2452 Ftdisk - ok
21:17:18.0062 2452 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:17:18.0078 2452 GEARAspiWDM - ok
21:17:18.0093 2452 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:17:18.0187 2452 Gpc - ok
21:17:18.0187 2452 GT680x - ok
21:17:18.0187 2452 GTF32BUS - ok
21:17:18.0250 2452 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
21:17:18.0265 2452 gupdate - ok
21:17:18.0281 2452 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
21:17:18.0281 2452 gupdatem - ok
21:17:18.0312 2452 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:17:18.0328 2452 gusvc - ok
21:17:18.0343 2452 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:17:18.0437 2452 HDAudBus - ok
21:17:18.0468 2452 helpsvc - ok
21:17:18.0468 2452 hidgame - ok
21:17:18.0500 2452 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:17:18.0578 2452 HidServ - ok
21:17:18.0609 2452 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:17:18.0687 2452 hidusb - ok
21:17:18.0703 2452 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:17:18.0781 2452 hkmsvc - ok
21:17:18.0781 2452 HPFECP20 - ok
21:17:18.0781 2452 hpn - ok
21:17:18.0781 2452 HpqKbFiltr - ok
21:17:18.0781 2452 HSFHWICH - ok
21:17:18.0796 2452 hsf_dp - ok
21:17:18.0796 2452 HssTrayService - ok
21:17:18.0828 2452 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:17:18.0843 2452 HTTP - ok
21:17:18.0859 2452 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:17:18.0937 2452 HTTPFilter - ok
21:17:18.0937 2452 i2omgmt - ok
21:17:18.0953 2452 i2omp - ok
21:17:18.0953 2452 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:17:19.0031 2452 i8042prt - ok
21:17:19.0031 2452 iaimfp2 - ok
21:17:19.0031 2452 iaimtv2 - ok
21:17:19.0281 2452 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:17:19.0453 2452 ialm - ok
21:17:19.0500 2452 ibmfilter - ok
21:17:19.0515 2452 ibmpmdrv - ok
21:17:19.0515 2452 ibmpmsvc - ok
21:17:19.0671 2452 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:17:19.0687 2452 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:17:19.0687 2452 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:17:19.0812 2452 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:17:19.0859 2452 idsvc - ok
21:17:19.0859 2452 igniteservice.exe - ok
21:17:19.0906 2452 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:17:20.0000 2452 Imapi - ok
21:17:20.0015 2452 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:17:20.0109 2452 ImapiService - ok
21:17:20.0109 2452 ini910u - ok
21:17:20.0359 2452 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:17:20.0515 2452 IntcAzAudAddService - ok
21:17:20.0593 2452 IntelC53 - ok
21:17:20.0609 2452 IntelIde - ok
21:17:20.0640 2452 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:17:20.0703 2452 intelppm - ok
21:17:20.0718 2452 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:17:20.0796 2452 Ip6Fw - ok
21:17:20.0828 2452 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:17:20.0906 2452 IpFilterDriver - ok
21:17:20.0921 2452 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:17:20.0984 2452 IpInIp - ok
21:17:21.0015 2452 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:17:21.0093 2452 IpNat - ok
21:17:21.0156 2452 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:17:21.0203 2452 iPod Service - ok
21:17:21.0234 2452 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:17:21.0312 2452 IPSec - ok
21:17:21.0328 2452 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:17:21.0375 2452 IRENUM - ok
21:17:21.0406 2452 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:17:21.0484 2452 isapnp - ok
21:17:21.0484 2452 IWCA - ok
21:17:21.0484 2452 ixiaendpoint - ok
21:17:21.0546 2452 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
21:17:21.0562 2452 JavaQuickStarterService - ok
21:17:21.0578 2452 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:17:21.0656 2452 Kbdclass - ok
21:17:21.0656 2452 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:17:21.0734 2452 kbdhid - ok
21:17:21.0765 2452 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:17:21.0843 2452 kmixer - ok
21:17:21.0843 2452 KMW_USB - ok
21:17:21.0875 2452 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:17:21.0921 2452 KSecDD - ok
21:17:21.0968 2452 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:17:21.0984 2452 LanmanServer - ok
21:17:22.0000 2452 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:17:22.0031 2452 lanmanworkstation - ok
21:17:22.0031 2452 lbrtfdc - ok
21:17:22.0062 2452 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:17:22.0125 2452 LmHosts - ok
21:17:22.0140 2452 ltmodem5 - ok
21:17:22.0140 2452 ltxred - ok
21:17:22.0140 2452 lusbaudio - ok
21:17:22.0156 2452 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
21:17:22.0171 2452 LVPr2Mon - ok
21:17:22.0234 2452 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:17:22.0250 2452 LVPrcSrv - ok
21:17:22.0250 2452 lxby_device - ok
21:17:22.0250 2452 lxcj_device - ok
21:17:22.0250 2452 lxdm_device - ok
21:17:22.0250 2452 Machnm32 - ok
21:17:22.0265 2452 mcdbus - ok
21:17:22.0265 2452 mcvsrte - ok
21:17:22.0312 2452 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:17:22.0328 2452 MDM ( UnsignedFile.Multi.Generic ) - warning
21:17:22.0328 2452 MDM - detected UnsignedFile.Multi.Generic (1)
21:17:22.0375 2452 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:17:22.0468 2452 Messenger - ok
21:17:22.0468 2452 mfeapfk - ok
21:17:22.0468 2452 mks_scan - ok
21:17:22.0500 2452 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:17:22.0578 2452 mnmdd - ok
21:17:22.0593 2452 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:17:22.0671 2452 mnmsrvc - ok
21:17:22.0703 2452 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:17:22.0765 2452 Modem - ok
21:17:22.0859 2452 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
21:17:22.0906 2452 Monfilt - ok
21:17:22.0953 2452 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:17:23.0031 2452 Mouclass - ok
21:17:23.0031 2452 moufiltr - ok
21:17:23.0062 2452 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:17:23.0140 2452 mouhid - ok
21:17:23.0156 2452 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:17:23.0234 2452 MountMgr - ok
21:17:23.0234 2452 mraid35x - ok
21:17:23.0250 2452 MRESP50a64 - ok
21:17:23.0250 2452 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:17:23.0343 2452 MRxDAV - ok
21:17:23.0375 2452 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:17:23.0406 2452 MRxSmb - ok
21:17:23.0406 2452 MSCamSvc - ok
21:17:23.0453 2452 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:17:23.0531 2452 MSDTC - ok
21:17:23.0546 2452 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:17:23.0625 2452 Msfs - ok
21:17:23.0625 2452 MSFWHLPR - ok
21:17:23.0625 2452 MSIServer - ok
21:17:23.0656 2452 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:17:23.0718 2452 MSKSSRV - ok
21:17:23.0734 2452 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:17:23.0828 2452 MSPCLOCK - ok
21:17:23.0828 2452 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:17:23.0921 2452 MSPQM - ok
21:17:23.0937 2452 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:17:24.0015 2452 mssmbios - ok
21:17:24.0046 2452 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:17:24.0125 2452 MSTEE - ok
21:17:24.0156 2452 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:17:24.0171 2452 Mup - ok
21:17:24.0187 2452 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:17:24.0265 2452 NABTSFEC - ok
21:17:24.0296 2452 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:17:24.0406 2452 napagent - ok
21:17:24.0406 2452 NCPro - ok
21:17:24.0437 2452 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:17:24.0531 2452 NDIS - ok
21:17:24.0546 2452 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:17:24.0609 2452 NdisIP - ok
21:17:24.0640 2452 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:17:24.0640 2452 NdisTapi - ok
21:17:24.0671 2452 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:17:24.0750 2452 Ndisuio - ok
21:17:24.0765 2452 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:17:24.0859 2452 NdisWan - ok
21:17:24.0875 2452 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:17:24.0890 2452 NDProxy - ok
21:17:24.0906 2452 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
21:17:24.0921 2452 Netaapl - ok
21:17:24.0937 2452 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:17:25.0015 2452 NetBIOS - ok
21:17:25.0046 2452 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:17:25.0125 2452 NetBT - ok
21:17:25.0156 2452 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:17:25.0234 2452 NetDDE - ok
21:17:25.0234 2452 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:17:25.0312 2452 NetDDEdsdm - ok
21:17:25.0312 2452 netdevio - ok
21:17:25.0343 2452 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:25.0421 2452 Netlogon - ok
21:17:25.0468 2452 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:17:25.0546 2452 Netman - ok
21:17:25.0625 2452 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:17:25.0640 2452 NetTcpPortSharing - ok
21:17:25.0671 2452 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:17:25.0750 2452 NIC1394 - ok
21:17:25.0750 2452 nim32 - ok
21:17:25.0796 2452 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:17:25.0812 2452 Nla - ok
21:17:25.0812 2452 nod32krn - ok
21:17:25.0812 2452 npfmntor - ok
21:17:25.0828 2452 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:17:25.0906 2452 Npfs - ok
21:17:25.0953 2452 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:17:26.0031 2452 Ntfs - ok
21:17:26.0046 2452 ntiopnp - ok
21:17:26.0046 2452 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:26.0109 2452 NtLmSsp - ok
21:17:26.0140 2452 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:17:26.0218 2452 NtmsSvc - ok
21:17:26.0234 2452 ntsyslog - ok
21:17:26.0250 2452 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:17:26.0328 2452 Null - ok
21:17:26.0328 2452 NWADI - ok
21:17:26.0359 2452 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:17:26.0437 2452 NwlnkFlt - ok
21:17:26.0437 2452 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:17:26.0515 2452 NwlnkFwd - ok
21:17:26.0515 2452 NWSNS - ok
21:17:26.0515 2452 NxSysMon - ok
21:17:26.0640 2452 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:17:26.0671 2452 odserv - ok
21:17:26.0671 2452 ofcpfwsvc - ok
21:17:26.0703 2452 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:17:26.0781 2452 ohci1394 - ok
21:17:26.0781 2452 opcenum - ok
21:17:26.0781 2452 oracleorahome92tnslistener - ok
21:17:26.0812 2452 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:17:26.0843 2452 ose - ok
21:17:26.0843 2452 p2psvc - ok
21:17:26.0843 2452 papycpu2 - ok
21:17:26.0875 2452 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:17:26.0968 2452 Parport - ok
21:17:26.0968 2452 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:17:27.0031 2452 PartMgr - ok
21:17:27.0062 2452 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:17:27.0140 2452 ParVdm - ok
21:17:27.0140 2452 pavdrv - ok
21:17:27.0156 2452 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:17:27.0234 2452 PCI - ok
21:17:27.0234 2452 PCIDump - ok
21:17:27.0265 2452 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:17:27.0328 2452 PCIIde - ok
21:17:27.0375 2452 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:17:27.0437 2452 Pcmcia - ok
21:17:27.0453 2452 pcscnsrv - ok
21:17:27.0453 2452 PDCOMP - ok
21:17:27.0453 2452 pdengine - ok
21:17:27.0453 2452 PDFRAME - ok
21:17:27.0453 2452 pdlnctdl - ok
21:17:27.0468 2452 pdlnemsg - ok
21:17:27.0468 2452 PDRELI - ok
21:17:27.0468 2452 PDRFRAME - ok
21:17:27.0468 2452 pepifilter - ok
21:17:27.0468 2452 perc2 - ok
21:17:27.0484 2452 perc2hib - ok
21:17:27.0484 2452 phc600 - ok
21:17:27.0609 2452 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
21:17:27.0687 2452 PID_PEPI - ok
21:17:27.0750 2452 pilogsrv - ok
21:17:27.0781 2452 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:17:27.0796 2452 PlugPlay - ok
21:17:27.0796 2452 pmsveh - ok
21:17:27.0796 2452 pnrouter - ok
21:17:27.0828 2452 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:27.0890 2452 PolicyAgent - ok
21:17:27.0921 2452 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:17:28.0015 2452 PptpMiniport - ok
21:17:28.0015 2452 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:28.0093 2452 ProtectedStorage - ok
21:17:28.0093 2452 proxyhostdriver - ok
21:17:28.0093 2452 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:17:28.0171 2452 PSched - ok
21:17:28.0171 2452 pshost - ok
21:17:28.0187 2452 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:17:28.0281 2452 Ptilink - ok
21:17:28.0281 2452 ql1080 - ok
21:17:28.0281 2452 Ql10wnt - ok
21:17:28.0281 2452 ql12160 - ok
21:17:28.0296 2452 ql1240 - ok
21:17:28.0296 2452 ql1280 - ok
21:17:28.0312 2452 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:17:28.0375 2452 RasAcd - ok
21:17:28.0406 2452 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:17:28.0515 2452 RasAuto - ok
21:17:28.0546 2452 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:17:28.0625 2452 Rasl2tp - ok
21:17:28.0656 2452 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:17:28.0734 2452 RasMan - ok
21:17:28.0750 2452 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:17:28.0828 2452 RasPppoe - ok
21:17:28.0828 2452 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:17:28.0890 2452 Raspti - ok
21:17:28.0937 2452 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:17:29.0015 2452 Rdbss - ok
21:17:29.0015 2452 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:17:29.0093 2452 RDPCDD - ok
21:17:29.0125 2452 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:17:29.0187 2452 rdpdr - ok
21:17:29.0234 2452 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:17:29.0265 2452 RDPWD - ok
21:17:29.0296 2452 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:17:29.0390 2452 RDSessMgr - ok
21:17:29.0406 2452 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:17:29.0484 2452 redbook - ok
21:17:29.0515 2452 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:17:29.0609 2452 RemoteAccess - ok
21:17:29.0640 2452 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:17:29.0703 2452 RemoteRegistry - ok
21:17:29.0796 2452 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:17:29.0812 2452 RichVideo - ok
21:17:29.0828 2452 RimUsb - ok
21:17:29.0843 2452 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:17:29.0875 2452 RimVSerPort - ok
21:17:29.0890 2452 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:17:29.0968 2452 ROOTMODEM - ok
21:17:30.0031 2452 RoxLiveShare9 - ok
21:17:30.0078 2452 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:17:30.0156 2452 RpcLocator - ok
21:17:30.0187 2452 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:17:30.0218 2452 RpcSs - ok
21:17:30.0218 2452 rslinxng - ok
21:17:30.0265 2452 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:17:30.0343 2452 RSVP - ok
21:17:30.0343 2452 rt73 - ok
21:17:30.0390 2452 RTLE8023xp (c48e7bbc6a17a0676079e11a13e82549) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:17:30.0390 2452 RTLE8023xp - ok
21:17:30.0406 2452 s616mgmt - ok
21:17:30.0437 2452 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:17:30.0500 2452 SamSs - ok
21:17:30.0500 2452 sandboxu - ok
21:17:30.0515 2452 sbcssvc - ok
21:17:30.0515 2452 sbhooksvc - ok
21:17:30.0515 2452 scarddrv - ok
21:17:30.0546 2452 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:17:30.0625 2452 SCardSvr - ok
21:17:30.0656 2452 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:17:30.0734 2452 Schedule - ok
21:17:30.0734 2452 scsiaccess - ok
21:17:30.0734 2452 SE2Cmdm - ok
21:17:30.0734 2452 se44mgmt - ok
21:17:30.0765 2452 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:17:30.0796 2452 Secdrv - ok
21:17:30.0828 2452 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:17:30.0906 2452 seclogon - ok
21:17:30.0921 2452 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
21:17:31.0000 2452 SENS - ok
21:17:31.0015 2452 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:17:31.0093 2452 serenum - ok
21:17:31.0125 2452 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:17:31.0187 2452 Serial - ok
21:17:31.0203 2452 serialkeys - ok
21:17:31.0218 2452 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:17:31.0296 2452 Sfloppy - ok
21:17:31.0343 2452 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:17:31.0421 2452 SharedAccess - ok
21:17:31.0453 2452 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:17:31.0453 2452 ShellHWDetection - ok
21:17:31.0468 2452 Si3114r5 - ok
21:17:31.0468 2452 Simbad - ok
21:17:31.0468 2452 SiRemFil - ok
21:17:31.0468 2452 SiSRaid2 - ok
21:17:31.0468 2452 sit_flt - ok
21:17:31.0484 2452 Sk99202k - ok
21:17:31.0515 2452 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:17:31.0578 2452 SLIP - ok
21:17:31.0593 2452 snac - ok
21:17:31.0593 2452 snapman - ok
21:17:31.0593 2452 sonytvc - ok
21:17:31.0593 2452 Sparrow - ok
21:17:31.0609 2452 spcsutilityservice - ok
21:17:31.0640 2452 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:17:31.0703 2452 splitter - ok
21:17:31.0734 2452 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:17:31.0750 2452 Spooler - ok
21:17:31.0750 2452 sprtsvc_ddoctorv2 - ok
21:17:31.0750 2452 sqlserveragent - ok
21:17:31.0781 2452 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:17:31.0828 2452 sr - ok
21:17:31.0843 2452 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:17:31.0890 2452 srservice - ok
21:17:31.0921 2452 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:17:31.0937 2452 Srv - ok
21:17:31.0937 2452 SrvcEPIOMngr - ok
21:17:31.0968 2452 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:17:32.0000 2452 SSDPSRV - ok
21:17:32.0015 2452 sshrmd - ok
21:17:32.0015 2452 StickyMesger - ok
21:17:32.0046 2452 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:17:32.0140 2452 stisvc - ok
21:17:32.0140 2452 stllssvr - ok
21:17:32.0156 2452 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:17:32.0234 2452 streamip - ok
21:17:32.0250 2452 susbser - ok
21:17:32.0265 2452 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:17:32.0328 2452 swenum - ok
21:17:32.0359 2452 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:17:32.0437 2452 swmidi - ok
21:17:32.0437 2452 SwPrv - ok
21:17:32.0437 2452 symantecantibotdriver - ok
21:17:32.0453 2452 symantecantibotshim - ok
21:17:32.0453 2452 symc810 - ok
21:17:32.0453 2452 symc8xx - ok
21:17:32.0453 2452 sym_hi - ok
21:17:32.0468 2452 sym_u3 - ok
21:17:32.0484 2452 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:17:32.0562 2452 sysaudio - ok
21:17:32.0625 2452 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:17:32.0703 2452 SysmonLog - ok
21:17:32.0734 2452 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:17:32.0812 2452 TapiSrv - ok
21:17:32.0843 2452 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:17:32.0859 2452 Tcpip - ok
21:17:32.0890 2452 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:17:32.0953 2452 TDPIPE - ok
21:17:32.0953 2452 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:17:33.0046 2452 TDTCP - ok
21:17:33.0078 2452 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:17:33.0156 2452 TermDD - ok
21:17:33.0187 2452 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:17:33.0265 2452 TermService - ok
21:17:33.0265 2452 tfsnopio - ok
21:17:33.0296 2452 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:17:33.0312 2452 Themes - ok
21:17:33.0343 2452 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:17:33.0375 2452 TlntSvr - ok
21:17:33.0375 2452 TMHIDSRV - ok
21:17:33.0390 2452 TosIde - ok
21:17:33.0421 2452 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:17:33.0500 2452 TrkWks - ok
21:17:33.0500 2452 tversitymediaserver - ok
21:17:33.0500 2452 tzontservice - ok
21:17:33.0515 2452 UDFReadr - ok
21:17:33.0546 2452 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:17:33.0625 2452 Udfs - ok
21:17:33.0640 2452 uhcd - ok
21:17:33.0640 2452 ultra - ok
21:17:33.0640 2452 UPATC - ok
21:17:33.0687 2452 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:17:33.0765 2452 Update - ok
21:17:33.0781 2452 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:17:33.0828 2452 upnphost - ok
21:17:33.0828 2452 upperdev - ok
21:17:33.0843 2452 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:17:33.0906 2452 UPS - ok
21:17:33.0937 2452 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:17:33.0937 2452 USBAAPL - ok
21:17:33.0953 2452 usbatapi2000 - ok
21:17:33.0968 2452 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:17:34.0046 2452 usbaudio - ok
21:17:34.0078 2452 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:17:34.0156 2452 usbccgp - ok
21:17:34.0171 2452 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:17:34.0250 2452 usbehci - ok
21:17:34.0281 2452 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:17:34.0359 2452 usbhub - ok
21:17:34.0375 2452 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:17:34.0453 2452 usbprint - ok
21:17:34.0468 2452 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:17:34.0546 2452 usbscan - ok
21:17:34.0578 2452 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:17:34.0656 2452 USBSTOR - ok
21:17:34.0671 2452 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:17:34.0734 2452 usbuhci - ok
21:17:34.0734 2452 USB_RNDIS - ok
21:17:34.0750 2452 useraccess - ok
21:17:34.0765 2452 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:17:34.0828 2452 VgaSave - ok
21:17:34.0843 2452 ViaIde - ok
21:17:34.0843 2452 videoacceleratorengine - ok
21:17:34.0843 2452 vmparport - ok
21:17:34.0859 2452 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:17:34.0937 2452 VolSnap - ok
21:17:34.0937 2452 vsdatant - ok
21:17:34.0984 2452 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:17:35.0015 2452 VSS - ok
21:17:35.0046 2452 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:17:35.0109 2452 W32Time - ok
21:17:35.0140 2452 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:17:35.0218 2452 Wanarp - ok
21:17:35.0250 2452 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:17:35.0265 2452 WDC_SAM - ok
21:17:35.0328 2452 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:17:35.0375 2452 Wdf01000 - ok
21:17:35.0375 2452 WDICA - ok
21:17:35.0390 2452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:17:35.0468 2452 wdmaud - ok
21:17:35.0500 2452 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:17:35.0562 2452 WebClient - ok
21:17:35.0578 2452 websensecamreportserver - ok
21:17:35.0578 2452 whoisd32 - ok
21:17:35.0578 2452 winachcf - ok
21:17:35.0640 2452 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:17:35.0718 2452 winmgmt - ok
21:17:35.0734 2452 wlancfg - ok
21:17:35.0734 2452 wlluc48 - ok
21:17:35.0734 2452 wmccdsls - ok
21:17:35.0765 2452 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:17:35.0812 2452 WmdmPmSN - ok
21:17:35.0843 2452 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:17:35.0890 2452 Wmi - ok
21:17:35.0921 2452 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:17:35.0984 2452 WmiApSrv - ok
21:17:36.0093 2452 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:17:36.0140 2452 WMPNetworkSvc - ok
21:17:36.0281 2452 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:17:36.0312 2452 WPFFontCache_v0400 - ok
21:17:36.0359 2452 wpshelper - ok
21:17:36.0390 2452 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:17:36.0468 2452 WSTCODEC - ok
21:17:36.0500 2452 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:17:36.0562 2452 wuauserv - ok
21:17:36.0609 2452 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:17:36.0656 2452 WudfPf - ok
21:17:36.0703 2452 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:17:36.0718 2452 WudfRd - ok
21:17:36.0765 2452 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:17:36.0765 2452 WudfSvc - ok
21:17:36.0828 2452 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:17:36.0937 2452 WZCSVC - ok
21:17:36.0968 2452 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:17:37.0046 2452 xmlprov - ok
21:17:37.0046 2452 Xponaut_WBD - ok
21:17:37.0046 2452 zendcoreapache - ok
21:17:37.0046 2452 ZuneWlanCfgSvc - ok
21:17:37.0093 2452 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:17:37.0312 2452 \Device\Harddisk0\DR0 - ok
21:17:37.0328 2452 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR14
21:17:37.0500 2452 \Device\Harddisk1\DR14 - ok
21:17:37.0546 2452 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk2\DR3
21:17:53.0062 2452 \Device\Harddisk2\DR3 - ok
21:17:53.0062 2452 Boot (0x1200) (ba8e3f9f280e677b1a053430c0bb4fe5) \Device\Harddisk0\DR0\Partition0
21:17:53.0078 2452 \Device\Harddisk0\DR0\Partition0 - ok
21:17:53.0078 2452 Boot (0x1200) (b11ea20c0c893a8f3492cd347145f0c0) \Device\Harddisk1\DR14\Partition0
21:17:53.0078 2452 \Device\Harddisk1\DR14\Partition0 - ok
21:17:53.0078 2452 Boot (0x1200) (fee9c7855dd1239cae89a9e4488e0700) \Device\Harddisk2\DR3\Partition0
21:17:53.0109 2452 \Device\Harddisk2\DR3\Partition0 - ok
21:17:53.0109 2452 ============================================================
21:17:53.0109 2452 Scan finished
21:17:53.0109 2452 ============================================================
21:17:53.0218 1376 Detected object count: 8
21:17:53.0218 1376 Actual detected object count: 8
21:18:50.0625 1376 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
21:18:50.0718 1376 Backup copy found, using it..
21:18:50.0734 1376 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
21:18:50.0734 1376 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
21:18:50.0734 1376 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:50.0734 1376 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:50.0734 1376 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:50.0734 1376 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:50.0796 1376 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
21:18:50.0828 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\@ - copied to quarantine
21:18:50.0843 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\cfg.ini - copied to quarantine
21:18:50.0875 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\Desktop.ini - copied to quarantine
21:18:50.0906 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\L\ehuhiilp - copied to quarantine
21:18:50.0921 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\oemid - copied to quarantine
21:18:50.0968 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000001.@ - copied to quarantine
21:18:51.0015 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000002.@ - copied to quarantine
21:18:51.0031 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000004.@ - copied to quarantine
21:18:51.0062 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000000.@ - copied to quarantine
21:18:51.0062 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000004.@ - copied to quarantine
21:18:51.0109 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000032.@ - copied to quarantine
21:18:51.0156 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\version - copied to quarantine
21:18:51.0187 1376 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
21:18:51.0281 1376 Backup copy found, using it..
21:18:51.0312 1376 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
21:18:52.0421 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\@ - will be deleted on reboot
21:18:52.0421 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\cfg.ini - will be deleted on reboot
21:18:52.0468 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\Desktop.ini - will be deleted on reboot
21:18:52.0484 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\oemid - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000001.@ - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000002.@ - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\00000004.@ - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000000.@ - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000004.@ - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\U\80000032.@ - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\2007179268\version - will be deleted on reboot
21:18:52.0515 1376 C:\WINDOWS\$NtUninstallKB22439$\4069655542 - will be deleted on reboot
21:18:52.0515 1376 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
21:18:52.0593 1376 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - copied to quarantine
21:18:52.0640 1376 Backup copy not found, trying to cure infected file..
21:18:52.0640 1376 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - Cure failed (FFFFFFFF)
21:18:52.0640 1376 C:\WINDOWS\system32\DRIVERS\avgtdix.sys - processing error
21:18:53.0625 1376 Avgtdix ( Virus.Win32.ZAccess.c ) - User select action: Cure
21:18:53.0656 1376 C:\WINDOWS\system32\QWAVE.dll - copied to quarantine
21:18:53.0656 1376 HKLM\SYSTEM\ControlSet001\services\dktknsrv - will be deleted on reboot
21:18:53.0656 1376 HKLM\SYSTEM\ControlSet002\services\dktknsrv - will be deleted on reboot
21:18:53.0671 1376 C:\WINDOWS\system32\QWAVE.dll - will be deleted on reboot
21:18:53.0671 1376 dktknsrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
21:18:53.0687 1376 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:53.0687 1376 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:18:53.0687 1376 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:18:53.0687 1376 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:21:34.0000 0648 Deinitialize success
-
Hi jacknjaspa,
It looks like AVG itself may be infected. Let's have a closer look.
Download OTL to your desktop.
- Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output
- Check the boxes beside LOP Check and Purity Check.
- In the window under Custom Scans/Fixes copy and paste the following
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
Avgtdix.*
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgtdix /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.avgtdix /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antivirservice /s
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
-
OTL Extras logfile created on: 26/04/2012 7:41:25 AM - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Documents and Settings\Cameron\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
1.99 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.78% Memory free
4.87 Gb Paging File | 4.16 Gb Available in Paging File | 85.32% Paging File free
Paging file location(s): C:\pagefile.sys 3100 3100 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 35.56 Gb Free Space | 11.93% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 75.29 Gb Free Space | 50.51% Space Free | Partition Type: NTFS
Computer Name: B03F21AE66BF49C | User Name: Cameron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.reg [@ = regfile] -- regedit.exe "%1"
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" = C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe:*:Enabled:CinemaNow Media Manager -- (CinemaNow Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\FingerPrint\FingerPrintService.exe" = C:\Program Files\FingerPrint\FingerPrintService.exe:*:Enabled:FingerPrint Service -- (Collobos Software)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe" = C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe:*:Enabled:Plex Media Server -- (Plex, Inc.)
"C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe" = C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe:*:Enabled:Plex Scripting Host -- ()
"C:\Program Files\Plex\Plex Media Center\Plex.exe" = C:\Program Files\Plex\Plex Media Center\Plex.exe:*:Enabled:Plex Media Center -- (Plex, Inc.)
"C:\Program Files\Safari\Safari.exe" = C:\Program Files\Safari\Safari.exe:*:Enabled:Safari -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{069C1AD7-AC72-40E0-A156-7442EA6A48D7}" = AVG 2012
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F0DEB7-21A6-4166-B021-CE9675665985}" = Plex Media Server
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{54DFC275-7F2F-4F01-B8B5-304E1DD03B04}" = Garfield G1 Spelling
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{85D5BFBB-8BC4-467B-BADA-D574A3CDC139}_is1" = FingerPrint 1.2.0.278
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BAF227A2-E214-49E3-9137-94A300EA85BA}" = iPhone Configuration Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG" = AVG 2012
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome Frame" = Google Chrome Frame
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HFSExplorer" = HFSExplorer 0.21
"iBackupBot for iTunes" = iBackupBot for iTunes 3.1.6
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{FC321AD2-48B4-4013-B997-A65D5FBBD006}" = NETGEAR WG311T Wireless Adapter
"Logitech Vid" = Logitech Vid HD
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Speed Dial Utility" = Canon Speed Dial Utility
"VLC media player" = VLC media player 1.1.10
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Plex" = Plex
"RewardsArcade" = RewardsArcade
"Smart Fortress 2012" = Smart Fortress 2012
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18
Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19
Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20
Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21
Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22
Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23
Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24
Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 3
Error - 25/04/2012 7:39:34 PM | Computer Name = B03F21AE66BF49C | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 3
Error - 25/04/2012 7:41:09 PM | Computer Name = B03F21AE66BF49C | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.42.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ OSession Events ]
Error - 20/08/2011 2:49:44 AM | Computer Name = B03F21AE66BF49C | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 803260
seconds with 2100 seconds of active time. This session ended with a crash.
Error - 29/02/2012 4:00:32 AM | Computer Name = B03F21AE66BF49C | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 339531
seconds with 3180 seconds of active time. This session ended with a crash.
< End of report >
-
When I try & submit the OTL file its saying that its 87377 characters & I need to shorten to 64000.
Any Suggestions how i can do this?
-
Hi jacknjaspa,
Eith break it into multiple posts or zip it and attach it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules