Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer crashes, suspecting malware.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer crashes, suspecting malware.

Unread postby Raviola » August 8th, 2011, 9:47 am

Hi,
my computer crashes in often nowadays and does so in many ways. Either there's a bluescreen the display won't show when I boot. After some
googling I've found out that HijackThis might help? I don't have the knowledge to analyze the logfile though. Can anyone give me any pointers as to what might be wrong here? Any help is much appreciated :)

Here is my Logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:24:26, on 08.08.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
C:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [] C:\Program Files\Broadcom\WirelessBCM MIMO\Utility\Wlan11ag.exe -hide
O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Magnus Kristus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - Startup: Logitech . Produktregistrering.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - F:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7504 bytes
Raviola
Active Member
 
Posts: 7
Joined: August 8th, 2011, 9:29 am
Advertisement
Register to Remove

Re: Computer crashes, suspecting malware.

Unread postby askey127 » August 10th, 2011, 6:16 am

Hi Raviola,
If you still need help and are not receiving it elsewhere, please proceed as follows:
Unless I ask, please don't install, remove, or scan with anything while we work here, until the machine is clean.
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program uTorrent in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
(Limewire has been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
-----------------------------------------------------------
Remove Registry items with HijackThis. Start HijackThis. (Right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
O4 - HKCU\..\Run: [Google Update] "C:\Users\Magnus Kristus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Logitech . Produktregistrering.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\WG311v3.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

uTorrent

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Disable CD Emulator(s)
We need to use powerful tools to investigate your system. *If* you are are using a CD Emulator (Daemon Tools, Alcohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since the hidden drivers from CD Emulators can be seen as a rootkit, we need to remove or disable them until disinfection is completed.

Please download DeFogger by jpshortstuff and save it to your desktop.
  • Double click DeFogger.exe to run the tool.
  • The application window will appear.
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK...DeFogger will now ask to reboot the machine...click OK. If not, reboot manually.
  • Do not re-enable these drivers until instructed or your system has been cleaned.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer crashes, suspecting malware.

Unread postby Raviola » August 10th, 2011, 7:02 am

Hi, thank you very much for your help. I have done what you asked but no infections were found.


Here is the log:

2011/08/10 12:56:49.0511 1372 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/10 12:56:49.0683 1372 ================================================================================
2011/08/10 12:56:49.0683 1372 SystemInfo:
2011/08/10 12:56:49.0683 1372
2011/08/10 12:56:49.0683 1372 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/10 12:56:49.0683 1372 Product type: Workstation
2011/08/10 12:56:49.0683 1372 ComputerName: MAGNUS-PC
2011/08/10 12:56:49.0683 1372 UserName: Magnus Kristus
2011/08/10 12:56:49.0683 1372 Windows directory: C:\Windows
2011/08/10 12:56:49.0683 1372 System windows directory: C:\Windows
2011/08/10 12:56:49.0683 1372 Processor architecture: Intel x86
2011/08/10 12:56:49.0683 1372 Number of processors: 2
2011/08/10 12:56:49.0683 1372 Page size: 0x1000
2011/08/10 12:56:49.0683 1372 Boot type: Normal boot
2011/08/10 12:56:49.0683 1372 ================================================================================
2011/08/10 12:56:50.0665 1372 Initialize success
2011/08/10 12:58:11.0879 2124 ================================================================================
2011/08/10 12:58:11.0879 2124 Scan started
2011/08/10 12:58:11.0879 2124 Mode: Manual;
2011/08/10 12:58:11.0879 2124 ================================================================================
2011/08/10 12:58:14.0671 2124 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/10 12:58:14.0843 2124 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/10 12:58:15.0015 2124 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/10 12:58:15.0093 2124 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/10 12:58:15.0264 2124 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/10 12:58:15.0514 2124 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/10 12:58:15.0732 2124 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/10 12:58:15.0904 2124 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/10 12:58:16.0091 2124 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/10 12:58:16.0185 2124 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/10 12:58:16.0231 2124 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/10 12:58:16.0356 2124 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/10 12:58:16.0419 2124 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/10 12:58:16.0543 2124 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/10 12:58:16.0653 2124 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/10 12:58:16.0793 2124 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/10 12:58:16.0855 2124 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/10 12:58:17.0089 2124 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2011/08/10 12:58:17.0199 2124 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2011/08/10 12:58:17.0355 2124 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys
2011/08/10 12:58:17.0526 2124 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/10 12:58:17.0994 2124 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/10 12:58:18.0119 2124 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/10 12:58:18.0244 2124 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/10 12:58:18.0306 2124 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/10 12:58:18.0478 2124 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/10 12:58:18.0930 2124 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/10 12:58:18.0961 2124 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/10 12:58:18.0993 2124 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/10 12:58:19.0195 2124 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/10 12:58:19.0305 2124 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/10 12:58:19.0383 2124 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/10 12:58:19.0429 2124 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/10 12:58:19.0539 2124 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/10 12:58:19.0695 2124 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/10 12:58:19.0726 2124 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/08/10 12:58:19.0773 2124 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/10 12:58:19.0851 2124 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/10 12:58:20.0022 2124 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/10 12:58:20.0287 2124 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/10 12:58:20.0365 2124 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/10 12:58:20.0475 2124 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/10 12:58:20.0631 2124 E1G60 (0bb1771e642d42531ba1094ef494e308) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/10 12:58:20.0802 2124 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/10 12:58:20.0974 2124 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/08/10 12:58:21.0520 2124 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/10 12:58:21.0613 2124 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys
2011/08/10 12:58:21.0707 2124 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/10 12:58:21.0863 2124 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/10 12:58:21.0972 2124 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/10 12:58:22.0347 2124 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/10 12:58:22.0456 2124 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/10 12:58:22.0518 2124 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/10 12:58:22.0674 2124 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/10 12:58:22.0783 2124 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/10 12:58:22.0830 2124 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/10 12:58:22.0955 2124 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/08/10 12:58:23.0173 2124 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/08/10 12:58:23.0423 2124 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/10 12:58:23.0563 2124 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/10 12:58:23.0641 2124 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/10 12:58:23.0735 2124 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/10 12:58:23.0797 2124 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys
2011/08/10 12:58:23.0907 2124 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/10 12:58:24.0047 2124 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/10 12:58:24.0531 2124 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/10 12:58:24.0702 2124 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/10 12:58:24.0765 2124 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/10 12:58:24.0889 2124 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/10 12:58:25.0779 2124 IntcAzAudAddService (5a4aad2240cb8b50ffeaedb2bf747abd) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/10 12:58:25.0919 2124 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/10 12:58:26.0059 2124 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/10 12:58:26.0215 2124 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/10 12:58:26.0387 2124 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/10 12:58:26.0496 2124 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/10 12:58:26.0559 2124 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/10 12:58:26.0605 2124 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/10 12:58:26.0730 2124 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/10 12:58:26.0839 2124 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/10 12:58:26.0949 2124 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/10 12:58:27.0011 2124 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/10 12:58:27.0058 2124 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/10 12:58:27.0229 2124 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/10 12:58:27.0339 2124 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/10 12:58:27.0448 2124 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/10 12:58:27.0541 2124 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/10 12:58:27.0666 2124 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/10 12:58:27.0729 2124 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/10 12:58:27.0978 2124 LVcKap (9ce361764c5dd5fa5506510fe5d2297b) C:\Windows\system32\DRIVERS\LVcKap.sys
2011/08/10 12:58:28.0587 2124 LVPr2Mon (94d03b31f36bb362fa5713470fcf1c79) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/08/10 12:58:28.0743 2124 LVRS (a198cd8a1c813d9ceba29a29d45fc94c) C:\Windows\system32\DRIVERS\lvrs.sys
2011/08/10 12:58:28.0930 2124 LVUSBSta (8b79a50360fc31df6b7b979b686b4aa2) C:\Windows\system32\drivers\LVUSBSta.sys
2011/08/10 12:58:30.0271 2124 LVUVC (5c20c4be679842cbee729b0cff5928bd) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/08/10 12:58:30.0521 2124 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/10 12:58:30.0583 2124 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/10 12:58:30.0708 2124 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/10 12:58:30.0817 2124 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/10 12:58:30.0849 2124 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/10 12:58:30.0895 2124 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/10 12:58:31.0020 2124 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/10 12:58:31.0098 2124 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys
2011/08/10 12:58:31.0223 2124 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/10 12:58:31.0535 2124 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/10 12:58:31.0909 2124 MRV6X32P (cd0a89c61e8f4be0b1dfbb4b972fc1dd) C:\Windows\system32\DRIVERS\MRVW13B.sys
2011/08/10 12:58:32.0112 2124 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/10 12:58:32.0284 2124 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/10 12:58:32.0362 2124 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/10 12:58:32.0471 2124 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/10 12:58:32.0565 2124 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/08/10 12:58:32.0658 2124 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys
2011/08/10 12:58:32.0721 2124 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/10 12:58:32.0845 2124 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/10 12:58:33.0001 2124 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/10 12:58:33.0095 2124 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/10 12:58:33.0391 2124 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/10 12:58:33.0485 2124 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/10 12:58:33.0563 2124 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/10 12:58:33.0641 2124 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/10 12:58:33.0688 2124 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/10 12:58:33.0735 2124 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/10 12:58:33.0922 2124 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/10 12:58:34.0000 2124 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/10 12:58:34.0078 2124 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/10 12:58:34.0203 2124 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/10 12:58:34.0499 2124 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/10 12:58:34.0577 2124 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/10 12:58:34.0686 2124 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/10 12:58:34.0811 2124 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/10 12:58:34.0858 2124 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/10 12:58:34.0951 2124 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/10 12:58:35.0014 2124 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/10 12:58:35.0076 2124 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/10 12:58:35.0154 2124 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/10 12:58:38.0321 2124 nvlddmkm (01544d3e8b6c8c490f57317ad5e4e9ff) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/10 12:58:38.0633 2124 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/10 12:58:38.0680 2124 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/10 12:58:38.0773 2124 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/10 12:58:38.0945 2124 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/10 12:58:39.0117 2124 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/10 12:58:39.0226 2124 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/10 12:58:39.0335 2124 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/10 12:58:39.0444 2124 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/10 12:58:39.0538 2124 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/08/10 12:58:39.0600 2124 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/10 12:58:39.0819 2124 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/10 12:58:39.0990 2124 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/10 12:58:40.0068 2124 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/10 12:58:40.0240 2124 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/10 12:58:40.0489 2124 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/10 12:58:40.0536 2124 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/10 12:58:40.0645 2124 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/10 12:58:40.0739 2124 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/10 12:58:40.0801 2124 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/10 12:58:40.0957 2124 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/10 12:58:41.0035 2124 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/10 12:58:41.0160 2124 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/10 12:58:41.0223 2124 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/10 12:58:41.0332 2124 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\drivers\rdpdr.sys
2011/08/10 12:58:41.0425 2124 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/10 12:58:41.0503 2124 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/10 12:58:41.0613 2124 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/10 12:58:41.0706 2124 RTL8169 (53892cbd9735a80712ee9439268344b4) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/08/10 12:58:41.0893 2124 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
2011/08/10 12:58:42.0003 2124 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
2011/08/10 12:58:42.0112 2124 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
2011/08/10 12:58:42.0268 2124 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
2011/08/10 12:58:42.0439 2124 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
2011/08/10 12:58:42.0517 2124 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
2011/08/10 12:58:42.0627 2124 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
2011/08/10 12:58:42.0720 2124 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/10 12:58:42.0798 2124 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/10 12:58:42.0829 2124 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/10 12:58:42.0861 2124 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/08/10 12:58:42.0876 2124 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/10 12:58:42.0923 2124 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/10 12:58:42.0939 2124 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/10 12:58:42.0954 2124 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/10 12:58:42.0985 2124 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/10 12:58:43.0017 2124 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/10 12:58:43.0032 2124 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/10 12:58:43.0048 2124 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/10 12:58:43.0079 2124 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/10 12:58:43.0126 2124 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/10 12:58:43.0173 2124 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
2011/08/10 12:58:43.0266 2124 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/10 12:58:43.0329 2124 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/10 12:58:43.0391 2124 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/10 12:58:43.0469 2124 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/10 12:58:43.0485 2124 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/10 12:58:43.0547 2124 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/10 12:58:43.0563 2124 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/10 12:58:43.0641 2124 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/08/10 12:58:43.0719 2124 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/10 12:58:43.0812 2124 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/10 12:58:43.0890 2124 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/10 12:58:43.0968 2124 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/10 12:58:44.0015 2124 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/10 12:58:44.0046 2124 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/10 12:58:44.0187 2124 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/10 12:58:44.0374 2124 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/10 12:58:44.0499 2124 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/10 12:58:44.0561 2124 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/10 12:58:44.0608 2124 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/10 12:58:44.0639 2124 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/10 12:58:44.0701 2124 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/10 12:58:44.0717 2124 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/10 12:58:44.0733 2124 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/10 12:58:44.0764 2124 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/10 12:58:44.0967 2124 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/08/10 12:58:44.0998 2124 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/10 12:58:45.0029 2124 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/10 12:58:45.0060 2124 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/10 12:58:45.0091 2124 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/10 12:58:45.0232 2124 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/10 12:58:45.0294 2124 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/08/10 12:58:45.0341 2124 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/10 12:58:45.0653 2124 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/10 12:58:45.0918 2124 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/10 12:58:45.0996 2124 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
2011/08/10 12:58:46.0043 2124 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/10 12:58:46.0059 2124 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/10 12:58:46.0059 2124 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/10 12:58:46.0090 2124 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/10 12:58:46.0105 2124 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/10 12:58:46.0137 2124 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/10 12:58:46.0183 2124 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/10 12:58:46.0339 2124 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/10 12:58:46.0386 2124 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/10 12:58:46.0511 2124 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/10 12:58:46.0651 2124 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/10 12:58:46.0667 2124 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/10 12:58:46.0683 2124 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/10 12:58:46.0776 2124 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/10 12:58:46.0870 2124 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/10 12:58:47.0041 2124 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/10 12:58:47.0151 2124 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/10 12:58:47.0213 2124 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/10 12:58:47.0353 2124 XG762_VS (be701d39fb0543083ddf74227638bcf3) C:\Windows\system32\DRIVERS\WlanGZG.sys
2011/08/10 12:58:47.0431 2124 yukonwlh (0d49136416fa862049e5c80dcdf6115d) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/08/10 12:58:47.0494 2124 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/10 12:58:47.0993 2124 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/08/10 12:58:48.0118 2124 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
2011/08/10 12:58:48.0149 2124 Boot (0x1200) (cc96e5d666a72c5f1f2ed76c129d341b) \Device\Harddisk0\DR0\Partition0
2011/08/10 12:58:48.0165 2124 Boot (0x1200) (8f868f543b320890cf0fb94d391f4d05) \Device\Harddisk1\DR1\Partition0
2011/08/10 12:58:48.0180 2124 Boot (0x1200) (4c8a37d74693b8c281e497405e7b348c) \Device\Harddisk2\DR2\Partition0
2011/08/10 12:58:48.0180 2124 ================================================================================
2011/08/10 12:58:48.0180 2124 Scan finished
2011/08/10 12:58:48.0180 2124 ================================================================================
2011/08/10 12:58:48.0196 2584 Detected object count: 0
2011/08/10 12:58:48.0196 2584 Actual detected object count: 0
2011/08/10 12:59:33.0713 3152 Deinitialize success
Raviola
Active Member
 
Posts: 7
Joined: August 8th, 2011, 9:29 am

Re: Computer crashes, suspecting malware.

Unread postby askey127 » August 10th, 2011, 7:52 am

Raviola,
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer crashes, suspecting malware.

Unread postby Raviola » August 10th, 2011, 8:42 am

askey127, here are the logs:

OTL logfile created on: 10.08.2011 14:36:36 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Magnus Kristus\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 65,86% Memory free
4,23 Gb Paging File | 3,11 Gb Available in Paging File | 73,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 269,07 Gb Free Space | 57,77% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 36,94 Gb Free Space | 3,97% Space Free | Partition Type: NTFS
Drive G: | 335,27 Gb Total Space | 21,91 Gb Free Space | 6,54% Space Free | Partition Type: FAT32

Computer Name: MAGNUS-PC | User Name: Magnus Kristus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.10 14:34:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Magnus Kristus\Desktop\OTL.exe
PRC - [2011.05.25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Programfiler\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Programfiler\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.05.20 08:34:15 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgtray.exe
PRC - [2011.05.19 22:21:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgwdsvc.exe
PRC - [2011.05.19 22:21:02 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgcsrvx.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.10.09 16:56:37 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgnsx.exe
PRC - [2010.07.27 01:15:21 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgchsvx.exe
PRC - [2010.07.27 01:15:19 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG9\avgrsx.exe
PRC - [2010.06.07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programfiler\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.04.16 22:12:56 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.06.18 10:04:36 | 000,772,096 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programfiler\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 15:18:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Sidebar\sidebar.exe
PRC - [2009.02.23 21:44:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.02.13 14:06:58 | 002,196,240 | ---- | M] () -- C:\Programfiler\Logitech\QuickCam\Quickcam.exe
PRC - [2008.02.13 14:02:46 | 000,564,496 | ---- | M] () -- C:\Programfiler\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008.02.13 14:02:24 | 000,405,776 | ---- | M] (Logitech Inc.) -- C:\Programfiler\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008.02.05 19:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Programfiler\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.02.05 19:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programfiler\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008.01.25 15:32:56 | 000,689,416 | ---- | M] (Logitech, Inc.) -- C:\Programfiler\Logitech\QuickCam\LU\LogitechUpdate.exe
PRC - [2008.01.25 15:32:48 | 000,191,240 | ---- | M] (Logitech, Inc.) -- c:\Programfiler\Logitech\QuickCam\LU\LULnchr.exe


========== Modules (SafeList) ==========

MOD - [2011.08.10 14:34:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Magnus Kristus\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.07.27 01:16:08 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008.02.05 19:20:30 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.05.25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.05.19 22:21:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.06.07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programfiler\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.02.23 21:44:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.02.05 19:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programfiler\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008.02.05 19:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.02.05 19:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programfiler\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011.05.20 08:34:14 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.08.23 14:48:23 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.07.27 01:16:02 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.07.27 01:16:00 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.06.08 01:57:00 | 010,888,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.01.20 08:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.02.06 04:21:37 | 004,658,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008.02.06 04:21:25 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.02.06 04:20:40 | 000,628,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.02.05 19:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.02.05 19:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007.08.21 10:00:22 | 000,873,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WlanGZG.sys -- (XG762_VS)
DRV - [2006.11.02 09:30:55 | 000,253,952 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2613776380-1590215677-2650540874-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2613776380-1590215677-2650540874-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Magnus Kristus\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Magnus Kristus\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.27 00:50:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.05.20 00:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Magnus Kristus\AppData\Roaming\mozilla\Extensions
[2011.06.10 12:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programfiler\Mozilla Firefox\extensions
[2011.06.10 12:37:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.06.10 12:37:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.05.14 12:21:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.06.27 00:50:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,218 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bok-NO.xml
[2010.01.01 10:00:00 | 000,000,968 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\qxl-NO.xml
[2010.01.01 10:00:00 | 000,001,203 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonkatalogen-NO.xml
[2010.01.01 10:00:00 | 000,001,176 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-NO.xml
[2010.01.01 10:00:00 | 000,001,192 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-NO.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Påloggingshjelp for Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2613776380-1590215677-2650540874-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programfiler\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Programfiler\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2613776380-1590215677-2650540874-1003..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programfiler\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.75.75.75 193.75.75.193
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programfiler\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programfiler\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Magnus Kristus\AppData\Roaming\Microsoft\Windows Photo Gallery\Bakgrunn for Windows Fotogalleri.jpg
O24 - Desktop BackupWallPaper: C:\Users\Magnus Kristus\AppData\Roaming\Microsoft\Windows Photo Gallery\Bakgrunn for Windows Fotogalleri.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.01 00:50:52 | 000,206,168 | ---- | M] () - F:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010.10.01 00:50:52 | 000,247,388 | ---- | M] () - F:\AUTO.pst -- [ NTFS ]
O33 - MountPoints2\{3fc82673-8348-11e0-b473-000129a6630a}\Shell - "" = AutoRun
O33 - MountPoints2\{3fc82673-8348-11e0-b473-000129a6630a}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{3fc82682-8348-11e0-b473-000129a6630a}\Shell - "" = AutoRun
O33 - MountPoints2\{3fc82682-8348-11e0-b473-000129a6630a}\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\{3fc82684-8348-11e0-b473-000129a6630a}\Shell - "" = AutoRun
O33 - MountPoints2\{3fc82684-8348-11e0-b473-000129a6630a}\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\{41e24964-9815-11df-b478-000129a6630a}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- [2008.01.21 03:23:32 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{4cdfd0d7-a3f4-11df-9d7b-000129a6630a}\Shell\AutoRun\command - "" = .\Docs\print.exe
O33 - MountPoints2\{4cdfd0d7-a3f4-11df-9d7b-000129a6630a}\Shell\explore\command - "" = .\\\\Docs/print.exe
O33 - MountPoints2\{4cdfd0d7-a3f4-11df-9d7b-000129a6630a}\Shell\open\command - "" = Docs////print.exe
O33 - MountPoints2\{4e456222-b76c-11df-a6fe-000129a6630a}\Shell\AutoRun\command - "" = .\Docs\print.exe
O33 - MountPoints2\{4e456222-b76c-11df-a6fe-000129a6630a}\Shell\explore\command - "" = .\\\\Docs/print.exe
O33 - MountPoints2\{4e456222-b76c-11df-a6fe-000129a6630a}\Shell\open\command - "" = Docs////print.exe
O33 - MountPoints2\{67c0fdbc-af5d-11df-8c8e-000129a6630a}\Shell - "" = AutoRun
O33 - MountPoints2\{67c0fdbc-af5d-11df-8c8e-000129a6630a}\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\{67c0fdbe-af5d-11df-8c8e-000129a6630a}\Shell - "" = AutoRun
O33 - MountPoints2\{67c0fdbe-af5d-11df-8c8e-000129a6630a}\Shell\AutoRun\command - "" = K:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{67c0fdbe-af5d-11df-8c8e-000129a6630a}\Shell\dinstall\command - "" = K:\Directx\dxsetup.exe
O33 - MountPoints2\{b534841d-a235-11df-b648-00184d779074}\Shell - "" = AutoRun
O33 - MountPoints2\{b534841d-a235-11df-b648-00184d779074}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{d698ace4-aeb4-11df-93d9-000129a6630a}\Shell - "" = AutoRun
O33 - MountPoints2\{d698ace4-aeb4-11df-93d9-000129a6630a}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.10 14:34:48 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Magnus Kristus\Desktop\OTL.exe
[2011.08.10 12:56:15 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Magnus Kristus\Desktop\tdsskiller.exe
[2011.08.10 00:09:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.09 22:53:08 | 000,000,000 | ---D | C] -- C:\Users\Magnus Kristus\riotsGamesLogs
[2011.08.08 16:45:55 | 000,000,000 | ---D | C] -- C:\Downloads
[2011.08.08 14:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.08.08 14:45:08 | 000,000,000 | ---D | C] -- C:\Users\Magnus Kristus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.08.08 00:36:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.07.21 23:21:35 | 000,000,000 | ---D | C] -- C:\Users\Magnus Kristus\.dvdcss
[2011.07.21 23:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2011.07.21 23:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2011.07.21 23:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server
[2011.07.21 22:13:49 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.07.21 19:13:23 | 000,000,000 | ---D | C] -- C:\Windows\G2Runner
[2011.07.13 16:41:46 | 000,000,000 | ---D | C] -- C:\153a166c9ca98abae606fab50567
[2011.07.13 09:45:12 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.13 09:45:09 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 09:45:09 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.07.11 15:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2011.07.11 15:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2011.07.11 15:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Origins
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.10 14:37:00 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2613776380-1590215677-2650540874-1003UA.job
[2011.08.10 14:34:23 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Magnus Kristus\Desktop\OTL.exe
[2011.08.10 12:56:18 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Magnus Kristus\Desktop\tdsskiller.exe
[2011.08.10 12:54:39 | 000,285,969 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.10 12:54:39 | 000,285,969 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.10 12:54:19 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.10 12:54:19 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.10 12:54:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.10 12:54:14 | 2145,574,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.10 12:52:11 | 000,000,176 | ---- | M] () -- C:\Users\Magnus Kristus\defogger_reenable
[2011.08.10 02:38:20 | 000,002,087 | ---- | M] () -- C:\Users\Magnus Kristus\Desktop\Google Chrome.lnk
[2011.08.10 02:37:00 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2613776380-1590215677-2650540874-1003Core.job
[2011.08.10 00:09:56 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.08.10 00:06:50 | 083,441,107 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011.08.08 14:45:08 | 000,001,966 | ---- | M] () -- C:\Users\Magnus Kristus\Desktop\HiJackThis.lnk
[2011.08.08 00:35:57 | 133,417,192 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.08 00:09:36 | 000,678,258 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.08 00:09:36 | 000,542,730 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2011.08.08 00:09:36 | 000,135,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.08 00:09:36 | 000,113,572 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2011.08.04 22:52:17 | 000,161,792 | ---- | M] () -- C:\Users\Magnus Kristus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.21 23:17:56 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2011.07.21 22:13:49 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.07.17 18:37:29 | 000,001,356 | ---- | M] () -- C:\Users\Magnus Kristus\AppData\Local\d3d9caps.dat
[2011.07.13 18:43:58 | 000,399,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.10 12:51:45 | 000,000,176 | ---- | C] () -- C:\Users\Magnus Kristus\defogger_reenable
[2011.08.08 14:45:08 | 000,001,966 | ---- | C] () -- C:\Users\Magnus Kristus\Desktop\HiJackThis.lnk
[2011.08.08 00:35:57 | 133,417,192 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.07.21 23:17:56 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2011.05.20 03:12:40 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.01.04 06:40:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.08.25 13:11:02 | 000,000,277 | ---- | C] () -- C:\Users\Magnus Kristus\AppData\Roaming\Gangsters2Setup.lnk
[2010.08.23 14:57:51 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2010.08.23 14:54:51 | 000,000,452 | ---- | C] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2010.07.27 02:27:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.25 17:15:01 | 000,001,356 | ---- | C] () -- C:\Users\Magnus Kristus\AppData\Local\d3d9caps.dat
[2010.07.22 17:55:44 | 000,161,792 | ---- | C] () -- C:\Users\Magnus Kristus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.16 09:31:35 | 000,285,969 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.07.16 09:31:34 | 000,285,969 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.07.16 08:12:51 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.04.12 23:38:07 | 000,542,730 | ---- | C] () -- C:\Windows\System32\perfh014.dat
[2009.04.12 23:38:07 | 000,294,254 | ---- | C] () -- C:\Windows\System32\perfi014.dat
[2009.04.12 23:38:07 | 000,113,572 | ---- | C] () -- C:\Windows\System32\perfc014.dat
[2009.04.12 23:38:07 | 000,035,166 | ---- | C] () -- C:\Windows\System32\perfd014.dat
[2009.04.11 15:18:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.11 15:18:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.11 15:18:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.02.05 19:20:08 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,399,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,678,258 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,135,698 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010.08.23 14:51:52 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\DAEMON Tools
[2010.08.23 14:52:21 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\DAEMON Tools Lite
[2010.08.23 14:51:52 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\DAEMON Tools Pro
[2011.01.04 06:41:09 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\Leadertech
[2010.12.06 08:38:36 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\Lionhead Studios
[2010.07.27 14:59:01 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\LolClient
[2011.06.15 21:08:32 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\Mael
[2011.01.22 18:11:00 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\Mount&Blade
[2011.05.21 20:24:11 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\Mount&Blade With Fire and Sword
[2010.12.12 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\My Battle for Middle-earth Files
[2010.08.03 16:23:32 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\Scrabble Plus
[2010.08.27 21:39:31 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\Soldat
[2010.12.08 04:08:43 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\Sports Interactive
[2011.08.06 07:23:41 | 000,000,000 | ---D | M] -- C:\Users\Magnus Kristus\AppData\Roaming\Spotify
[2011.08.10 12:52:56 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Raviola
Active Member
 
Posts: 7
Joined: August 8th, 2011, 9:29 am

Re: Computer crashes, suspecting malware.

Unread postby Raviola » August 10th, 2011, 8:42 am

OTL Extras logfile created on: 10.08.2011 14:36:36 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Magnus Kristus\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 65,86% Memory free
4,23 Gb Paging File | 3,11 Gb Available in Paging File | 73,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 269,07 Gb Free Space | 57,77% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 36,94 Gb Free Space | 3,97% Space Free | Partition Type: NTFS
Drive G: | 335,27 Gb Total Space | 21,91 Gb Free Space | 6,54% Space Free | Partition Type: FAT32

Computer Name: MAGNUS-PC | User Name: Magnus Kristus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2613776380-1590215677-2650540874-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EB0CC5-04A4-4D22-95F0-B99B07370278}" = lport=6996 | protocol=17 | dir=in | name=league of legends launcher |
"{0AE68283-A22F-4C4B-B05B-CEE0BD64BC04}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher |
"{0C9427F3-653D-40B6-B3DD-E1118A9E3407}" = lport=6961 | protocol=6 | dir=in | name=league of legends launcher |
"{0D518B5D-D9A3-46D7-B590-C7751BFA0514}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{1256A9CC-C348-484F-A825-32DD4D6AA814}" = lport=6954 | protocol=17 | dir=in | name=league of legends launcher |
"{17B84119-8320-43C3-94A9-C809117E5D5C}" = lport=6905 | protocol=17 | dir=in | name=league of legends launcher |
"{19386DCF-AB47-411B-905D-EF80AAEAE1CC}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher |
"{1ACFD3C7-F7E2-422E-BA6F-334A8FA4F9CF}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{1E3BA0C0-E2E8-44AA-B844-5F107C4296EB}" = lport=137 | protocol=17 | dir=in | app=system |
"{27365922-D546-4298-92C9-29C719451ED8}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{2BF542B2-643C-4879-B855-DB138DA23AA3}" = lport=6900 | protocol=17 | dir=in | name=league of legends launcher |
"{3DD1C77E-2B83-494F-8FC9-0D0EF344F01F}" = rport=139 | protocol=6 | dir=out | app=system |
"{3EA673D2-C44C-4112-AA6B-A914B63D6F79}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B0BB55E-F07B-4A6D-AC4B-D9284C724546}" = lport=6913 | protocol=6 | dir=in | name=league of legends launcher |
"{55926E80-8BC6-493C-A9FA-A9116CAF419E}" = lport=6905 | protocol=6 | dir=in | name=league of legends launcher |
"{56BB38F6-C620-4235-8266-BE679F55EA81}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher |
"{570EF809-3BF2-451F-A895-CF7BEDF3679B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5E4557F9-7FAD-4E1C-9DA6-4334B74035C1}" = lport=6913 | protocol=17 | dir=in | name=league of legends launcher |
"{667DD781-09D1-4266-9DD9-5F96AE748700}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{700F8CCE-D058-402E-A3A8-4CE5351CBCB0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{72042763-6755-4C89-8899-8175F559F392}" = lport=6900 | protocol=6 | dir=in | name=league of legends launcher |
"{75F6E69E-AFAD-496B-87FF-17F15E4795BD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B3BA9F2-11FC-4701-8561-1D7E3940ADAA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7C904F7A-5862-4852-BF4F-DF87D6DF65F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B999FE8-5FF6-4371-9AB6-97580C841BE2}" = lport=6991 | protocol=6 | dir=in | name=league of legends launcher |
"{8DFE0107-BF8C-490B-B620-90A75B9DFEE3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9434A01E-EB3E-42DB-BC85-FFA88B45D721}" = lport=139 | protocol=6 | dir=in | app=system |
"{9B8EBD7A-00B7-4073-ACC2-0A586522CECA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{9BB5AF9E-54DE-4021-AB7E-9E9259B18597}" = rport=445 | protocol=6 | dir=out | app=system |
"{9CAA048D-199F-4282-B38A-99D877E4FA92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A3475619-2F60-4EBE-BB40-51B7D66D59EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{AD9A4887-67DE-431C-BA7A-A33CBAD00724}" = lport=6954 | protocol=6 | dir=in | name=league of legends launcher |
"{B3BB09BC-8E0D-47A3-AA3F-B391A8941287}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher |
"{C868F591-FDAF-4B9D-99E2-338CF29DF89B}" = lport=6991 | protocol=17 | dir=in | name=league of legends launcher |
"{CC7AC209-724B-4C1B-A21B-43197BF0B395}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFCD4DE4-0D83-4D8C-9B09-5F998BD4C868}" = rport=138 | protocol=17 | dir=out | app=system |
"{D63A45E5-C48B-48A1-9F2B-562E41C21A4F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E9840740-F465-49DB-BBEC-FF28921D5A13}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{EB7DF93D-0215-4E39-AF8B-22B216FCA8C7}" = lport=6992 | protocol=17 | dir=in | name=league of legends launcher |
"{F0624A6C-D34D-4734-8BD9-B9AC1DD69CC7}" = lport=6996 | protocol=6 | dir=in | name=league of legends launcher |
"{F38F617B-1B6B-484D-9A44-C49EB668D126}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F60AB815-2BA4-4CF5-8CBD-93659478955D}" = lport=6992 | protocol=6 | dir=in | name=league of legends launcher |
"{F6738FBC-B063-4CD5-8C67-5016A0844939}" = lport=6961 | protocol=17 | dir=in | name=league of legends launcher |
"{F6ABE25A-6FF0-43E3-AE1D-BD9FBB65232D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA452AEB-7AFF-4FD8-9689-EB1330E44C0B}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008CB6B8-AF00-482C-893C-2A08551E0842}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{03951A5C-011E-46AE-B9D8-F39CF167F1C4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{03C8794B-FA10-4EE3-A0F5-490B97AA3792}" = protocol=6 | dir=in | app=c:\program files\sibelius software\sibelius 6\regtool.exe |
"{05ECD4C0-5710-4D51-8129-92214A9CA288}" = protocol=6 | dir=in | app=f:\games\neverwinter nights 2\nwn 2\nwn2main_amdxp.exe |
"{0EFA1B70-9AA0-47AF-A1C8-5D322FC0B320}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0F0182A5-A56E-4616-BA4D-B1D6AC95F81B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{14195D27-1803-4742-9704-26729395B9C1}" = protocol=6 | dir=in | app=f:\games\civ iv\civilization4.exe |
"{14CF5591-F0BE-4710-BF8C-F6449D71A583}" = protocol=6 | dir=in | app=f:\games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{1B2140CB-6CCC-4C00-A1C8-7501A27CCD38}" = protocol=6 | dir=in | app=f:\games\civ iv\warlords\civ4warlords.exe |
"{204505D6-BFE3-41E2-8D34-19B199F2BC36}" = protocol=6 | dir=in | app=f:\games\civ iv\warlords\civ4warlords_pitboss.exe |
"{21AF6B84-48E6-4932-B6D8-7E00D514A9D7}" = protocol=17 | dir=in | app=c:\games\dragon age 2\bin_ship\dragonage2.exe |
"{2400482F-7DE8-46F3-92EF-69E18F88820F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{26EAFC8B-C71D-4C6B-941F-BDAA7D7C24B6}" = protocol=17 | dir=in | app=f:\games\civ iv\warlords\civ4warlords.exe |
"{27C3248B-CBD7-4804-9BA1-CCAA8C0B1FA9}" = protocol=6 | dir=in | app=f:\games\neverwinter nights 2\nwn 2\nwn2main.exe |
"{2D4F1B1F-03B7-4C94-AEE1-DC35C410700E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2DADDED3-ADCC-4221-9E13-845B7F732D4B}" = protocol=6 | dir=in | app=c:\games\dragon age 2\dragonage2launcher.exe |
"{347C6997-C0F5-434F-9E5E-BE2CC3BD96C3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{38A5DD13-5113-4E7B-A4D0-16A14C52B278}" = protocol=17 | dir=in | app=c:\games\lol\league of legends\game\league of legends.exe |
"{3C4FF5AC-D8F2-44EB-84E4-4D07202525DD}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{429A8E1C-C75B-4443-AACE-BAC07C28E8E9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{44C3303A-7077-4FE4-926C-C9D26234ADCA}" = protocol=6 | dir=in | app=c:\games\lol\league of legends\air\lolclient.exe |
"{54545B25-F7B2-489E-9698-1A83D32D69FE}" = protocol=17 | dir=in | app=f:\games\civ iv\warlords\civ4warlords_pitboss.exe |
"{5EB3AD1B-4634-4246-870A-89F807E4AA84}" = protocol=17 | dir=in | app=f:\games\neverwinter nights 2\nwn 2\nwn2server.exe |
"{65695A28-34F0-4140-A45E-2EB9E2107806}" = protocol=6 | dir=in | app=c:\program files\sibelius software\sibelius 6\sibelius.exe |
"{66A9C2B5-7233-441D-8E59-A4EBF5FD8570}" = protocol=6 | dir=in | app=f:\games\neverwinter nights 2\nwn 2\nwupdate.exe |
"{6871A409-4C2D-4272-B40B-8239F4C12B94}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{757AE50D-5C22-49E4-83FF-0EE581085C44}" = protocol=17 | dir=in | app=c:\program files\sibelius software\sibelius 6\sibelius.exe |
"{7667E0C2-8CD7-4B09-8FC7-D58FC4E1D977}" = protocol=6 | dir=in | app=c:\games\lol\league of legends\game\league of legends.exe |
"{7FC80183-197A-4D81-AA68-6FC9ACAF2565}" = protocol=6 | dir=in | app=f:\games\football manager 2008\fm.exe |
"{81F19CB4-E658-4D54-9804-BDEA7ECA581F}" = protocol=17 | dir=in | app=f:\games\neverwinter nights 2\nwn 2\nwupdate.exe |
"{841F9256-AB26-4E9A-BE98-38C022A714F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BBBAB89-3C0C-4357-9CEA-2F5B6EFA3409}" = protocol=17 | dir=in | app=c:\program files\sibelius software\sibelius 6\regtool.exe |
"{8C1F4BED-783C-45BA-B6B3-E2CD270BD39D}" = protocol=6 | dir=in | app=f:\games\neverwinter nights 2\nwn 2\nwn2server.exe |
"{927A9EC4-E8D0-4196-ABEE-770D6EC38637}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{95CEF4C8-7B11-4088-B627-AF8611291CEA}" = protocol=6 | dir=in | app=f:\games\civ iv\beyond the sword\civ4beyondsword_pitboss.exe |
"{A228AA12-4D63-4510-931F-2DD90C63F5A9}" = protocol=17 | dir=in | app=f:\games\fm 2011\fm.exe |
"{A3C8C253-B5BD-49C4-B7B3-C37E693B32E1}" = protocol=17 | dir=in | app=f:\games\football manager 2008\fm.exe |
"{A4B73584-2DFD-4913-9D85-1FB07501781F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AF57F550-1019-4FF2-9C98-B4CB807859B0}" = protocol=17 | dir=in | app=c:\games\dragon age 2\dragonage2launcher.exe |
"{B4895796-97C3-4688-900E-0BAE2C7BFE11}" = protocol=6 | dir=in | app=f:\games\gta iv\rockstar games social club\rgsclauncher.exe |
"{B724A6E9-2342-473F-B4F0-5669EA8009AB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF5409BC-821C-4518-A377-7500748B2F7B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C18806FE-B452-487C-89CD-60A78E5F0782}" = protocol=17 | dir=in | app=f:\games\neverwinter nights 2\nwn 2\nwn2main_amdxp.exe |
"{C5C743EA-EABC-474B-9B1A-BBB760F0299C}" = protocol=17 | dir=in | app=f:\games\neverwinter nights 2\nwn 2\nwn2main.exe |
"{C674A8DB-FADC-48DD-9F03-6D39394AD6F8}" = protocol=17 | dir=in | app=f:\games\civ iv\beyond the sword\civ4beyondsword_pitboss.exe |
"{C6F5A7DB-AC4C-4B34-9BBB-28E224CCE5CA}" = protocol=6 | dir=in | app=f:\games\fm 2011\fm.exe |
"{D2F0D63F-F44C-4065-9523-23B1C9AAB1CE}" = protocol=17 | dir=in | app=f:\games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{DCAA5E6B-7A77-492E-B79D-C1079D08251C}" = protocol=6 | dir=in | app=c:\games\dragon age 2\bin_ship\dragonage2.exe |
"{EFE57766-5383-4AD7-9CC4-A27736981914}" = protocol=17 | dir=in | app=c:\games\lol\league of legends\air\lolclient.exe |
"{F343D350-4C92-4CBA-8EB2-7A4B20E5974B}" = protocol=17 | dir=in | app=f:\games\gta iv\rockstar games social club\rgsclauncher.exe |
"{F7844CF5-65B9-4266-B18D-068CB6D61F9B}" = protocol=17 | dir=in | app=f:\games\civ iv\civilization4.exe |
"TCP Query User{0BB8A64D-E66A-4DDE-9F79-9BF43657C34C}F:\games\gangsters 2\gangsters2.exe" = protocol=6 | dir=in | app=f:\games\gangsters 2\gangsters2.exe |
"TCP Query User{155BB8BD-94B9-4208-A4AF-A8538D105327}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{5627605C-E5BB-4BAC-B260-566D2B8D1CA1}F:\games\the settlers - rise of an empire\the settlers - rise of an empire\extra1\bin\settlers6.exe" = protocol=6 | dir=in | app=f:\games\the settlers - rise of an empire\the settlers - rise of an empire\extra1\bin\settlers6.exe |
"TCP Query User{71B09FE1-A44A-4D9F-8667-4942CF429CFF}F:\games\civ v\civilizationv.exe" = protocol=6 | dir=in | app=f:\games\civ v\civilizationv.exe |
"TCP Query User{7E2ECB42-8733-4AF4-A05B-FF9089F214EE}F:\games\civ iv\beyond the sword\civ4beyondsword.exe" = protocol=6 | dir=in | app=f:\games\civ iv\beyond the sword\civ4beyondsword.exe |
"TCP Query User{918B3182-7FBD-40D9-AE53-571F46CC75BC}H:\games\soldat\soldat.exe" = protocol=6 | dir=in | app=h:\games\soldat\soldat.exe |
"TCP Query User{9CE99DC0-AF85-4FD7-970B-F68AB0B1C59F}F:\games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=f:\games\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{B36C711D-DE2E-4BFA-A430-73B76A0F8A03}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{D0A1224F-715F-4AD1-8AF5-F3F88F345C07}F:\games\age of empires 2 & the conquerors expansion\age2_x1.exe" = protocol=6 | dir=in | app=f:\games\age of empires 2 & the conquerors expansion\age2_x1.exe |
"TCP Query User{DCDA7315-8CEC-4BE3-87F6-8E3876F8258D}F:\games\urban terror\iourbanterror.exe" = protocol=6 | dir=in | app=f:\games\urban terror\iourbanterror.exe |
"TCP Query User{F2A259B7-6CA7-406B-870C-9BD9A87C5537}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{009100BC-6E14-45D9-AA89-E86E70C6EC79}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{25512234-FE90-4F2C-8CAE-71B1106F90D6}F:\games\the settlers - rise of an empire\the settlers - rise of an empire\extra1\bin\settlers6.exe" = protocol=17 | dir=in | app=f:\games\the settlers - rise of an empire\the settlers - rise of an empire\extra1\bin\settlers6.exe |
"UDP Query User{28F12111-409A-4355-B27E-6B8192D99F2D}F:\games\gangsters 2\gangsters2.exe" = protocol=17 | dir=in | app=f:\games\gangsters 2\gangsters2.exe |
"UDP Query User{328CBB30-5B1D-4B92-A48D-578FA408D886}F:\games\age of empires 2 & the conquerors expansion\age2_x1.exe" = protocol=17 | dir=in | app=f:\games\age of empires 2 & the conquerors expansion\age2_x1.exe |
"UDP Query User{3DE45845-B694-4BE3-904E-64DA628A0B50}H:\games\soldat\soldat.exe" = protocol=17 | dir=in | app=h:\games\soldat\soldat.exe |
"UDP Query User{539C8C17-5C6C-4343-8174-4E4D49AEE4AB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{5A05E946-FFE7-444A-8B65-008F35E4FECF}F:\games\civ iv\beyond the sword\civ4beyondsword.exe" = protocol=17 | dir=in | app=f:\games\civ iv\beyond the sword\civ4beyondsword.exe |
"UDP Query User{5A7DB6C7-F29E-4FF8-90CE-22432290C829}F:\games\civ v\civilizationv.exe" = protocol=17 | dir=in | app=f:\games\civ v\civilizationv.exe |
"UDP Query User{5F3CE98D-F583-4ED9-98A5-FA278440B9AA}F:\games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=f:\games\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{9B194AB2-D3EE-4888-985A-90BF1361588B}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{E3E446CA-3750-4BF7-A4E1-1EB7D40834B8}F:\games\urban terror\iourbanterror.exe" = protocol=17 | dir=in | app=f:\games\urban terror\iourbanterror.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{06B0DE07-29D6-43B8-B055-147351E606DA}" = Windows Live Fotogalleri
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Påloggingsassistent for Windows Live ID
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Opplastingsverktøy for Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2ADD2892-255C-34C2-AE90-5EF603273DFF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nor
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{833F7665-8668-483F-8B08-870E2486D0B7}" = Windows Live Movie Maker
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89D05DB6-9AC1-4EA2-89FD-859DBA14FEA4}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD5B620-AA88-11D4-AEC7-0008C739EC2A}" = Gangsters 2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40414-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Webkomponenter
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A3499A41-41EA-3567-977C-29E9E226A360}" = Microsoft .NET Framework 4 Client Profile NOR Language Pack
"{a86e0e5c-b53c-4682-918d-968772906072}" = Business Contact Manager for Outlook 2007 SP2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1044-7B44-A94000000001}" = Adobe Reader 9.4.5 - Norsk
"{AFD36BF1-DA28-4702-A83F-C49D03199A0F}" = Broadcom 802.11n Network Adapter
"{B15224AE-0FB0-4861-ABF2-990AC5E78681}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9E3F4DD-2B33-4E5E-BCD3-7F08F6296E18}" = Windows Live Mail
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.50.52
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F970183F-18BA-456A-A6E7-72F3E3717727}" = Windows Live Essentials
"17FB91581FC3BD94F553ED713D5AEEABD66E4579" = Windows Driver Package - Realtek (RTL8169) Net (07/29/2008 6.208.0729.2008)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)
"627E7231B440E6A66BBC4ABC9BB04D45A89D63EE" = Windows Driver Package - Intel System (02/02/2009 9.1.0.1012)
"636C06F6D53B9AD8179F6203C01753D8EC9E8D49" = Windows Driver Package - Intel (E1G60) Net (09/23/2008 8.3.15.0)
"683B6B1E506B7582796F4DF92B373850AF65001E" = Windows Driver Package - Realtek (RTL8169) Net (01/20/2009 6.216.0120.2009)
"7A975CADB61C6AB8385AC0A2A178C7C56BD45CF4" = Windows Driver Package - Intel System (01/21/2009 9.1.0.1013)
"7AE42AD255B64F9417EFD2F7499681C4542F39F1" = Windows Driver Package - Intel (iaStor) hdc (05/07/2008 8.2.0.1001)
"7-Zip" = 7-Zip 4.64
"9B23F25112A66DE4675749EEED7DDF23218A0010" = Windows Driver Package - Marvell (yukonwlh) Net (10/21/2009 11.22.4.3)
"A5AD07CE6F48B3A48BFE5C5C72BDC5775E612823" = Windows Driver Package - Marvell (yukonwlh) Net (04/26/2010 11.25.3.3)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArcaniA" = ArcaniA - Gothic 4
"AVG9Uninstall" = AVG Free 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"C19DE4F917FE376F4771839E952AEFD137FCB768" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/08/2010 6.0.1.6132)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Deus Ex" = Deus Ex
"E799AC83F63D791C3822F9E188221CD6F2B5C70D" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/08/2010 6.0.1.6132)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
"Elasto Mania" = Elasto Mania
"F07FDF9D6C619BD893206A7241CDD497066D31F9" = Windows Driver Package - Intel USB (02/25/2008 9.0.0.1005)
"FM Genie Scout 11_is1" = FM Genie Scout 11 version 1.00
"Football Manager 2008" = Football Manager 2008
"Football Manager 2011" = Football Manager 2011
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"InstallShield_{70014586-7BBA-4A92-A610-CDC896C48F8F}" = NETGEAR WG311v3 PCI Adapter
"LogMeIn Hamachi" = LogMeIn Hamachi
"lvdrivers_11.70" = Logitech QuickCam driverpakke
"Microsoft .NET Framework 3.5 Language Pack SP1 - nor" = Språkpakke for Microsoft .NET Framework 3.5 SP1 - NOR
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NOR Language Pack" = Microsoft .NET Framework 4 Client Profile NOR Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 5.0 (x86 nb-NO)" = Mozilla Firefox 5.0 (x86 nb-NO)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PS3 Media Server" = PS3 Media Server
"Spotify" = Spotify
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WORD" = Microsoft Office Word 2007
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2613776380-1590215677-2650540874-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra WebStart" = GeoGebra WebStart
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21.05.2011 14:06:34 | Computer Name = Magnus-pc | Source = Application Hang | ID = 1002
Description = Programmet Explorer.EXE versjon 6.0.6002.18005 sluttet å samhandle
med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig
om problemet, ser du i problemhistorikken i kontrollpanelet for Problemrapportering
og -løsninger. Prosess-ID: 7d8 Starttidspunkt: 01cc17adbc4c9b76 Avslutningstidspunkt:
28

Error - 21.05.2011 14:09:26 | Computer Name = Magnus-pc | Source = Application Hang | ID = 1002
Description = Programmet explorer.exe versjon 6.0.6002.18005 sluttet å samhandle
med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig
om problemet, ser du i problemhistorikken i kontrollpanelet for Problemrapportering
og -løsninger. Prosess-ID: 1818 Starttidspunkt: 01cc17e1d1eb96f6 Avslutningstidspunkt:
29

Error - 21.05.2011 14:40:02 | Computer Name = Magnus-pc | Source = Application Error | ID = 1000
Description = Program med feil mb_wfas.exe, versjon 1.0.0.0, tidsangivelse 0x4dbe6173,
modul med feil nvd3dum.dll, versjon 8.17.12.5721, tidsangivelse 0x4c0d6f2f, unntakskode
0xc0000005, feilforskyvning 0x003295af, prosess-ID 0x1c3c, starttid for program
0x01cc17e3f3cfaac6.

Error - 21.05.2011 14:41:24 | Computer Name = Magnus-pc | Source = Application Hang | ID = 1002
Description = Programmet firefox.exe versjon 2.0.1.4120 sluttet å samhandle med
Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig
om problemet, ser du i problemhistorikken i kontrollpanelet for Problemrapportering
og -løsninger. Prosess-ID: 1098 Starttidspunkt: 01cc17d28fa1abe6 Avslutningstidspunkt:
708

Error - 22.05.2011 10:38:26 | Computer Name = Magnus-pc | Source = Application Error | ID = 1000
Description = Program med feil javaw.exe, versjon 6.0.200.2, tidsangivelse 0x4bc398b3,
modul med feil java.dll, versjon 6.0.200.2, tidsangivelse 0x4bc3c8dc, unntakskode
0xc0000005, feilforskyvning 0x00005875, prosess-ID 0x2c98, starttid for program
0x01cc188de17a034e.

Error - 23.05.2011 03:30:49 | Computer Name = Magnus-pc | Source = VSS | ID = 8194
Description =

Error - 23.05.2011 03:37:23 | Computer Name = Magnus-pc | Source = VSS | ID = 8194
Description =

Error - 23.05.2011 03:42:57 | Computer Name = Magnus-pc | Source = VSS | ID = 8194
Description =

Error - 23.05.2011 03:52:05 | Computer Name = Magnus-pc | Source = VSS | ID = 8194
Description =

Error - 23.05.2011 12:44:43 | Computer Name = Magnus-pc | Source = Application Error | ID = 1000
Description = Program med feil winamp.exe, versjon 5.3.2.1003, tidsangivelse 0x456339e4,
modul med feil ntdll.dll, versjon 6.0.6002.18327, tidsangivelse 0x4cb73436, unntakskode
0xc0000005, feilforskyvning 0x00039550, prosess-ID 0x1868, starttid for program
0x01cc195a926792fe.

[ OSession Events ]
Error - 30.01.2011 17:32:04 | Computer Name = Magnus-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30.01.2011 17:32:22 | Computer Name = Magnus-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30.01.2011 17:33:02 | Computer Name = Magnus-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30.01.2011 17:35:40 | Computer Name = Magnus-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17.05.2011 11:08:53 | Computer Name = Magnus-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05.01.2011 05:27:11 | Computer Name = Magnus-pc | Source = atapi | ID = 262155
Description = Driveren oppdaget en feil på styreren på \Device\Ide\IdePort3.

Error - 05.01.2011 05:27:12 | Computer Name = Magnus-pc | Source = atapi | ID = 262155
Description = Driveren oppdaget en feil på styreren på \Device\Ide\IdePort3.

Error - 05.01.2011 05:27:13 | Computer Name = Magnus-pc | Source = atapi | ID = 262155
Description = Driveren oppdaget en feil på styreren på \Device\Ide\IdePort3.

Error - 05.01.2011 05:27:14 | Computer Name = Magnus-pc | Source = atapi | ID = 262155
Description = Driveren oppdaget en feil på styreren på \Device\Ide\IdePort3.

Error - 05.01.2011 05:27:14 | Computer Name = Magnus-pc | Source = atapi | ID = 262155
Description = Driveren oppdaget en feil på styreren på \Device\Ide\IdePort3.

Error - 05.01.2011 05:27:15 | Computer Name = Magnus-pc | Source = atapi | ID = 262155
Description = Driveren oppdaget en feil på styreren på \Device\Ide\IdePort3.

Error - 05.01.2011 05:27:24 | Computer Name = Magnus-pc | Source = atapi | ID = 262155
Description = Driveren oppdaget en feil på styreren på \Device\Ide\IdePort3.

Error - 05.01.2011 05:27:31 | Computer Name = Magnus-pc | Source = atapi | ID = 262155
Description = Driveren oppdaget en feil på styreren på \Device\Ide\IdePort3.

Error - 05.01.2011 05:27:37 | Computer Name = Magnus-pc | Source = atapi | ID = 262155
Description = Driveren oppdaget en feil på styreren på \Device\Ide\IdePort3.

Error - 05.01.2011 05:27:38 | Computer Name = Magnus-pc | Source = atapi | ID = 262155
Description = Driveren oppdaget en feil på styreren på \Device\Ide\IdePort3.


< End of report >
Raviola
Active Member
 
Posts: 7
Joined: August 8th, 2011, 9:29 am

Re: Computer crashes, suspecting malware.

Unread postby askey127 » August 10th, 2011, 11:16 am

Raviola,
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download in the Free column..
When the next page comes up, click on the Download Now button.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe. (If the download was saved somewhere else, locate it and copy or move it to your desktop).
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
    (You can Decline any Offer for a Trial if you don't want the paid version)
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer crashes, suspecting malware.

Unread postby Raviola » August 10th, 2011, 4:12 pm

Filsystemtypen er NTFS.

Advarsel! F-parameter ikke angitt.
Kj›rer CHKDSK i skrivebeskyttet modus.

CHKDSK bekrefter filer (trinn 1 av 3)...
0 prosent fullf›rt. (0 av 160960 filoppf›ringer behandlet)
0 prosent fullf›rt. (5889 av 160960 filoppf›ringer behandlet)
0 prosent fullf›rt. (12841 av 160960 filoppf›ringer behandlet)
1 prosent fullf›rt. (16096 av 160960 filoppf›ringer behandlet)
1 prosent fullf›rt. (24927 av 160960 filoppf›ringer behandlet)
2 prosent fullf›rt. (32192 av 160960 filoppf›ringer behandlet)
3 prosent fullf›rt. (48288 av 160960 filoppf›ringer behandlet)
4 prosent fullf›rt. (64384 av 160960 filoppf›ringer behandlet)
5 prosent fullf›rt. (80480 av 160960 filoppf›ringer behandlet)
6 prosent fullf›rt. (96576 av 160960 filoppf›ringer behandlet)
7 prosent fullf›rt. (112672 av 160960 filoppf›ringer behandlet)
8 prosent fullf›rt. (128768 av 160960 filoppf›ringer behandlet)
8 prosent fullf›rt. (140161 av 160960 filoppf›ringer behandlet)
9 prosent fullf›rt. (144864 av 160960 filoppf›ringer behandlet)
160960 filoppf›ringer behandlet.

Filkontroll er fullf›rt.
250 store filoppf›ringer behandlet.

0 skadede filoppf›ringer behandlet.

0 EA-oppf›ringer behandlet.

71 reanalyseringsoppf›ringer behandlet.

CHKDSK bekrefter indekser (trinn 2 av 3)...
11 prosent fullf›rt. (3501 av 201862 indeksoppf›ringer behandlet)
12 prosent fullf›rt. (7109 av 201862 indeksoppf›ringer behandlet)
13 prosent fullf›rt. (10717 av 201862 indeksoppf›ringer behandlet)
14 prosent fullf›rt. (14325 av 201862 indeksoppf›ringer behandlet)
15 prosent fullf›rt. (17933 av 201862 indeksoppf›ringer behandlet)
16 prosent fullf›rt. (21541 av 201862 indeksoppf›ringer behandlet)
17 prosent fullf›rt. (25148 av 201862 indeksoppf›ringer behandlet)
18 prosent fullf›rt. (28756 av 201862 indeksoppf›ringer behandlet)
19 prosent fullf›rt. (32364 av 201862 indeksoppf›ringer behandlet)
20 prosent fullf›rt. (35972 av 201862 indeksoppf›ringer behandlet)
21 prosent fullf›rt. (39580 av 201862 indeksoppf›ringer behandlet)
22 prosent fullf›rt. (43188 av 201862 indeksoppf›ringer behandlet)
23 prosent fullf›rt. (46796 av 201862 indeksoppf›ringer behandlet)
24 prosent fullf›rt. (50403 av 201862 indeksoppf›ringer behandlet)
25 prosent fullf›rt. (54011 av 201862 indeksoppf›ringer behandlet)
26 prosent fullf›rt. (57619 av 201862 indeksoppf›ringer behandlet)
27 prosent fullf›rt. (61227 av 201862 indeksoppf›ringer behandlet)
28 prosent fullf›rt. (64835 av 201862 indeksoppf›ringer behandlet)
29 prosent fullf›rt. (68443 av 201862 indeksoppf›ringer behandlet)
30 prosent fullf›rt. (72051 av 201862 indeksoppf›ringer behandlet)
31 prosent fullf›rt. (75658 av 201862 indeksoppf›ringer behandlet)
32 prosent fullf›rt. (79266 av 201862 indeksoppf›ringer behandlet)
33 prosent fullf›rt. (82874 av 201862 indeksoppf›ringer behandlet)
34 prosent fullf›rt. (86482 av 201862 indeksoppf›ringer behandlet)
35 prosent fullf›rt. (90090 av 201862 indeksoppf›ringer behandlet)
36 prosent fullf›rt. (93698 av 201862 indeksoppf›ringer behandlet)
37 prosent fullf›rt. (97305 av 201862 indeksoppf›ringer behandlet)
38 prosent fullf›rt. (100913 av 201862 indeksoppf›ringer behandlet)
39 prosent fullf›rt. (104521 av 201862 indeksoppf›ringer behandlet)
40 prosent fullf›rt. (108129 av 201862 indeksoppf›ringer behandlet)
41 prosent fullf›rt. (111737 av 201862 indeksoppf›ringer behandlet)
42 prosent fullf›rt. (115345 av 201862 indeksoppf›ringer behandlet)
43 prosent fullf›rt. (118953 av 201862 indeksoppf›ringer behandlet)
44 prosent fullf›rt. (122560 av 201862 indeksoppf›ringer behandlet)
45 prosent fullf›rt. (126168 av 201862 indeksoppf›ringer behandlet)
46 prosent fullf›rt. (129776 av 201862 indeksoppf›ringer behandlet)
47 prosent fullf›rt. (133384 av 201862 indeksoppf›ringer behandlet)
48 prosent fullf›rt. (136992 av 201862 indeksoppf›ringer behandlet)
49 prosent fullf›rt. (140600 av 201862 indeksoppf›ringer behandlet)
50 prosent fullf›rt. (144208 av 201862 indeksoppf›ringer behandlet)
51 prosent fullf›rt. (147815 av 201862 indeksoppf›ringer behandlet)
52 prosent fullf›rt. (151423 av 201862 indeksoppf›ringer behandlet)
53 prosent fullf›rt. (155031 av 201862 indeksoppf›ringer behandlet)
54 prosent fullf›rt. (158639 av 201862 indeksoppf›ringer behandlet)
54 prosent fullf›rt. (160973 av 201862 indeksoppf›ringer behandlet)
54 prosent fullf›rt. (161262 av 201862 indeksoppf›ringer behandlet)
54 prosent fullf›rt. (161650 av 201862 indeksoppf›ringer behandlet)
55 prosent fullf›rt. (162247 av 201862 indeksoppf›ringer behandlet)
55 prosent fullf›rt. (162946 av 201862 indeksoppf›ringer behandlet)
55 prosent fullf›rt. (163199 av 201862 indeksoppf›ringer behandlet)
55 prosent fullf›rt. (163366 av 201862 indeksoppf›ringer behandlet)
55 prosent fullf›rt. (163742 av 201862 indeksoppf›ringer behandlet)
55 prosent fullf›rt. (163823 av 201862 indeksoppf›ringer behandlet)
55 prosent fullf›rt. (164040 av 201862 indeksoppf›ringer behandlet)
55 prosent fullf›rt. (164311 av 201862 indeksoppf›ringer behandlet)
55 prosent fullf›rt. (164317 av 201862 indeksoppf›ringer behandlet)
55 prosent fullf›rt. (165137 av 201862 indeksoppf›ringer behandlet)
55 prosent fullf›rt. (165533 av 201862 indeksoppf›ringer behandlet)
56 proIndekskontroll er fullf›rt.
0 ikke-indekserte filer behandlet.

CHKDSK bekrefter sikkerhetsbeskriveren (trinn 3 av 3)...
65 prosent fullf›rt. (0 av 160960 beskrivelser behandlet)
66 prosent fullf›rt. (213 av 160960 beskrivelser behandlet)
67 prosent fullf›rt. (11036 av 160960 beskrivelser behandlet)
68 prosent fullf›rt. (21860 av 160960 beskrivelser behandlet)
69 prosent fullf›rt. (32683 av 160960 beskrivelser behandlet)
70 prosent fullf›rt. (43507 av 160960 beskrivelser behandlet)
71 prosent fullf›rt. (54330 av 160960 beskrivelser behandlet)
72 prosent fullf›rt. (65154 av 160960 beskrivelser behandlet)
73 prosent fullf›rt. (75977 av 160960 beskrivelser behandlet)
74 prosent fullf›rt. (86801 av 160960 beskrivelser behandlet)
75 prosent fullf›rt. (97625 av 160960 beskrivelser behandlet)
76 prosent fullf›rt. (108448 av 160960 beskrivelser behandlet)
77 prosent fullf›rt. (119272 av 160960 beskrivelser behandlet)
78 prosent fullf›rt. (130095 av 160960 beskrivelser behandlet)
79 prosent fullf›rt. (140919 av 160960 beskrivelser behandlet)
80 prosent fullf›rt. (151742 av 160960 beskrivelser behandlet)
160960 sikkerhetsbeskrivelser behandlet.

Kontrollen av sikkerhetsbeskriveren er ferdig.
20452 datafiler behandlet.

CHKDSK kontrollerer Usn-loggen...
99 prosent fullf›rt. (0 av 37103248 USN-byte behandlet)
99 prosent fullf›rt. (14692352 av 37103248 USN-byte behandlet)
99 prosent fullf›rt. (30429184 av 37103248 USN-byte behandlet)
100 prosent fullf›rt. (37101568 av 37103248 USN-byte behandlet)
37103248 USN-byte behandlet.

Kontroll av Usn-logg er fullf›rt.
Filsystemet er kontrollert. Ingen problemer ble funnet.

488384511 kB total diskplass.
209198076 kB i 112334 filer.
70288 kB in 20453 indekser.
0 kB i skadede sektorer.
280035 kB brukes av systemet.
65536 kB opptas av loggfilen.
278836112 kB tilgjengelig p† disk.

4096 byte i hver tildelingsenhet.
122096127 totale tildelingsenheter p† disken.
69709028 tildelingsenheter tilgjengelig p† disken.
Raviola
Active Member
 
Posts: 7
Joined: August 8th, 2011, 9:29 am

Re: Computer crashes, suspecting malware.

Unread postby Raviola » August 10th, 2011, 4:30 pm

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7429

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10.08.2011 22:28:45
mbam-log-2011-08-10 (22-28-45).txt

Scan type: Quick scan
Objects scanned: 154620
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Raviola
Active Member
 
Posts: 7
Joined: August 8th, 2011, 9:29 am

Re: Computer crashes, suspecting malware.

Unread postby askey127 » August 10th, 2011, 4:53 pm

Raviola,
My grandmother was from Oslo, but my Norwegian is no good.
In spite of that, my interpretation of the report is that the Hard disk looks OK, with no bad sectors..
-------------------------------------------------
Run the ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
You will, however, need to disable your current installed Anti-Virus. Additional information on how to do it is shown here.

Vista/Windows 7 users: You will need to to right-click on the either the Internet Explorer or FireFox icon in the Start Menu or Quick Launch Bar and select Run as Administrator.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Computer crashes, suspecting malware.

Unread postby Raviola » August 11th, 2011, 8:20 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=699148e693bc494c87bb51254eaabb0f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-11 03:09:42
# local_time=2011-08-11 05:09:42 (+0100, Sentral-Europa (sommertid))
# country="Norway"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 203908 203908 0 0
# compatibility_mode=1024 16777215 100 0 32825374 32825374 0 0
# compatibility_mode=5892 16776574 100 100 31986319 150544144 0 0
# compatibility_mode=8192 67108863 100 0 216 216 0 0
# scanned=443884
# found=20
# cleaned=0
# scan_time=20765
F:\Diverse Software\Nod 32\nod 32 fix.rar Win32/HackAV.BG application (unable to clean) 00000000000000000000000000000000 I
F:\Downloads\TrackMania United Forever [PCDVD - English] [www.TMasGames.com]\tmuf-dtn.iso probably a variant of Win32/Agent.JWALVLQ trojan (unable to clean) 00000000000000000000000000000000 I
F:\Games\Gothic 3\rzr-gtc3.iso probably a variant of Win32/Hupigon.KRNPTLZ trojan (unable to clean) 00000000000000000000000000000000 I
F:\Games\Mount & Blade\Mount&Blade\m&b_loader.exe probably a variant of Win32/HackTool.Patcher.N application (unable to clean) 00000000000000000000000000000000 I
F:\Games\Mount & Blade\Mount&Blade\Mount and Blade-Uniloader.exe probably a variant of Win32/HackTool.Patcher.N application (unable to clean) 00000000000000000000000000000000 I
F:\Musikk\Musikk\På båten\autorun.inf Win32/Peerfrag.CY worm (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Diverse isoer og spill\CD keys and Cracks\192 Game Keygens\Big Scale Racing\Big Scale Racing-Fairlight.rar probably a variant of Win32/Agent.JNIOQDF trojan (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Diverse isoer og spill\CD keys and Cracks\192 Game Keygens\Clive Barkers Undying\Clive Barkers Undying-keygen-efc87.zip probably a variant of Win32/Agent.JFKJZCA trojan (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Diverse isoer og spill\CD keys and Cracks\192 Game Keygens\Half-Life Opposing Force\halflifeopposingforcekeygenefc87.zip probably a variant of Win32/Agent.HYHYYVC trojan (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Diverse isoer og spill\CD keys and Cracks\192 Game Keygens\MPV Baseball 2003\out-mvpk.rar probably a variant of Win32/Agent.BWVPEQH trojan (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Diverse isoer og spill\CD keys and Cracks\Rarra\192 Game Keygens\Big Scale Racing\Big Scale Racing-Fairlight.rar probably a variant of Win32/Agent.JNIOQDF trojan (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Diverse isoer og spill\CD keys and Cracks\Rarra\192 Game Keygens\Clive Barkers Undying\Clive Barkers Undying-keygen-efc87.zip probably a variant of Win32/Agent.JFKJZCA trojan (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Diverse isoer og spill\CD keys and Cracks\Rarra\192 Game Keygens\Half-Life Opposing Force\halflifeopposingforcekeygenefc87.zip probably a variant of Win32/Agent.HYHYYVC trojan (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Diverse isoer og spill\CD keys and Cracks\Rarra\192 Game Keygens\MPV Baseball 2003\out-mvpk.rar probably a variant of Win32/Agent.BWVPEQH trojan (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Newest\Mount & Blade_1003\Crack\m&b_loader.exe probably a variant of Win32/HackTool.Patcher.N application (unable to clean) 00000000000000000000000000000000 I
G:\Downloads\Newest\Mount&Blade 1.003 +crack\Crack\Mount and Blade-Uniloader.exe probably a variant of Win32/HackTool.Patcher.N application (unable to clean) 00000000000000000000000000000000 I
G:\Games\Gothic 3\rzr-gtc3.iso probably a variant of Win32/Hupigon.KRNPTLZ trojan (unable to clean) 00000000000000000000000000000000 I
G:\Filmer\080716Minedokumenter02\Mine dokumenter\BitTorrent Downloads\Portable PDF Password Remover v.3.0 [App][Ingles][www.zonatorrent.com].rar probably a variant of Win32/PSWTool.PdfCracker.A application (unable to clean) 00000000000000000000000000000000 I
G:\Nero\Nero-UltraEdition-8.3.6.0.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
G:\Nero\Nero-UltraEdition-8.3.6.0\Nero-8.3.6.0.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
Raviola
Active Member
 
Posts: 7
Joined: August 8th, 2011, 9:29 am

Re: Computer crashes, suspecting malware.

Unread postby askey127 » August 11th, 2011, 2:11 pm

Your machine shows evidence of cracked or otherwise illegal software, so in accordance with our policy, we will not provide any further help.
http://malwareremoval.com/forum/viewtop ... 95#p491395
That is, of course, a major source of infections.
This thread will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware