Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected infections

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspected infections

Unread postby asaguda » May 10th, 2012, 5:22 am

The past few days my computer's been acting odd; Randomly after having been on for a while (Usually 2-4 hours but always within 6 it seems,) almost all programs will stop responding or become very slow, games crash, programs shutting down and new programs starting up freeze completely and their processes are unkillable by the task manager, leaving me with a hard reset to reboot, as the machine will never shut down on its own.

Several weeks ago all my security software showed clean scan logs (I scan monthly,) but sparked by these troubles, a Spybot scan in particular found a decent amount of items yesterday. I thought that meant I was in the clear when it removed them all but apparently not, I still seem to have some bugs in the system. All of the software I use show up green now, anyway.
Included are the two DDS logs;

EDIT: Yesterday I uninstalled AVG, and instead installed ZoneAlarm's licensed version of Kaspersky (I think it is) along with an update of their firewall. So far my computer's not shown the behavior mentioned above. I'm not going to count myself free just yet, but could AVG cause this behavior somehow? Files being corrupted or some such?

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Dicey at 11:13:15 on 2012-05-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.46.1033.18.6142.4220 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
F:\Program\ZoneAlarm\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
F:\Program\Apache2.2\bin\httpd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
F:\Program\MSI Afterburner\MSIAfterburner.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
F:\Program\Apache2.2\bin\httpd.exe
F:\Program\Spybot\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
F:\Program\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
F:\Program\SteelSeries Engine\SteelSeriesEngine.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
F:\Program\Spybot\TeaTimer.exe
E:\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
F:\Program\Yahoo!\Messenger\YahooMessenger.exe
F:\Program\Skype\Phone\Skype.exe
D:\Furcadia\furc_on.exe
F:\Program\No-IP\DUC30.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
F:\Program\ZoneAlarm\CheckPoint\ZoneAlarm\zatray.exe
F:\Program\WinPatrol\WinPatrol.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
F:\Program\Yahoo!\Messenger\YahooMessenger.exe
F:\Program\TortoiseSVN\bin\TSVNCache.exe
F:\Program\Mozilla Firefox\firefox.exe
F:\Program\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://vindictus.nexoneu.com/
mWinlogon: Userinit=userinit.exe,
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - F:\Program\Java32\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - F:\Program\ekort\EKortHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - F:\Program\Java32\bin\jp2ssv.dll
TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - F:\Program\ekort\EKortToolbar.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [SpybotSD TeaTimer] F:\Program\Spybot\TeaTimer.exe
uRun: [Steam] "E:\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "F:\Program\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Skype] "F:\Program\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [ZoneAlarm] F:\Program\ZoneAlarm\CheckPoint\ZoneAlarm\zatray.exe
mRun: [WinPatrol] F:\Program\WinPatrol\winpatrol.exe -expressboot
StartupFolder: C:\Users\Dicey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FURCAD~1.LNK - D:\Furcadia\furc_on.exe
StartupFolder: C:\Users\Dicey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NO-IPD~1.LNK - F:\Program\No-IP\DUC30.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/ ... dtoolx.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 193.150.193.150 83.255.245.11
TCP: Interfaces\{C22C32AB-2CD0-4151-9FA6-FF34D49D5F22} : DhcpNameServer = 193.150.193.150 83.255.245.11
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program\Java32\bin\ssv.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: e-kort Helper Class: {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - F:\Program\ekort\EKortHelper.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program\Java32\bin\jp2ssv.dll
TB-X64: e-kort Toolbar: {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - F:\Program\ekort\EKortToolbar.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [ZoneAlarm] F:\Program\ZoneAlarm\CheckPoint\ZoneAlarm\zatray.exe
mRun-x64: [WinPatrol] F:\Program\WinPatrol\winpatrol.exe -expressboot
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dicey\AppData\Roaming\Mozilla\Firefox\Profiles\ue9c6u84.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: F:\Program\Java\bin\new_plugin\npdeployJava1.dll
FF - plugin: F:\Program\Java32\bin\new_plugin\npdeployJava1.dll
FF - plugin: F:\Program\Java32\bin\new_plugin\npjp2.dll
FF - plugin: F:\Program\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: F:\Program\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: F:\Program\QuickTime\Plugins\npqtplugin.dll
FF - plugin: F:\Program\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: F:\Program\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: F:\Program\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: F:\Program\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: F:\Program\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: F:\Program\QuickTime\Plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Apache2.2;Apache2.2;F:\Program\Apache2.2\bin\httpd.exe [2012-1-28 20549]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R2 SBSDWSCService;SBSD Security Center Service;F:\Program\Spybot\SDWinSec.exe [2011-1-15 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 busenum;SteelBusSvc;C:\Windows\system32\DRIVERS\SteelBus64.sys --> C:\Windows\system32\DRIVERS\SteelBus64.sys [?]
R3 RTCore64;RTCore64;F:\Program\MSI Afterburner\RTCore64.sys [2010-5-27 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SaiK0728;SaiK0728;C:\Windows\system32\DRIVERS\SaiK0728.sys --> C:\Windows\system32\DRIVERS\SaiK0728.sys [?]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\system32\DRIVERS\SAlpham64.sys --> C:\Windows\system32\DRIVERS\SAlpham64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;F:\Program\Ad-Aware\AAWService.exe --> F:\Program\Ad-Aware\AAWService.exe [?]
S2 SkypeUpdate;Skype Updater;F:\Program\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-14 20992]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?]
S3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]
.
=============== Created Last 30 ================
.
2012-05-10 05:48:15 -------- d-----w- C:\ProgramData\InstallMate
2012-05-09 13:44:18 6402 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2012-05-09 13:38:41 -------- d-----w- C:\VundoFix Backups
2012-05-09 11:59:09 -------- d-----w- C:\Users\Dicey\AppData\Local\Amazon
2012-04-27 00:44:49 -------- d-----w- C:\Users\Dicey\AppData\Local\SniperV2 Demo
2012-04-19 21:52:18 -------- d-----w- C:\Users\Dicey\AppData\Local\Windows Live
2012-04-19 21:51:56 -------- d-----w- C:\Users\Dicey\AppData\Local\{967F5546-DEB6-4A5A-BF17-12EFC67FD3C1}
2012-04-12 01:55:32 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 01:55:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 01:55:32 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 01:55:32 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 01:55:32 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 01:55:32 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 01:55:32 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
==================== Find3M ====================
.
2012-04-15 17:04:55 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-15 17:04:55 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-14 21:38:28 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 01:44:10 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-03-10 12:29:53 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-11 06:22:28 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-02-11 06:22:28 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-02-11 06:22:28 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-02-11 06:22:28 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
.
============= FINISH: 11:13:33,19 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume4
Install Date: 2011-01-15 14:22:31
System Uptime: 2012-05-10 09:22:38 (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | X58A-UD3R
Processor: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz | Socket 1366 | 3360/160mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 50 GiB total, 11,625 GiB free.
D: is FIXED (NTFS) - 99 GiB total, 18,825 GiB free.
E: is FIXED (NTFS) - 149 GiB total, 19,756 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 251,635 GiB free.
G: is CDROM ()
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Marvell 91xx Config ATA Device
Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&31F68D52&0&1.1.0
Manufacturer:
Name: Marvell 91xx Config ATA Device
PNP Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&31F68D52&0&1.1.0
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&115A8633&0&0010
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&115A8633&0&0010
Service:
.
==== System Restore Points ===================
.
RP539: 2012-05-10 10:49:45 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Ad-Aware
Adobe AIR
Adobe Shockwave Player 11.5
Age of Wonders 2
AMIP (remove only)
Apache HTTP Server 2.2.22
APB Reloaded
Application Profiles
Assassin's Creed Brotherhood
Assassin's Creed Revelations 1.02
Audacity 1.3.13 (Unicode)
Battle for Wesnoth 1.10.1
BulletStorm
Burnout Paradise: The Ultimate Box
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Catalyst Control Center InstallProxy
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
CraftBukkit
Creative Centrale
Creative Removable Disk Manager
Creative Software Update
Creative ZEN Mozaic User's Guide
Cubemen
DAEMON Tools Lite
Dungeon Defenders
Dungeons of Dredmor
e-kort
Fable III
FlatOut 2
Fraps (remove only)
Frozen Synapse
Furcadia
Garry's Mod
Geeks3D.com FurMark 1.9.0
GIMP 2.6.11
Grabber version 3.1.3
Grand Theft Auto IV
Half-Life Dedicated Server Update Tool
ImgBurn
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 30
Killing Floor
Knights and Merchants - The Peasants Rebellion
LAME v3.98.3 for Audacity
Last.fm 1.5.4.27091
League of Legends
Livestream Procaster
Lyrics Plugin for Winamp
Magic: The Gathering — Duels of the Planeswalkers 2012
Malwarebytes Anti-Malware version 1.61.0.1400
ManiaPlanet
Mass Effect™ 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Age of Empires
Microsoft Age of Empires Expansion
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Might and Magic: Clash of Heroes
Mount & Blade: Warband
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Thunderbird 11.0.1 (x86 en-US)
MSI Afterburner 2.1.0
MSVCRT
Mumble 1.2.3
NCsoft Launcher
No-IP DUC
Notepad++
NOX
NVIDIA PhysX
One Unit Whole Blood
OpenAL
Orcs Must Die!
Origin
Original War
ORION: Dino Beatdown
PAYDAY: The Heist
Portal 2
PunkBuster Services
Rapture3D 2.3.26 Game
Realm of the Mad God
Realtek High Definition Audio Driver
Recettear: An Item Shop's Tale
RV House 0.93.4
Saints Row: The Third
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
ShockWave 1.1
Shoot Many Robots
Sid Meier's Alpha Centauri
Skype™ 5.8
Spybot - Search & Destroy
StarCraft II
Steam
Sword of the Stars Demo
Terraria
The Elder Scrolls V: Skyrim
The Last Remnant
Total Annihilation - Commander Pack
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC 9.0 Runtime
Westwood Online
Winamp
Winamp Detector Plug-in
Vindictus EU
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Upload Tool
WinPcap 4.1.2
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
World of Tanks: update 0.7.1.1
Yahoo! Messenger
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
2012-05-10 09:23:04, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
2012-05-10 09:22:58, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the file specified.
2012-05-10 08:32:10, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
2012-05-09 09:53:35, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2012-05-09 09:53:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2012-05-09 09:53:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2012-05-09 09:53:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2012-05-09 09:53:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2012-05-09 09:53:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2012-05-09 09:53:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2012-05-09 09:53:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Vsdatant Wanarpv6 WfpLwf
2012-05-09 09:53:26, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2012-05-09 09:53:26, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2012-05-09 09:53:26, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2012-05-09 09:53:26, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2012-05-09 09:53:26, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2012-05-09 09:53:26, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2012-05-09 09:53:26, Error: Service Control Manager [7001] - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2012-05-09 09:53:25, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2012-05-09 09:53:25, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2012-05-09 09:53:25, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
2012-05-09 09:53:25, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2012-05-09 09:53:25, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2012-05-09 04:31:29, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2012-05-09 02:53:18, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2012-05-09 02:53:17, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
2012-05-09 02:53:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6
.
==== End Of File ===========================
asaguda
Active Member
 
Posts: 9
Joined: January 12th, 2008, 4:07 pm
Advertisement
Register to Remove

Re: Suspected infections

Unread postby torreattack » May 13th, 2012, 9:41 am

Checking your log, will reply soon.
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Suspected infections

Unread postby torreattack » May 13th, 2012, 12:05 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi asaguda and welcome to Malware Removal :)

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7


I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.


Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.


I will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Suspected infections

Unread postby torreattack » May 14th, 2012, 5:39 pm

Hi asaguda :

Let's run some scan to dig more information regarding your problem.

1. TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT



2. OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.


3. I saw your are running a webserver and using Dynamic DNS service from http://www.no-ip.com/, can you kindly explain on what purpose you are using them?


a Spybot scan in particular found a decent amount of items yesterday.

4. Can you post the log for me?
The location of the Spybot log files should be in C:\ProgramData\Spybot - Search & Destroy\Logs
Please post the latest Fixes.yymmdd-hhmm for me.
note: If unable to see ProgramData, please set the windows to show hidden files and folders.


5. Checklist
Please post:
  • TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
  • OTL.txt and Extra.txt
  • Answer about Webserver and Dynamic DNS Service
  • Spybot log
  • An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Suspected infections

Unread postby asaguda » May 15th, 2012, 1:51 am

First the TDSS log.. OTL logs will be posted in a separate reply as they would push this post well past the characer limit, as well as the Spybot (Or lack thereof) log and the answer about the webserver.

07:37:21.0034 5792 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
07:37:21.0133 5792 ============================================================
07:37:21.0133 5792 Current date / time: 2012/05/15 07:37:21.0133
07:37:21.0133 5792 SystemInfo:
07:37:21.0133 5792
07:37:21.0133 5792 OS Version: 6.1.7601 ServicePack: 1.0
07:37:21.0133 5792 Product type: Workstation
07:37:21.0133 5792 ComputerName: DICETAS
07:37:21.0133 5792 UserName: Dicey
07:37:21.0133 5792 Windows directory: C:\Windows
07:37:21.0133 5792 System windows directory: C:\Windows
07:37:21.0134 5792 Running under WOW64
07:37:21.0134 5792 Processor architecture: Intel x64
07:37:21.0134 5792 Number of processors: 4
07:37:21.0134 5792 Page size: 0x1000
07:37:21.0134 5792 Boot type: Normal boot
07:37:21.0134 5792 ============================================================
07:37:21.0296 5792 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:37:21.0296 5792 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:37:21.0308 5792 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
07:37:21.0311 5792 ============================================================
07:37:21.0311 5792 \Device\Harddisk0\DR0:
07:37:21.0311 5792 MBR partitions:
07:37:21.0311 5792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6400000
07:37:21.0311 5792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6400800, BlocksNum 0xC618000
07:37:21.0311 5792 \Device\Harddisk1\DR1:
07:37:21.0311 5792 MBR partitions:
07:37:21.0311 5792 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
07:37:21.0311 5792 \Device\Harddisk2\DR2:
07:37:21.0311 5792 MBR partitions:
07:37:21.0311 5792 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:37:21.0311 5792 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A352800
07:37:21.0311 5792 ============================================================
07:37:21.0312 5792 C: <-> \Device\Harddisk0\DR0\Partition0
07:37:21.0346 5792 F: <-> \Device\Harddisk2\DR2\Partition1
07:37:21.0348 5792 D: <-> \Device\Harddisk0\DR0\Partition1
07:37:21.0349 5792 E: <-> \Device\Harddisk1\DR1\Partition0
07:37:21.0349 5792 ============================================================
07:37:21.0349 5792 Initialize success
07:37:21.0349 5792 ============================================================
07:37:22.0905 3580 ============================================================
07:37:22.0905 3580 Scan started
07:37:22.0905 3580 Mode: Manual;
07:37:22.0905 3580 ============================================================
07:37:22.0996 3580 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:37:22.0997 3580 1394ohci - ok
07:37:23.0006 3580 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:37:23.0007 3580 ACPI - ok
07:37:23.0010 3580 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:37:23.0013 3580 AcpiPmi - ok
07:37:23.0033 3580 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:37:23.0037 3580 AdobeFlashPlayerUpdateSvc - ok
07:37:23.0048 3580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:37:23.0057 3580 adp94xx - ok
07:37:23.0066 3580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:37:23.0074 3580 adpahci - ok
07:37:23.0080 3580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:37:23.0086 3580 adpu320 - ok
07:37:23.0090 3580 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:37:23.0091 3580 AeLookupSvc - ok
07:37:23.0103 3580 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
07:37:23.0105 3580 AFD - ok
07:37:23.0108 3580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:37:23.0114 3580 agp440 - ok
07:37:23.0118 3580 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:37:23.0119 3580 ALG - ok
07:37:23.0122 3580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:37:23.0127 3580 aliide - ok
07:37:23.0134 3580 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
07:37:23.0136 3580 AMD External Events Utility - ok
07:37:23.0138 3580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:37:23.0143 3580 amdide - ok
07:37:23.0148 3580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:37:23.0152 3580 AmdK8 - ok
07:37:23.0371 3580 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:37:23.0469 3580 amdkmdag - ok
07:37:23.0494 3580 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
07:37:23.0500 3580 amdkmdap - ok
07:37:23.0503 3580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:37:23.0507 3580 AmdPPM - ok
07:37:23.0511 3580 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:37:23.0518 3580 amdsata - ok
07:37:23.0523 3580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:37:23.0531 3580 amdsbs - ok
07:37:23.0533 3580 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:37:23.0538 3580 amdxata - ok
07:37:23.0593 3580 Apache2.2 (eb4e26ad3a0e681c2faabbacb0691a34) F:\Program\Apache2.2\bin\httpd.exe
07:37:23.0594 3580 Apache2.2 - ok
07:37:23.0597 3580 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:37:23.0603 3580 AppID - ok
07:37:23.0606 3580 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:37:23.0607 3580 AppIDSvc - ok
07:37:23.0610 3580 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:37:23.0612 3580 Appinfo - ok
07:37:23.0618 3580 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
07:37:23.0621 3580 AppMgmt - ok
07:37:23.0625 3580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:37:23.0630 3580 arc - ok
07:37:23.0634 3580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:37:23.0639 3580 arcsas - ok
07:37:23.0651 3580 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:37:23.0655 3580 aspnet_state - ok
07:37:23.0658 3580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:37:23.0658 3580 AsyncMac - ok
07:37:23.0661 3580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:37:23.0661 3580 atapi - ok
07:37:23.0667 3580 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
07:37:23.0674 3580 AtiHDAudioService - ok
07:37:23.0678 3580 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys
07:37:23.0684 3580 AtiHdmiService - ok
07:37:23.0699 3580 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:37:23.0707 3580 AudioEndpointBuilder - ok
07:37:23.0710 3580 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:37:23.0713 3580 AudioSrv - ok
07:37:23.0717 3580 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:37:23.0720 3580 AxInstSV - ok
07:37:23.0731 3580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:37:23.0740 3580 b06bdrv - ok
07:37:23.0747 3580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:37:23.0754 3580 b57nd60a - ok
07:37:23.0759 3580 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:37:23.0764 3580 BDESVC - ok
07:37:23.0766 3580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:37:23.0771 3580 Beep - ok
07:37:23.0787 3580 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:37:23.0795 3580 BFE - ok
07:37:23.0814 3580 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
07:37:23.0823 3580 BITS - ok
07:37:23.0829 3580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:37:23.0834 3580 blbdrive - ok
07:37:23.0838 3580 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:37:23.0844 3580 bowser - ok
07:37:23.0847 3580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:37:23.0851 3580 BrFiltLo - ok
07:37:23.0853 3580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:37:23.0856 3580 BrFiltUp - ok
07:37:23.0861 3580 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:37:23.0863 3580 Browser - ok
07:37:23.0871 3580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:37:23.0878 3580 Brserid - ok
07:37:23.0881 3580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:37:23.0885 3580 BrSerWdm - ok
07:37:23.0887 3580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:37:23.0891 3580 BrUsbMdm - ok
07:37:23.0893 3580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:37:23.0896 3580 BrUsbSer - ok
07:37:23.0900 3580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:37:23.0906 3580 BTHMODEM - ok
07:37:23.0910 3580 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:37:23.0914 3580 bthserv - ok
07:37:23.0920 3580 busenum (55913573c41cf091f93a1ac07965ea7e) C:\Windows\system32\DRIVERS\SteelBus64.sys
07:37:23.0926 3580 busenum - ok
07:37:23.0930 3580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:37:23.0935 3580 cdfs - ok
07:37:23.0940 3580 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
07:37:23.0945 3580 cdrom - ok
07:37:23.0950 3580 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:37:23.0951 3580 CertPropSvc - ok
07:37:23.0955 3580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:37:23.0958 3580 circlass - ok
07:37:23.0967 3580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:37:23.0969 3580 CLFS - ok
07:37:23.0974 3580 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:37:23.0977 3580 clr_optimization_v2.0.50727_32 - ok
07:37:23.0982 3580 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:37:23.0987 3580 clr_optimization_v2.0.50727_64 - ok
07:37:23.0999 3580 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:37:24.0007 3580 clr_optimization_v4.0.30319_32 - ok
07:37:24.0018 3580 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:37:24.0020 3580 clr_optimization_v4.0.30319_64 - ok
07:37:24.0023 3580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:37:24.0027 3580 CmBatt - ok
07:37:24.0030 3580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:37:24.0035 3580 cmdide - ok
07:37:24.0046 3580 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:37:24.0056 3580 CNG - ok
07:37:24.0059 3580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:37:24.0063 3580 Compbatt - ok
07:37:24.0066 3580 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:37:24.0070 3580 CompositeBus - ok
07:37:24.0071 3580 COMSysApp - ok
07:37:24.0075 3580 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
07:37:24.0080 3580 cpuz135 - ok
07:37:24.0083 3580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:37:24.0088 3580 crcdisk - ok
07:37:24.0095 3580 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:37:24.0098 3580 CryptSvc - ok
07:37:24.0110 3580 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:37:24.0120 3580 CSC - ok
07:37:24.0135 3580 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
07:37:24.0142 3580 CscService - ok
07:37:24.0147 3580 CTDevice_Srv (a5bea0e5c297f5f3835638a87e512fba) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
07:37:24.0147 3580 CTDevice_Srv - ok
07:37:24.0152 3580 CTUPnPSv (8e26d772f53b7883a651e0e4a9598f21) C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
07:37:24.0154 3580 CTUPnPSv - ok
07:37:24.0166 3580 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:37:24.0172 3580 DcomLaunch - ok
07:37:24.0181 3580 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:37:24.0185 3580 defragsvc - ok
07:37:24.0191 3580 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:37:24.0197 3580 DfsC - ok
07:37:24.0205 3580 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:37:24.0210 3580 Dhcp - ok
07:37:24.0212 3580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:37:24.0213 3580 discache - ok
07:37:24.0216 3580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:37:24.0222 3580 Disk - ok
07:37:24.0227 3580 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:37:24.0230 3580 Dnscache - ok
07:37:24.0238 3580 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:37:24.0242 3580 dot3svc - ok
07:37:24.0247 3580 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:37:24.0252 3580 DPS - ok
07:37:24.0254 3580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:37:24.0259 3580 drmkaud - ok
07:37:24.0266 3580 dtsoftbus01 (9f98d7afa293947a0dfc6ffd4671fe70) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
07:37:24.0267 3580 dtsoftbus01 - ok
07:37:24.0288 3580 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:37:24.0300 3580 DXGKrnl - ok
07:37:24.0303 3580 EagleX64 - ok
07:37:24.0307 3580 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:37:24.0310 3580 EapHost - ok
07:37:24.0376 3580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:37:24.0407 3580 ebdrv - ok
07:37:24.0423 3580 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
07:37:24.0424 3580 EFS - ok
07:37:24.0440 3580 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
07:37:24.0448 3580 ehRecvr - ok
07:37:24.0452 3580 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
07:37:24.0457 3580 ehSched - ok
07:37:24.0472 3580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:37:24.0481 3580 elxstor - ok
07:37:24.0483 3580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:37:24.0487 3580 ErrDev - ok
07:37:24.0498 3580 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:37:24.0503 3580 EventSystem - ok
07:37:24.0509 3580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:37:24.0516 3580 exfat - ok
07:37:24.0522 3580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:37:24.0529 3580 fastfat - ok
07:37:24.0545 3580 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:37:24.0553 3580 Fax - ok
07:37:24.0555 3580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:37:24.0560 3580 fdc - ok
07:37:24.0568 3580 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:37:24.0569 3580 fdPHost - ok
07:37:24.0572 3580 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:37:24.0576 3580 FDResPub - ok
07:37:24.0579 3580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:37:24.0585 3580 FileInfo - ok
07:37:24.0587 3580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:37:24.0592 3580 Filetrace - ok
07:37:24.0595 3580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:37:24.0599 3580 flpydisk - ok
07:37:24.0607 3580 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:37:24.0615 3580 FltMgr - ok
07:37:24.0639 3580 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
07:37:24.0650 3580 FontCache - ok
07:37:24.0654 3580 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:37:24.0656 3580 FontCache3.0.0.0 - ok
07:37:24.0661 3580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:37:24.0666 3580 FsDepends - ok
07:37:24.0669 3580 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
07:37:24.0673 3580 Fs_Rec - ok
07:37:24.0680 3580 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:37:24.0681 3580 fvevol - ok
07:37:24.0684 3580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:37:24.0691 3580 gagp30kx - ok
07:37:24.0707 3580 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:37:24.0716 3580 gpsvc - ok
07:37:24.0718 3580 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
07:37:24.0722 3580 hamachi - ok
07:37:24.0725 3580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:37:24.0729 3580 hcw85cir - ok
07:37:24.0738 3580 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
07:37:24.0747 3580 HdAudAddService - ok
07:37:24.0752 3580 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:37:24.0752 3580 HDAudBus - ok
07:37:24.0755 3580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:37:24.0760 3580 HidBatt - ok
07:37:24.0764 3580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:37:24.0770 3580 HidBth - ok
07:37:24.0773 3580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:37:24.0778 3580 HidIr - ok
07:37:24.0781 3580 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
07:37:24.0782 3580 hidserv - ok
07:37:24.0786 3580 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:37:24.0791 3580 HidUsb - ok
07:37:24.0795 3580 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:37:24.0797 3580 hkmsvc - ok
07:37:24.0803 3580 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:37:24.0807 3580 HomeGroupListener - ok
07:37:24.0813 3580 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:37:24.0816 3580 HomeGroupProvider - ok
07:37:24.0820 3580 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:37:24.0826 3580 HpSAMD - ok
07:37:24.0842 3580 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:37:24.0845 3580 HTTP - ok
07:37:24.0847 3580 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:37:24.0848 3580 hwpolicy - ok
07:37:24.0852 3580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:37:24.0857 3580 i8042prt - ok
07:37:24.0868 3580 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:37:24.0876 3580 iaStorV - ok
07:37:24.0896 3580 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:37:24.0904 3580 idsvc - ok
07:37:24.0907 3580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:37:24.0912 3580 iirsp - ok
07:37:24.0930 3580 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:37:24.0939 3580 IKEEXT - ok
07:37:24.0998 3580 IntcAzAudAddService (a3c9367a02b2a1fc22536add3601b64f) C:\Windows\system32\drivers\RTKVHD64.sys
07:37:25.0012 3580 IntcAzAudAddService - ok
07:37:25.0030 3580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:37:25.0035 3580 intelide - ok
07:37:25.0038 3580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:37:25.0039 3580 intelppm - ok
07:37:25.0043 3580 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:37:25.0045 3580 IPBusEnum - ok
07:37:25.0049 3580 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:37:25.0053 3580 IpFilterDriver - ok
07:37:25.0066 3580 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:37:25.0072 3580 iphlpsvc - ok
07:37:25.0076 3580 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:37:25.0081 3580 IPMIDRV - ok
07:37:25.0086 3580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:37:25.0092 3580 IPNAT - ok
07:37:25.0096 3580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:37:25.0100 3580 IRENUM - ok
07:37:25.0103 3580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:37:25.0108 3580 isapnp - ok
07:37:25.0115 3580 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:37:25.0123 3580 iScsiPrt - ok
07:37:25.0129 3580 ISWKL (1152f8beb568f2f72f1c5c32a1f4e529) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
07:37:25.0130 3580 ISWKL - ok
07:37:25.0154 3580 IswSvc (ef46ef3a790c42bba9b5afa2586448db) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
07:37:25.0157 3580 IswSvc - ok
07:37:25.0161 3580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:37:25.0167 3580 kbdclass - ok
07:37:25.0170 3580 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
07:37:25.0175 3580 kbdhid - ok
07:37:25.0177 3580 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:37:25.0178 3580 KeyIso - ok
07:37:25.0189 3580 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
07:37:25.0199 3580 KL1 - ok
07:37:25.0202 3580 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
07:37:25.0205 3580 kl2 - ok
07:37:25.0218 3580 KLIF (055790d38d7ec73aef03e4aa7f67ba03) C:\Windows\system32\DRIVERS\klif.sys
07:37:25.0226 3580 KLIF - ok
07:37:25.0231 3580 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:37:25.0236 3580 KSecDD - ok
07:37:25.0242 3580 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:37:25.0248 3580 KSecPkg - ok
07:37:25.0251 3580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:37:25.0255 3580 ksthunk - ok
07:37:25.0264 3580 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:37:25.0269 3580 KtmRm - ok
07:37:25.0276 3580 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
07:37:25.0280 3580 LanmanServer - ok
07:37:25.0285 3580 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:37:25.0288 3580 LanmanWorkstation - ok
07:37:25.0289 3580 Lavasoft Ad-Aware Service - ok
07:37:25.0291 3580 Lbd - ok
07:37:25.0296 3580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:37:25.0301 3580 lltdio - ok
07:37:25.0309 3580 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:37:25.0314 3580 lltdsvc - ok
07:37:25.0316 3580 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:37:25.0320 3580 lmhosts - ok
07:37:25.0325 3580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:37:25.0331 3580 LSI_FC - ok
07:37:25.0335 3580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:37:25.0341 3580 LSI_SAS - ok
07:37:25.0344 3580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:37:25.0351 3580 LSI_SAS2 - ok
07:37:25.0355 3580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:37:25.0361 3580 LSI_SCSI - ok
07:37:25.0366 3580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:37:25.0372 3580 luafv - ok
07:37:25.0376 3580 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:37:25.0378 3580 Mcx2Svc - ok
07:37:25.0380 3580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:37:25.0386 3580 megasas - ok
07:37:25.0394 3580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:37:25.0402 3580 MegaSR - ok
07:37:25.0406 3580 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:37:25.0409 3580 MMCSS - ok
07:37:25.0412 3580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:37:25.0417 3580 Modem - ok
07:37:25.0420 3580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:37:25.0420 3580 monitor - ok
07:37:25.0424 3580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:37:25.0429 3580 mouclass - ok
07:37:25.0432 3580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:37:25.0437 3580 mouhid - ok
07:37:25.0440 3580 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:37:25.0441 3580 mountmgr - ok
07:37:25.0446 3580 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:37:25.0453 3580 mpio - ok
07:37:25.0457 3580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:37:25.0462 3580 mpsdrv - ok
07:37:25.0480 3580 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:37:25.0493 3580 MpsSvc - ok
07:37:25.0498 3580 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:37:25.0504 3580 MRxDAV - ok
07:37:25.0510 3580 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:37:25.0516 3580 mrxsmb - ok
07:37:25.0524 3580 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:37:25.0532 3580 mrxsmb10 - ok
07:37:25.0537 3580 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:37:25.0543 3580 mrxsmb20 - ok
07:37:25.0546 3580 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:37:25.0551 3580 msahci - ok
07:37:25.0556 3580 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:37:25.0572 3580 msdsm - ok
07:37:25.0577 3580 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:37:25.0585 3580 MSDTC - ok
07:37:25.0589 3580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:37:25.0594 3580 Msfs - ok
07:37:25.0596 3580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:37:25.0600 3580 mshidkmdf - ok
07:37:25.0602 3580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:37:25.0606 3580 msisadrv - ok
07:37:25.0611 3580 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:37:25.0617 3580 MSiSCSI - ok
07:37:25.0618 3580 msiserver - ok
07:37:25.0621 3580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:37:25.0626 3580 MSKSSRV - ok
07:37:25.0628 3580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:37:25.0633 3580 MSPCLOCK - ok
07:37:25.0635 3580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:37:25.0639 3580 MSPQM - ok
07:37:25.0648 3580 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:37:25.0656 3580 MsRPC - ok
07:37:25.0660 3580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:37:25.0660 3580 mssmbios - ok
07:37:25.0662 3580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:37:25.0666 3580 MSTEE - ok
07:37:25.0669 3580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:37:25.0672 3580 MTConfig - ok
07:37:25.0676 3580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:37:25.0681 3580 Mup - ok
07:37:25.0692 3580 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:37:25.0702 3580 napagent - ok
07:37:25.0711 3580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:37:25.0719 3580 NativeWifiP - ok
07:37:25.0740 3580 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:37:25.0743 3580 NDIS - ok
07:37:25.0746 3580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:37:25.0751 3580 NdisCap - ok
07:37:25.0754 3580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:37:25.0758 3580 NdisTapi - ok
07:37:25.0762 3580 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:37:25.0767 3580 Ndisuio - ok
07:37:25.0772 3580 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:37:25.0779 3580 NdisWan - ok
07:37:25.0782 3580 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:37:25.0788 3580 NDProxy - ok
07:37:25.0791 3580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:37:25.0796 3580 NetBIOS - ok
07:37:25.0803 3580 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:37:25.0804 3580 NetBT - ok
07:37:25.0807 3580 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:37:25.0808 3580 Netlogon - ok
07:37:25.0817 3580 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:37:25.0826 3580 Netman - ok
07:37:25.0837 3580 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:37:25.0841 3580 NetMsmqActivator - ok
07:37:25.0843 3580 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:37:25.0844 3580 NetPipeActivator - ok
07:37:25.0855 3580 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:37:25.0864 3580 netprofm - ok
07:37:25.0866 3580 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:37:25.0867 3580 NetTcpActivator - ok
07:37:25.0868 3580 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:37:25.0869 3580 NetTcpPortSharing - ok
07:37:25.0874 3580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:37:25.0879 3580 nfrd960 - ok
07:37:25.0887 3580 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:37:25.0890 3580 NlaSvc - ok
07:37:25.0891 3580 nosGetPlusHelper - ok
07:37:25.0896 3580 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
07:37:25.0899 3580 NPF - ok
07:37:25.0902 3580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:37:25.0908 3580 Npfs - ok
07:37:25.0910 3580 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:37:25.0914 3580 nsi - ok
07:37:25.0917 3580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:37:25.0917 3580 nsiproxy - ok
07:37:25.0952 3580 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:37:25.0972 3580 Ntfs - ok
07:37:25.0989 3580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:37:25.0993 3580 Null - ok
07:37:25.0999 3580 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:37:26.0006 3580 nvraid - ok
07:37:26.0011 3580 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:37:26.0018 3580 nvstor - ok
07:37:26.0023 3580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:37:26.0029 3580 nv_agp - ok
07:37:26.0033 3580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:37:26.0039 3580 ohci1394 - ok
07:37:26.0047 3580 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:37:26.0050 3580 p2pimsvc - ok
07:37:26.0061 3580 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:37:26.0070 3580 p2psvc - ok
07:37:26.0074 3580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:37:26.0080 3580 Parport - ok
07:37:26.0083 3580 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
07:37:26.0089 3580 partmgr - ok
07:37:26.0095 3580 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:37:26.0101 3580 PcaSvc - ok
07:37:26.0107 3580 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:37:26.0113 3580 pci - ok
07:37:26.0116 3580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:37:26.0120 3580 pciide - ok
07:37:26.0127 3580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:37:26.0135 3580 pcmcia - ok
07:37:26.0138 3580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:37:26.0143 3580 pcw - ok
07:37:26.0157 3580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:37:26.0168 3580 PEAUTH - ok
07:37:26.0196 3580 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
07:37:26.0208 3580 PeerDistSvc - ok
07:37:26.0223 3580 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:37:26.0230 3580 PerfHost - ok
07:37:26.0273 3580 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:37:26.0290 3580 pla - ok
07:37:26.0301 3580 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:37:26.0310 3580 PlugPlay - ok
07:37:26.0312 3580 PnkBstrA - ok
07:37:26.0316 3580 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:37:26.0320 3580 PNRPAutoReg - ok
07:37:26.0328 3580 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:37:26.0330 3580 PNRPsvc - ok
07:37:26.0342 3580 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:37:26.0351 3580 PolicyAgent - ok
07:37:26.0359 3580 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:37:26.0360 3580 Power - ok
07:37:26.0367 3580 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:37:26.0372 3580 PptpMiniport - ok
07:37:26.0375 3580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:37:26.0379 3580 Processor - ok
07:37:26.0386 3580 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:37:26.0393 3580 ProfSvc - ok
07:37:26.0395 3580 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:37:26.0396 3580 ProtectedStorage - ok
07:37:26.0401 3580 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:37:26.0402 3580 Psched - ok
07:37:26.0434 3580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:37:26.0454 3580 ql2300 - ok
07:37:26.0473 3580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:37:26.0480 3580 ql40xx - ok
07:37:26.0487 3580 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:37:26.0493 3580 QWAVE - ok
07:37:26.0497 3580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:37:26.0497 3580 QWAVEdrv - ok
07:37:26.0500 3580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:37:26.0504 3580 RasAcd - ok
07:37:26.0508 3580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:37:26.0513 3580 RasAgileVpn - ok
07:37:26.0517 3580 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:37:26.0523 3580 RasAuto - ok
07:37:26.0527 3580 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:37:26.0534 3580 Rasl2tp - ok
07:37:26.0542 3580 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:37:26.0551 3580 RasMan - ok
07:37:26.0555 3580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:37:26.0561 3580 RasPppoe - ok
07:37:26.0570 3580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:37:26.0576 3580 RasSstp - ok
07:37:26.0584 3580 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:37:26.0591 3580 rdbss - ok
07:37:26.0594 3580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:37:26.0599 3580 rdpbus - ok
07:37:26.0600 3580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:37:26.0601 3580 RDPCDD - ok
07:37:26.0607 3580 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:37:26.0614 3580 RDPDR - ok
07:37:26.0616 3580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:37:26.0616 3580 RDPENCDD - ok
07:37:26.0619 3580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:37:26.0620 3580 RDPREFMP - ok
07:37:26.0624 3580 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
07:37:26.0629 3580 RdpVideoMiniport - ok
07:37:26.0635 3580 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
07:37:26.0642 3580 RDPWD - ok
07:37:26.0648 3580 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:37:26.0656 3580 rdyboost - ok
07:37:26.0660 3580 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:37:26.0665 3580 RemoteAccess - ok
07:37:26.0670 3580 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:37:26.0676 3580 RemoteRegistry - ok
07:37:26.0685 3580 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
07:37:26.0693 3580 rpcapd - ok
07:37:26.0696 3580 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:37:26.0701 3580 RpcEptMapper - ok
07:37:26.0703 3580 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:37:26.0708 3580 RpcLocator - ok
07:37:26.0720 3580 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:37:26.0723 3580 RpcSs - ok
07:37:26.0727 3580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:37:26.0732 3580 rspndr - ok
07:37:26.0776 3580 RTCore64 (2e887e52e45bba3c47ccd0e75fc5266f) F:\Program\MSI Afterburner\RTCore64.sys
07:37:26.0777 3580 RTCore64 - ok
07:37:26.0783 3580 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:37:26.0789 3580 RTL8167 - ok
07:37:26.0791 3580 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:37:26.0795 3580 s3cap - ok
07:37:26.0800 3580 SaiK0728 (476baa3eebe9db94bf6bdfaf46747e5d) C:\Windows\system32\DRIVERS\SaiK0728.sys
07:37:26.0805 3580 SaiK0728 - ok
07:37:26.0811 3580 SaiK0CCB (f6d3e9793f22c92cef9b96bf47da01f1) C:\Windows\system32\DRIVERS\SaiK0CCB.sys
07:37:26.0817 3580 SaiK0CCB - ok
07:37:26.0820 3580 SaiMini (e124bcfb55adcd4aa273e73c3d666f9f) C:\Windows\system32\DRIVERS\SaiMini.sys
07:37:26.0825 3580 SaiMini - ok
07:37:26.0828 3580 SaiNtBus (94ab59e2d3f301dc2b6ea97a027cebfa) C:\Windows\system32\drivers\SaiBus.sys
07:37:26.0833 3580 SaiNtBus - ok
07:37:26.0836 3580 SaiU0CCB (ff2d7435c79b273752f0912feab839c0) C:\Windows\system32\DRIVERS\SaiU0CCB.sys
07:37:26.0841 3580 SaiU0CCB - ok
07:37:26.0844 3580 SAlphamHid (e13d43901ec079280a2a9bad9a2ccda7) C:\Windows\system32\DRIVERS\SAlpham64.sys
07:37:26.0849 3580 SAlphamHid - ok
07:37:26.0852 3580 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:37:26.0853 3580 SamSs - ok
07:37:26.0857 3580 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:37:26.0864 3580 sbp2port - ok
07:37:26.0942 3580 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) F:\Program\Spybot\SDWinSec.exe
07:37:26.0946 3580 SBSDWSCService - ok
07:37:26.0952 3580 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:37:26.0958 3580 SCardSvr - ok
07:37:26.0961 3580 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:37:26.0965 3580 scfilter - ok
07:37:26.0988 3580 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:37:27.0004 3580 Schedule - ok
07:37:27.0008 3580 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:37:27.0009 3580 SCPolicySvc - ok
07:37:27.0015 3580 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:37:27.0021 3580 SDRSVC - ok
07:37:27.0026 3580 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
07:37:27.0029 3580 SecDrv - ok
07:37:27.0032 3580 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:37:27.0037 3580 seclogon - ok
07:37:27.0041 3580 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
07:37:27.0045 3580 SENS - ok
07:37:27.0048 3580 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:37:27.0053 3580 SensrSvc - ok
07:37:27.0055 3580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:37:27.0060 3580 Serenum - ok
07:37:27.0064 3580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:37:27.0070 3580 Serial - ok
07:37:27.0073 3580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:37:27.0078 3580 sermouse - ok
07:37:27.0085 3580 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:37:27.0090 3580 SessionEnv - ok
07:37:27.0093 3580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:37:27.0098 3580 sffdisk - ok
07:37:27.0100 3580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:37:27.0104 3580 sffp_mmc - ok
07:37:27.0106 3580 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:37:27.0111 3580 sffp_sd - ok
07:37:27.0113 3580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:37:27.0118 3580 sfloppy - ok
07:37:27.0127 3580 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:37:27.0135 3580 SharedAccess - ok
07:37:27.0144 3580 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:37:27.0153 3580 ShellHWDetection - ok
07:37:27.0156 3580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:37:27.0162 3580 SiSRaid2 - ok
07:37:27.0166 3580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:37:27.0170 3580 SiSRaid4 - ok
07:37:27.0211 3580 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) F:\Program\Skype\Updater\Updater.exe
07:37:27.0211 3580 SkypeUpdate - ok
07:37:27.0216 3580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:37:27.0222 3580 Smb - ok
07:37:27.0226 3580 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:37:27.0232 3580 SNMPTRAP - ok
07:37:27.0235 3580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:37:27.0239 3580 spldr - ok
07:37:27.0252 3580 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:37:27.0260 3580 Spooler - ok
07:37:27.0330 3580 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:37:27.0343 3580 sppsvc - ok
07:37:27.0359 3580 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:37:27.0364 3580 sppuinotify - ok
07:37:27.0377 3580 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:37:27.0385 3580 srv - ok
07:37:27.0396 3580 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:37:27.0404 3580 srv2 - ok
07:37:27.0410 3580 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:37:27.0416 3580 srvnet - ok
07:37:27.0423 3580 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:37:27.0429 3580 SSDPSRV - ok
07:37:27.0433 3580 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:37:27.0438 3580 SstpSvc - ok
07:37:27.0440 3580 Steam Client Service - ok
07:37:27.0444 3580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:37:27.0448 3580 stexstor - ok
07:37:27.0461 3580 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:37:27.0471 3580 stisvc - ok
07:37:27.0475 3580 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:37:27.0478 3580 storflt - ok
07:37:27.0482 3580 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:37:27.0487 3580 storvsc - ok
07:37:27.0490 3580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:37:27.0494 3580 swenum - ok
07:37:27.0506 3580 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:37:27.0516 3580 swprv - ok
07:37:27.0518 3580 Synth3dVsc - ok
07:37:27.0555 3580 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:37:27.0590 3580 SysMain - ok
07:37:27.0616 3580 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:37:27.0621 3580 TabletInputService - ok
07:37:27.0648 3580 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:37:27.0656 3580 TapiSrv - ok
07:37:27.0660 3580 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:37:27.0661 3580 TBS - ok
07:37:27.0710 3580 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
07:37:27.0734 3580 Tcpip - ok
07:37:27.0797 3580 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
07:37:27.0803 3580 TCPIP6 - ok
07:37:27.0826 3580 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:37:27.0831 3580 tcpipreg - ok
07:37:27.0835 3580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:37:27.0840 3580 TDPIPE - ok
07:37:27.0843 3580 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
07:37:27.0848 3580 TDTCP - ok
07:37:27.0853 3580 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:37:27.0859 3580 tdx - ok
07:37:27.0863 3580 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:37:27.0868 3580 TermDD - ok
07:37:27.0884 3580 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:37:27.0897 3580 TermService - ok
07:37:27.0900 3580 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:37:27.0905 3580 Themes - ok
07:37:27.0908 3580 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:37:27.0909 3580 THREADORDER - ok
07:37:27.0914 3580 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:37:27.0920 3580 TrkWks - ok
07:37:27.0926 3580 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:37:27.0926 3580 TrustedInstaller - ok
07:37:27.0931 3580 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:37:27.0936 3580 tssecsrv - ok
07:37:27.0940 3580 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:37:27.0944 3580 TsUsbFlt - ok
07:37:27.0945 3580 tsusbhub - ok
07:37:27.0951 3580 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:37:27.0958 3580 tunnel - ok
07:37:27.0961 3580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:37:27.0967 3580 uagp35 - ok
07:37:27.0976 3580 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:37:27.0984 3580 udfs - ok
07:37:27.0989 3580 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:37:27.0995 3580 UI0Detect - ok
07:37:27.0999 3580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:37:28.0005 3580 uliagpkx - ok
07:37:28.0008 3580 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:37:28.0012 3580 umbus - ok
07:37:28.0014 3580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:37:28.0018 3580 UmPass - ok
07:37:28.0025 3580 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
07:37:28.0031 3580 UmRdpService - ok
07:37:28.0040 3580 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:37:28.0049 3580 upnphost - ok
07:37:28.0054 3580 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
07:37:28.0060 3580 usbaudio - ok
07:37:28.0064 3580 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
07:37:28.0070 3580 usbccgp - ok
07:37:28.0074 3580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:37:28.0079 3580 usbcir - ok
07:37:28.0082 3580 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
07:37:28.0087 3580 usbehci - ok
07:37:28.0097 3580 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:37:28.0105 3580 usbhub - ok
07:37:28.0108 3580 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
07:37:28.0113 3580 usbohci - ok
07:37:28.0116 3580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:37:28.0121 3580 usbprint - ok
07:37:28.0125 3580 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:37:28.0131 3580 USBSTOR - ok
07:37:28.0134 3580 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
07:37:28.0139 3580 usbuhci - ok
07:37:28.0145 3580 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
07:37:28.0152 3580 usbvideo - ok
07:37:28.0155 3580 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:37:28.0160 3580 UxSms - ok
07:37:28.0163 3580 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:37:28.0164 3580 VaultSvc - ok
07:37:28.0167 3580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:37:28.0170 3580 vdrvroot - ok
07:37:28.0183 3580 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:37:28.0194 3580 vds - ok
07:37:28.0197 3580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:37:28.0202 3580 vga - ok
07:37:28.0205 3580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:37:28.0210 3580 VgaSave - ok
07:37:28.0212 3580 VGPU - ok
07:37:28.0219 3580 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:37:28.0226 3580 vhdmp - ok
07:37:28.0229 3580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:37:28.0234 3580 viaide - ok
07:37:28.0240 3580 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
07:37:28.0246 3580 vmbus - ok
07:37:28.0249 3580 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
07:37:28.0253 3580 VMBusHID - ok
07:37:28.0257 3580 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:37:28.0262 3580 volmgr - ok
07:37:28.0272 3580 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:37:28.0273 3580 volmgrx - ok
07:37:28.0281 3580 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:37:28.0289 3580 volsnap - ok
07:37:28.0301 3580 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\Windows\system32\DRIVERS\vsdatant.sys
07:37:28.0309 3580 Vsdatant - ok
07:37:28.0348 3580 vsmon - ok
07:37:28.0354 3580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:37:28.0360 3580 vsmraid - ok
07:37:28.0393 3580 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:37:28.0414 3580 VSS - ok
07:37:28.0432 3580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:37:28.0436 3580 vwifibus - ok
07:37:28.0445 3580 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:37:28.0455 3580 W32Time - ok
07:37:28.0459 3580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:37:28.0464 3580 WacomPen - ok
07:37:28.0468 3580 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:37:28.0474 3580 WANARP - ok
07:37:28.0476 3580 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:37:28.0476 3580 Wanarpv6 - ok
07:37:28.0503 3580 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:37:28.0519 3580 WatAdminSvc - ok
07:37:28.0550 3580 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:37:28.0579 3580 wbengine - ok
07:37:28.0598 3580 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:37:28.0605 3580 WbioSrvc - ok
07:37:28.0614 3580 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:37:28.0622 3580 wcncsvc - ok
07:37:28.0625 3580 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:37:28.0630 3580 WcsPlugInService - ok
07:37:28.0635 3580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:37:28.0640 3580 Wd - ok
07:37:28.0655 3580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:37:28.0667 3580 Wdf01000 - ok
07:37:28.0671 3580 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:37:28.0677 3580 WdiServiceHost - ok
07:37:28.0678 3580 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:37:28.0680 3580 WdiSystemHost - ok
07:37:28.0687 3580 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:37:28.0694 3580 WebClient - ok
07:37:28.0701 3580 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:37:28.0709 3580 Wecsvc - ok
07:37:28.0712 3580 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:37:28.0714 3580 wercplsupport - ok
07:37:28.0718 3580 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:37:28.0719 3580 WerSvc - ok
07:37:28.0724 3580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:37:28.0728 3580 WfpLwf - ok
07:37:28.0731 3580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:37:28.0736 3580 WIMMount - ok
07:37:28.0738 3580 WinDefend - ok
07:37:28.0742 3580 WinHttpAutoProxySvc - ok
07:37:28.0752 3580 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:37:28.0759 3580 Winmgmt - ok
07:37:28.0800 3580 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:37:28.0822 3580 WinRM - ok
07:37:28.0844 3580 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:37:28.0848 3580 WinUsb - ok
07:37:28.0867 3580 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:37:28.0881 3580 Wlansvc - ok
07:37:28.0928 3580 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:37:28.0937 3580 wlidsvc - ok
07:37:28.0954 3580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:37:28.0955 3580 WmiAcpi - ok
07:37:28.0965 3580 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:37:28.0972 3580 wmiApSrv - ok
07:37:28.0974 3580 WMPNetworkSvc - ok
07:37:28.0977 3580 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:37:28.0982 3580 WPCSvc - ok
07:37:28.0986 3580 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:37:28.0992 3580 WPDBusEnum - ok
07:37:28.0995 3580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:37:29.0000 3580 ws2ifsl - ok
07:37:29.0004 3580 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
07:37:29.0010 3580 wscsvc - ok
07:37:29.0011 3580 WSearch - ok
07:37:29.0060 3580 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:37:29.0077 3580 wuauserv - ok
07:37:29.0097 3580 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:37:29.0103 3580 WudfPf - ok
07:37:29.0109 3580 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:37:29.0116 3580 WUDFRd - ok
07:37:29.0120 3580 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:37:29.0125 3580 wudfsvc - ok
07:37:29.0132 3580 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:37:29.0139 3580 WwanSvc - ok
07:37:29.0161 3580 X6va005 - ok
07:37:29.0179 3580 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
07:37:29.0191 3580 xnacc - ok
07:37:29.0195 3580 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
07:37:29.0200 3580 xusb21 - ok
07:37:29.0203 3580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:37:29.0206 3580 \Device\Harddisk0\DR0 - ok
07:37:29.0207 3580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
07:37:29.0208 3580 \Device\Harddisk1\DR1 - ok
07:37:29.0216 3580 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
07:37:29.0251 3580 \Device\Harddisk2\DR2 - ok
07:37:29.0253 3580 Boot (0x1200) (bf75f26e1a7a2e6193b2c289c995184c) \Device\Harddisk0\DR0\Partition0
07:37:29.0253 3580 \Device\Harddisk0\DR0\Partition0 - ok
07:37:29.0255 3580 Boot (0x1200) (914f587f8ea0fd5d8a03ecc69675cb06) \Device\Harddisk0\DR0\Partition1
07:37:29.0256 3580 \Device\Harddisk0\DR0\Partition1 - ok
07:37:29.0257 3580 Boot (0x1200) (5f19bd892e472c3143c5fd665091962e) \Device\Harddisk1\DR1\Partition0
07:37:29.0258 3580 \Device\Harddisk1\DR1\Partition0 - ok
07:37:29.0259 3580 Boot (0x1200) (fca55b292e1f4c0140cd6e70ea77bf6b) \Device\Harddisk2\DR2\Partition0
07:37:29.0260 3580 \Device\Harddisk2\DR2\Partition0 - ok
07:37:29.0270 3580 Boot (0x1200) (8192b4c6881738fb2d8fa8ff6f1415d4) \Device\Harddisk2\DR2\Partition1
07:37:29.0271 3580 \Device\Harddisk2\DR2\Partition1 - ok
07:37:29.0271 3580 ============================================================
07:37:29.0271 3580 Scan finished
07:37:29.0271 3580 ============================================================
07:37:29.0276 5224 Detected object count: 0
07:37:29.0276 5224 Actual detected object count: 0
asaguda
Active Member
 
Posts: 9
Joined: January 12th, 2008, 4:07 pm

Re: Suspected infections

Unread postby asaguda » May 15th, 2012, 1:55 am

And now the OTL logs..

OTL logfile created on: 2012-05-15 07:40:35 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Dicey\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

6,00 Gb Total Physical Memory | 3,66 Gb Available Physical Memory | 61,07% Memory free
12,00 Gb Paging File | 9,35 Gb Available in Paging File | 77,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,00 Gb Total Space | 10,85 Gb Free Space | 21,70% Space Free | Partition Type: NTFS
Drive D: | 99,05 Gb Total Space | 18,81 Gb Free Space | 18,99% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 16,00 Gb Free Space | 10,73% Space Free | Partition Type: NTFS
Drive F: | 465,66 Gb Total Space | 265,04 Gb Free Space | 56,92% Space Free | Partition Type: NTFS

Computer Name: DICETAS | User Name: Dicey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dicey\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Program\ZoneAlarm\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - F:\Program\ZoneAlarm\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - D:\Furcadia\furc_on.exe (Dragon's Eye Productions, Inc.)
PRC - F:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - F:\Program\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - E:\Steam\Steam.exe (Valve Corporation)
PRC - F:\Program\Apache2.2\bin\httpd.exe (Apache Software Foundation)
PRC - F:\Program\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - F:\Program\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - F:\Program\MSI Afterburner\MSIAfterburner.exe ()
PRC - F:\Program\Last.fm\LastFM.exe (Last.fm)
PRC - F:\Program\No-IP\DUC30.exe ()
PRC - F:\Program\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
PRC - F:\Program\Spybot\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - F:\Program\Mozilla Firefox\mozjs.dll ()
MOD - E:\Steam\bin\libcef.dll ()
MOD - E:\Steam\bin\mssvoice.asi ()
MOD - E:\Steam\bin\mssmp3.asi ()
MOD - E:\Steam\bin\chromehtml.dll ()
MOD - E:\Steam\bin\avutil-51.dll ()
MOD - E:\Steam\bin\avformat-53.dll ()
MOD - E:\Steam\bin\avcodec-53.dll ()
MOD - F:\Program\Winamp\System\jnetlib.w5s ()
MOD - F:\Program\Winamp\Plugins\gen_ml.dll ()
MOD - F:\Program\Winamp\Plugins\in_wm.dll ()
MOD - F:\Program\Winamp\Plugins\ml_local.dll ()
MOD - F:\Program\Winamp\Plugins\in_mp3.dll ()
MOD - F:\Program\Winamp\Plugins\in_vorbis.dll ()
MOD - F:\Program\Winamp\Plugins\ml_devices.dll ()
MOD - F:\Program\Winamp\Plugins\ml_pmp.dll ()
MOD - F:\Program\Winamp\System\auth.w5s ()
MOD - F:\Program\Winamp\Plugins\in_mod.dll ()
MOD - F:\Program\Winamp\System\jpeg.w5s ()
MOD - F:\Program\Winamp\Plugins\in_midi.dll ()
MOD - F:\Program\Winamp\System\png.w5s ()
MOD - F:\Program\Winamp\Plugins\in_cdda.dll ()
MOD - F:\Program\Winamp\System\xml.w5s ()
MOD - F:\Program\Winamp\System\playlist.w5s ()
MOD - F:\Program\Winamp\tataki.dll ()
MOD - F:\Program\Winamp\Plugins\ml_playlists.dll ()
MOD - F:\Program\Winamp\Plugins\in_flac.dll ()
MOD - F:\Program\Winamp\Plugins\in_mp4.dll ()
MOD - F:\Program\Winamp\Plugins\out_ds.dll ()
MOD - F:\Program\Winamp\zlib.dll ()
MOD - F:\Program\Winamp\System\devices.w5s ()
MOD - F:\Program\Winamp\System\timer.w5s ()
MOD - F:\Program\Winamp\Plugins\ml_autotag.dll ()
MOD - F:\Program\Winamp\System\albumart.w5s ()
MOD - F:\Program\Winamp\Plugins\out_disk.dll ()
MOD - F:\Program\Winamp\System\tagz.w5s ()
MOD - F:\Program\Winamp\Plugins\pmp_njb.dll ()
MOD - F:\Program\Winamp\System\gif.w5s ()
MOD - F:\Program\Winamp\System\bmp.w5s ()
MOD - F:\Program\Winamp\Plugins\out_wave.dll ()
MOD - F:\Program\Winamp\Plugins\in_wave.dll ()
MOD - F:\Program\Winamp\System\dlmgr.w5s ()
MOD - F:\Program\Winamp\System\gracenote.w5s ()
MOD - F:\Program\Winamp\System\filereader.w5s ()
MOD - F:\Program\Winamp\Plugins\gen_ff.dll ()
MOD - F:\Program\Winamp\nsutil.dll ()
MOD - F:\Program\Winamp\Plugins\freeform\wacs\freetype\freetype.wac ()
MOD - F:\Program\Winamp\libsndfile.dll ()
MOD - F:\Program\Winamp\nde.dll ()
MOD - F:\Program\Winamp\Plugins\gen_hotkeys.dll ()
MOD - F:\Program\TortoiseSVN\bin\libsasl32.dll ()
MOD - F:\Program\Yahoo!\Messenger\yui.dll ()
MOD - F:\Program\Yahoo!\Messenger\pcre.dll ()
MOD - F:\Program\WinPatrol\sqlite3.dll ()
MOD - F:\Program\MSI Afterburner\MSIAfterburner.exe ()
MOD - F:\Program\MSI Afterburner\RTMUI.dll ()
MOD - F:\Program\MSI Afterburner\RTHAL.dll ()
MOD - F:\Program\MSI Afterburner\RTCore.dll ()
MOD - F:\Program\MSI Afterburner\RTUI.dll ()
MOD - F:\Program\MSI Afterburner\RTFC.dll ()
MOD - F:\Program\Last.fm\srv_rtaudioplayback.dll ()
MOD - F:\Program\Last.fm\ext_messengernotify.dll ()
MOD - F:\Program\Last.fm\ext_skypenotify.dll ()
MOD - F:\Program\Last.fm\srv_madtranscode.dll ()
MOD - F:\Program\Last.fm\srv_httpinput.dll ()
MOD - F:\Program\Last.fm\LastFmFingerprint1.dll ()
MOD - F:\Program\Last.fm\breakpad.dll ()
MOD - F:\Program\Last.fm\Moose1.dll ()
MOD - F:\Program\Last.fm\LastFmTools1.dll ()
MOD - F:\Program\Last.fm\libfftw3f-3.dll ()
MOD - F:\Program\Last.fm\zlibwapi.dll ()
MOD - F:\Program\MSI Afterburner\RTTSH.dll ()
MOD - F:\Program\No-IP\DUC30.exe ()
MOD - F:\Program\Last.fm\QtNetwork4.dll ()
MOD - F:\Program\Last.fm\QtSql4.dll ()
MOD - F:\Program\Last.fm\QtGui4.dll ()
MOD - F:\Program\Last.fm\QtXml4.dll ()
MOD - F:\Program\Last.fm\QtCore4.dll ()
MOD - F:\Program\Last.fm\imageformats\qmng4.dll ()
MOD - F:\Program\Last.fm\imageformats\qgif4.dll ()
MOD - F:\Program\Last.fm\imageformats\qjpeg4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (vsmon) -- F:\Program\ZoneAlarm\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- F:\Program\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Apache2.2) -- F:\Program\Apache2.2\bin\httpd.exe (Apache Software Foundation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- F:\Program\Spybot\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CTUPnPSv) -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (CTDevice_Srv) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\SteelBus64.sys (SteelSeries Corporation)
DRV:64bit: - (SAlphamHid) -- C:\Windows\SysNative\drivers\SAlpham64.sys (SteelSeries Corporation)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)
DRV:64bit: - (SaiK0CCB) -- C:\Windows\SysNative\drivers\SaiK0CCB.sys (Saitek)
DRV:64bit: - (SaiU0CCB) -- C:\Windows\SysNative\drivers\SaiU0CCB.sys (Saitek)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (SaiK0728) -- C:\Windows\SysNative\drivers\SaiK0728.sys (Saitek)
DRV - (SecDrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS (Macrovision Europe Ltd)
DRV - (RTCore64) -- F:\Program\MSI Afterburner\RTCore64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-844620092-437053476-3928910320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vindictus.nexoneu.com/
IE - HKU\S-1-5-21-844620092-437053476-3928910320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-844620092-437053476-3928910320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKU\S-1-5-21-844620092-437053476-3928910320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 05 50 A1 F6 BE CB 01 [binary data]
IE - HKU\S-1-5-21-844620092-437053476-3928910320-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-844620092-437053476-3928910320-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-844620092-437053476-3928910320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.youtube.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program\Java64\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program\Java32\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files (x86)\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012-05-12 15:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ekort@orbiscom: F:\Program\ekort [2011-04-20 15:10:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012-05-12 15:41:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: F:\Program\Mozilla Firefox\components [2012-05-04 02:38:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: F:\Program\Mozilla Firefox\plugins [2012-01-07 17:27:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: F:\Program\Mozilla Thunderbird\components [2012-05-14 17:27:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: F:\Program\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: F:\Program\Mozilla Firefox\components [2012-05-04 02:38:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: F:\Program\Mozilla Firefox\plugins [2012-01-07 17:27:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Components: F:\Program\Mozilla Thunderbird\components [2012-05-14 17:27:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Plugins: F:\Program\Mozilla Thunderbird\plugins

[2011-10-03 23:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dicey\AppData\Roaming\Mozilla\Extensions
[2011-01-15 17:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dicey\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011-10-03 23:17:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dicey\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
[2012-05-03 01:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dicey\AppData\Roaming\Mozilla\Firefox\Profiles\ue9c6u84.default\extensions
[2012-04-08 13:56:13 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Dicey\AppData\Roaming\Mozilla\Firefox\Profiles\ue9c6u84.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012-02-26 22:53:14 | 000,028,481 | ---- | M] () (No name found) -- C:\USERS\DICEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UE9C6U84.DEFAULT\EXTENSIONS\{258735DC-6743-4805-95FC-F95941FFFDAD}.XPI

O1 HOSTS File: ([2012-05-08 13:49:56 | 000,442,850 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15214 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program\Java64\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program\Java64\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program\Java32\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - F:\Program\ekort\EKortHelper.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program\Java32\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - F:\Program\ekort\EKortToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKU\S-1-5-21-844620092-437053476-3928910320-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-844620092-437053476-3928910320-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4:64bit: - HKLM..\Run: [SteelSeries Engine] F:\Program\SteelSeries Engine\SteelSeriesEngine.exe ()
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] F:\Program\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm] F:\Program\ZoneAlarm\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-844620092-437053476-3928910320-1000..\Run: [Messenger (Yahoo!)] F:\Program\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-844620092-437053476-3928910320-1000..\Run: [SpybotSD TeaTimer] F:\Program\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-844620092-437053476-3928910320-1000..\Run: [Steam] E:\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Dicey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Furcadia Pounce.lnk = D:\Furcadia\furc_on.exe (Dragon's Eye Productions, Inc.)
O4 - Startup: C:\Users\Dicey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk = F:\Program\No-IP\DUC30.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/ ... dtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.150.193.150 83.255.245.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C22C32AB-2CD0-4151-9FA6-FF34D49D5F22}: DhcpNameServer = 193.150.193.150 83.255.245.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4734c3a8-20aa-11e0-a1d5-6cf049e42fa1}\Shell - "" = AutoRun
O33 - MountPoints2\{4734c3a8-20aa-11e0-a1d5-6cf049e42fa1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-05-15 07:34:18 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Dicey\Desktop\OTL.exe
[2012-05-15 07:34:08 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dicey\Desktop\tdsskiller.exe
[2012-05-12 15:40:49 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2012-05-12 15:40:49 | 000,011,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl2.sys
[2012-05-12 15:40:48 | 000,485,680 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012-05-12 15:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012-05-12 11:26:44 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012-05-12 11:26:42 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-05-12 11:26:41 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-05-12 11:26:41 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-05-10 07:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012-05-10 07:45:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Dicey\Desktop\dds.scr
[2012-05-09 13:59:16 | 000,000,000 | ---D | C] -- C:\Users\Dicey\Documents\My Kindle Content
[2012-05-09 13:59:09 | 000,000,000 | ---D | C] -- C:\Users\Dicey\AppData\Local\Amazon
[2012-04-27 02:44:49 | 000,000,000 | ---D | C] -- C:\Users\Dicey\AppData\Local\SniperV2 Demo
[2012-04-26 09:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012-04-25 10:13:32 | 000,000,000 | ---D | C] -- C:\Users\Dicey\Documents\Guild Wars 2
[2012-04-19 23:52:18 | 000,000,000 | ---D | C] -- C:\Users\Dicey\AppData\Local\Windows Live
[2012-04-19 23:51:56 | 000,000,000 | ---D | C] -- C:\Users\Dicey\AppData\Local\{967F5546-DEB6-4A5A-BF17-12EFC67FD3C1}
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-05-15 07:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-05-15 07:36:33 | 000,006,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-05-15 07:36:33 | 000,006,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-05-15 07:34:19 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Dicey\Desktop\OTL.exe
[2012-05-15 07:34:11 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dicey\Desktop\tdsskiller.exe
[2012-05-15 07:29:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-05-12 15:46:29 | 000,415,915 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012-05-12 14:01:08 | 000,364,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-05-10 07:45:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Dicey\Desktop\dds.scr
[2012-05-08 13:49:56 | 000,442,850 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-04-15 19:04:55 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012-04-15 19:04:55 | 000,283,416 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-05-09 15:40:30 | 000,006,800 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-05-09 15:40:30 | 000,006,800 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-04-03 03:44:10 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-04-03 03:44:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-03-10 14:32:22 | 000,000,093 | ---- | C] () -- C:\Users\Dicey\AppData\Local\fusioncache.dat
[2012-03-10 14:29:53 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012-02-25 16:24:33 | 000,075,031 | ---- | C] () -- C:\Users\Dicey\AppData\Roaming\icarus-dxdiag.xml
[2012-02-15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-02-15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011-11-23 08:35:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ealtest.exe
[2011-11-01 05:56:40 | 000,054,694 | ---- | C] () -- C:\Windows\SysWow64\pthreadGC.dll
[2011-11-01 01:54:07 | 000,000,424 | ---- | C] () -- C:\Windows\QIII.INI
[2011-09-28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-09-13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-05-13 22:56:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-05-13 22:22:54 | 000,495,104 | ---- | C] () -- C:\Windows\lame_enc.dll
[2011-05-05 01:28:10 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011-04-24 22:55:15 | 000,026,624 | ---- | C] () -- C:\Users\Dicey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-20 15:10:44 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\OBroker.exe
[2011-03-17 12:34:01 | 000,000,980 | ---- | C] () -- C:\Windows\eReg.dat
[2011-01-31 00:30:59 | 000,007,605 | ---- | C] () -- C:\Users\Dicey\AppData\Local\Resmon.ResmonCfg
[2011-01-16 00:36:42 | 000,005,370 | ---- | C] () -- C:\Users\Dicey\AppData\Local\Temp5.html
[2011-01-16 00:36:06 | 000,001,667 | ---- | C] () -- C:\Users\Dicey\AppData\Local\Temp1.html
[2011-01-15 16:28:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-06-25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

< End of report >

OTL Extras logfile created on: 2012-05-15 07:40:35 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Dicey\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041D | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

6,00 Gb Total Physical Memory | 3,66 Gb Available Physical Memory | 61,07% Memory free
12,00 Gb Paging File | 9,35 Gb Available in Paging File | 77,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 50,00 Gb Total Space | 10,85 Gb Free Space | 21,70% Space Free | Partition Type: NTFS
Drive D: | 99,05 Gb Total Space | 18,81 Gb Free Space | 18,99% Space Free | Partition Type: NTFS
Drive E: | 149,05 Gb Total Space | 16,00 Gb Free Space | 10,73% Space Free | Partition Type: NTFS
Drive F: | 465,66 Gb Total Space | 265,04 Gb Free Space | 56,92% Space Free | Partition Type: NTFS

Computer Name: DICETAS | User Name: Dicey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-844620092-437053476-3928910320-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "F:\Program\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "F:\Program\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33E5E148-D855-4D11-B48D-B468AC2431D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{76272F57-DA6E-497A-A358-89931259EA7E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80652A81-BCB8-420E-B514-4F76FDC76EA0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E0BA78-A8C7-4F36-8530-B10856268C7D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{02FBA1B3-23F4-4AA6-A81E-193CD10924D0}" = protocol=17 | dir=in | app=d:\assassin's creed revelations\acrmp.exe |
"{047AAB5C-9291-42F2-8420-AB56B264FFA5}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{109A2403-0121-4520-AAC4-15D2BF6FFA2D}" = protocol=6 | dir=in | app=d:\assassin's creed revelations\acrmp.exe |
"{12469E8E-ED36-44FC-86C1-A705BDDEB31F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\portal 2\portal2.exe |
"{16F9A2BF-40F9-4619-A62F-136314C340CC}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{17153628-AD95-4BE2-9D3B-3813B6671ECA}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{1C16F502-9100-4148-B403-6E775C55A1FF}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\the last remnant\binaries\tlr.exe |
"{1ED26AFA-1546-4C08-A2EC-E253E1EC2541}" = protocol=17 | dir=in | app=e:\steam\steamapps\asaguda\counter-strike source\hl2.exe |
"{1FDAC374-929A-4245-8176-AD5FCD41D950}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{20A2F849-7109-463B-A0D2-0EF060EBEF80}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\alien swarm\srcds.exe |
"{2376CCE0-385F-4198-B2FC-63E0D440B08D}" = protocol=6 | dir=in | app=e:\steam\steamapps\asaguda\garrysmod\hl2.exe |
"{27AA5396-FA58-447C-AD03-EB02C7B53655}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\recettear\recettear.exe |
"{2D89D541-2B14-4A7D-B677-5882D596182F}" = protocol=6 | dir=in | app=e:\steam\steamapps\asaguda\source sdk base 2007\hl2.exe |
"{2DD5E4FD-8E65-44F4-9D6D-E1ECC74F2524}" = protocol=17 | dir=in | app=d:\assassin's creed brotherhood\uplaybrowser.exe |
"{2E2675DD-8C3A-49D0-AC93-BC19F468E7E3}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\hoard\win32\reuben.exe |
"{2E604135-13D7-43E5-B7F6-583A92437A5E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{31830CB8-1C7C-4A91-8172-03390F1F2B3A}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{323F408D-C166-4C27-8501-28DA6C347297}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\recettear\recettear.exe |
"{362677B5-4AAD-42AF-A4A8-F7022F20AB39}" = protocol=6 | dir=in | app=f:\program\avg\avgmfapx.exe |
"{37D9C36C-9541-4C1C-AF8B-17EC9E0927CD}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\might and magic clash of heroes\clashofheroes.exe |
"{390C870F-8B1E-42B0-A17D-695292FC877E}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{396398B5-8F45-42BC-A731-A2EAE8F1A8BE}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{3963D6D4-63E7-4615-A704-EC23FA944515}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{399564AA-3248-47B8-8CF4-1A7C5EFE9924}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutparadise.exe |
"{3B382D56-E521-4A7F-9017-198F65D37CF5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{3CCE89F8-22B2-42DF-B4FE-F66F2C41C8E6}" = protocol=6 | dir=in | app=d:\assassin's creed revelations\acrsp.exe |
"{3DB3C9C4-A639-41C4-96E3-F28313888253}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{3FC2AF4D-20DD-43F3-BABB-78A3A24987E2}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\sword of the stars complete collection\sword of the stars.exe |
"{4054E7A3-09D1-4EB1-B02E-208771C64386}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\the last remnant\binaries\tlr.exe |
"{41618D51-DCB8-4785-998B-0CF431B063EB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{41DD3A3E-D3BC-40E0-A987-E0B642D1BB30}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\hoard\win32\reuben.exe |
"{459B38CC-63B4-4B1B-87A1-BEE93B0CFA4F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{46D88F91-B9D6-4CAE-80E8-8B1D522AF776}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{47115D5C-F117-482B-A3A9-6F5A474F5FF9}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{4974D171-98FB-43EE-8FD2-DFAD463B67C7}" = dir=in | app=f:\program\skype\phone\skype.exe |
"{49DD62E7-6054-4CB3-BC57-B30FF71E4EF1}" = protocol=6 | dir=in | app=d:\assassin's creed brotherhood\acbsp.exe |
"{4D545388-ACE3-4C76-AA1F-5ACBA2F96072}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DBD6CB7-3FC1-4EB9-95D2-6C07A7521576}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{5537379A-D4F5-457C-924B-DDFF72AF3148}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{579C5AE4-54AA-40E6-B5B5-12B32F0A8439}" = protocol=6 | dir=in | app=d:\assassin's creed brotherhood\uplaybrowser.exe |
"{57E99259-A4F5-44D7-B91D-0B3E03617464}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{581588B0-A79C-435D-B9E7-3385A8FB2A7D}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{58E884CD-3C4E-463A-B123-1F3D5856B6FA}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{59ED9114-1609-40E5-950B-92795060CC08}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\pirates of black cove\bin\x86\dx9\blackcove.exe |
"{5C52566D-584E-4F33-87A9-C67D488E9D60}" = protocol=17 | dir=in | app=d:\assassin's creed revelations\acrsp.exe |
"{5D3CEC97-67DB-4EC8-A79F-A002991A8B2E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{621FE6FF-106A-401D-B004-B00A5F9FE04F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{63C968D5-8AB6-482E-8E9F-9267EE636AB7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\recettear\custom.exe |
"{6581AC69-985C-4531-846A-F0F53AF5CB00}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{67E7E882-E42C-470D-BD05-E5CE7EF2697B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{6A1F5323-C56C-446D-B606-B04B06C6FD93}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6BA91FFF-8C77-4C43-9A39-694659B1C438}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{6C60677C-0105-483C-8BBE-B08116967BAE}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\burnout(tm) paradise the ultimate box\burnoutconfigtool.exe |
"{6C8D310F-C73D-42E3-B35F-A66388B11EFD}" = protocol=6 | dir=in | app=f:\program\yahoo!\messenger\yahoomessenger.exe |
"{6F6B4F24-38BD-4B8F-88E1-9EFB9A8E9DE3}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{711AB980-591A-4AEE-8F79-3DD7A4F83DB5}" = protocol=17 | dir=in | app=d:\assassin's creed brotherhood\acbmp.exe |
"{722EF865-0623-4A66-8FC4-D02A8A55BE15}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\cubemen\cubemen.exe |
"{729A2EDF-8B78-48C0-922E-3BD03AA3C1DC}" = protocol=17 | dir=in | app=d:\assassin's creed revelations\assassinscreedrevelations.exe |
"{731408DC-58BE-4071-8214-45E92F8190E6}" = protocol=17 | dir=in | app=e:\steam\steamapps\asaguda\source sdk base 2007\hl2.exe |
"{738AD17E-6D09-40CC-844D-443A0C6C95A8}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{77A883C2-E47E-4B3B-BB3F-7378FCEAC541}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7862CF27-F651-491C-8956-B65670C13C8F}" = protocol=17 | dir=in | app=f:\program\yahoo!\messenger\yahoomessenger.exe |
"{7EAFC75C-A38D-4F45-B9C8-B0A8AAA9E55F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{821094C7-4571-4F19-8D54-EEA9FB6ADC1C}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{8303A38F-3A11-4BE6-9BFF-8B669DA41A71}" = protocol=6 | dir=in | app=d:\vindictus eu\en-eu\nmservice.exe |
"{831646FC-DA4D-406A-8826-C1608C764F7F}" = protocol=6 | dir=in | app=d:\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{83E9DB77-6C2A-4E20-B57B-4ECBDB0BCE4E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{87767F48-D598-48E7-8D6F-A05C9387BA03}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dino d-day\srcds.exe |
"{8A223769-2D59-4A0B-9D10-394452264A7B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\orion dino beatdown\binaries\win32\udk.exe |
"{8E2046AE-B50A-426E-A92F-D9705C3CFE89}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\orion dino beatdown\binaries\win32\udk.exe |
"{8E44E5BA-2BD2-4C05-83ED-8AD77429C608}" = protocol=6 | dir=in | app=d:\assassin's creed brotherhood\acbmp.exe |
"{93BED7A6-E9EE-474B-BEE8-FA430525C45C}" = protocol=17 | dir=in | app=e:\steam\steamapps\asaguda\garrysmod\hl2.exe |
"{944CAEF9-0699-4B68-AA39-8767E91CB4FD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{94AD821C-F026-45E8-B400-FCFFAC1E663B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |
"{95E4220F-0AC2-4D94-B91A-BF99CE8D69A7}" = protocol=6 | dir=in | app=f:\bnet\new folder\diablo iii beta\diablo iii.exe |
"{97535272-7DF2-4CB2-8E77-FB5C34DFBAD0}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{98F1DE7E-4CA0-4E32-B17D-8031563D699F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\shoot many robots\shootmanyrobots\binaries\shootmanyrobots.exe |
"{99A1410D-CE1F-4378-924D-37FB78EF4292}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{9A35969B-7444-4204-AFD5-2F11039F2593}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\alien swarm\srcds.exe |
"{9A9C4F00-8718-48BC-BC96-4FE13A8017DA}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{9E3E711A-B088-424D-B8CA-6254785BC45F}" = protocol=17 | dir=in | app=d:\vindictus eu\en-eu\nmservice.exe |
"{9EF9547E-C173-40DB-9F37-168036A27E87}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{9F6A1630-0BAD-46D1-A6B4-A66DC28374B2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A199E06E-4F13-46C9-8606-A181BF930D40}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{A3B1ED66-58E7-4056-89B7-7177565D85BC}" = protocol=6 | dir=in | app=d:\origin\spel\mass effect 3\binaries\win32\masseffect3.exe |
"{A3E2FAA9-3DBC-43A8-97FF-70425D4FDE34}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{A46625C2-07F9-420A-B486-5D5188875353}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{A6DE3D8E-9251-42E7-A12C-660C49B12260}" = protocol=17 | dir=in | app=d:\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{A96F9D79-4380-4772-A934-8B89115F5FCE}" = protocol=17 | dir=in | app=d:\origin\spel\mass effect 3\binaries\win32\masseffect3.exe |
"{A97ED646-68F1-4C35-B06B-428B35FF0BA0}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\flatout2\flatout2.exe |
"{AB81EE2B-5D2E-4726-BD17-743F22EBC9EF}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\the binding of isaac\binding_of_isaac.exe |
"{AD65C076-A05B-409C-A944-37DBB8B9C777}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{ADCC3557-5E94-48B3-BBB8-31C43D2B460D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{ADFDB96C-FA7E-457D-85FC-9B256493D3B5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\pirates of black cove\bin\x86\dx9\blackcove.exe |
"{AEFAC332-D357-4322-A35C-1EEC6147B626}" = protocol=17 | dir=in | app=d:\assassin's creed brotherhood\acbsp.exe |
"{B07C2396-D861-4D09-A87D-4AC9F9B5A245}" = protocol=6 | dir=in | app=d:\assassin's creed revelations\assassinscreedrevelations.exe |
"{B65985DB-D91B-4D12-9CC5-FA1240978CF4}" = protocol=17 | dir=in | app=f:\program\avg\avgmfapx.exe |
"{B9E27835-6288-45DF-89F7-B2E0EFCC8952}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{BC9D7979-9E1F-4A9F-953D-725C928C9896}" = protocol=6 | dir=in | app=e:\steam\steamapps\asaguda\counter-strike source\hl2.exe |
"{BCAF9590-9269-4191-9F06-F007E53EE400}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{BD91A714-B9B5-4EEC-AD91-65846475AE46}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\recettear\custom.exe |
"{BD95E293-7429-45CD-A8B2-16600353CAD0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BFE0CC47-8E83-4AAD-935E-3F9C952CC29F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{C60AC0D3-C047-468B-968E-E9222765DBF5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C77A5AA8-63CB-4F98-9443-205D525ACDFF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CA583C34-2098-4FBD-9643-B7EF19BBD69B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{D0262B00-3B1B-40CE-A95C-8DB1DCB361C5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{D22C3D9B-B2D6-423B-9F85-29B00D5DC036}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\the scourge project ep 1 - 2\binaries\win32\scourgegame.exe |
"{D2CDE503-F6FC-4DC9-BECC-C6FFF093F6F2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D4D6BB05-F291-4186-B65E-8A72C23A4805}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\saints row the third\saintsrowthethird.exe |
"{D8E2FF8F-F53B-4CAE-BB6C-C163AEBE9AF8}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\portal 2\portal2.exe |
"{DB70B00B-EC2B-44D2-9EB2-863F1C49E211}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\sword of the stars complete collection\sword of the stars.exe |
"{DC657D0B-D6CD-476C-AAF9-400A102E1A6F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\might and magic clash of heroes\clashofheroes.exe |
"{DEE26CE4-56EC-4B03-8C68-8B5715419503}" = protocol=17 | dir=in | app=f:\bnet\new folder\diablo iii beta\diablo iii.exe |
"{E0409DB5-BBBB-4477-B6AB-3D9B579FE8B0}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{E67BDF32-B57B-4446-B893-DEF57DDE8F53}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\burnout(tm) paradise the ultimate box\support\ea help\electronic_arts_technical_support.htm |
"{E71F1BBF-86FC-4445-9308-89D7F7476C26}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{E7495987-EFB7-4348-930D-20CE59087987}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\the binding of isaac\binding_of_isaac.exe |
"{E7DCF2F1-9C33-424E-96DA-D745565FA817}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\saints row the third\game_launcher.exe |
"{E85FD912-B212-492D-8A11-49B2B97B7333}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\saints row the third\game_launcher.exe |
"{E93242B5-27D2-4AA5-A5D6-A7176095F89F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{E9EB5E03-4477-4E51-B4A3-C95CEDC95494}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\shoot many robots\shootmanyrobots\binaries\shootmanyrobots.exe |
"{EC1442E7-7C9E-490D-BE27-4E476FFDCEC3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EED20315-7118-451F-8EE5-4EEE04E08F9F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{EEDA1972-99D3-45CC-9A7F-88B56A0E5A80}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\flatout2\flatout2.exe |
"{F2E7B9BA-D6AA-4B6C-BF38-DF3BA0CEC75B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{F3B676C5-CA27-4799-A44E-C5DE5C19BC67}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{F4F59CFB-0474-4014-A376-EC7F60D1DD24}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dino d-day\srcds.exe |
"{F6016DD1-F245-49EE-9455-3CC7839404EC}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\the scourge project ep 1 - 2\binaries\win32\scourgegame.exe |
"{F693C27A-F408-4C82-AF65-EF92ABEE8653}" = protocol=17 | dir=in | app=d:\origin\spel\kingdoms of amalur reckoning\reckoning.exe |
"{F96D75A5-1863-4AD0-B42C-4A1F2AC4FDF9}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{F9F9A76B-4033-4134-AB92-9DB1ECA58E1A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |
"{FB74F4AA-0CCA-4657-99CB-1D438C5ABC40}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\cubemen\cubemen.exe |
"{FBE09E16-CA88-4CBF-A27F-DF72850911BB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{FC334274-CDF5-4F64-AA03-482E8C24FBCA}" = protocol=6 | dir=in | app=d:\origin\spel\kingdoms of amalur reckoning\reckoning.exe |
"{FDE5379D-FBE1-4CE9-B0E3-FB7CD58491F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{268741E5-3FA1-48F1-87DF-5B4CF31D8F1C}E:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{3ED25244-BEB2-4397-A4F9-E42FF836F5AC}D:\world of tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\world of tanks\worldoftanks.exe |
"TCP Query User{7DAAD81B-836E-4230-A211-B7D2D73EA074}E:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{94DF804C-E5CA-455A-AA95-AD9B30296763}E:\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{C4FBED4B-ADD0-4959-9D01-E30DDE8B46AD}D:\ioquake3\ioquake3.x86.exe" = protocol=6 | dir=in | app=d:\ioquake3\ioquake3.x86.exe |
"TCP Query User{D90D695B-6D27-4EE4-8965-FDA853DA4C8B}C:\users\dicey\desktop\spel\mw2\mw2sa.exe" = protocol=6 | dir=in | app=c:\users\dicey\desktop\spel\mw2\mw2sa.exe |
"UDP Query User{842F046E-5C49-4F3B-A32B-30D117694947}C:\users\dicey\desktop\spel\mw2\mw2sa.exe" = protocol=17 | dir=in | app=c:\users\dicey\desktop\spel\mw2\mw2sa.exe |
"UDP Query User{95ACDA82-201B-4BCE-85E6-9D64D3A0368C}E:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{C62ED3D1-B5FE-4E20-8090-76A8FFB4E6A9}D:\world of tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\world of tanks\worldoftanks.exe |
"UDP Query User{EC2A9C0E-5D41-4FE9-AF69-8A5E04D18FD9}E:\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{F4E7CD2C-C219-4867-8BA0-4D2D9DB62E3F}D:\ioquake3\ioquake3.x86.exe" = protocol=17 | dir=in | app=d:\ioquake3\ioquake3.x86.exe |
"UDP Query User{FFA7F4DB-FE77-4A6E-9915-DA84316CA4A9}E:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{34280DB1-8558-4709-AB7E-62A572C03355}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B1FBB92-6C47-4B2A-8778-67128C6788FF}" = TortoiseSVN 1.7.2.22327 (64 bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E1D2B72F-4A18-45C9-8A96-0DF8A20926C1}" = Smart Technology Programming Software 7.0.13.22
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"SteelSeries Engine" = SteelSeries Engine
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05696DBC-59F4-C274-F175-1E7546F05995}" = Application Profiles
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{10EBB586-D21E-60CA-0856-AA753EBE1F16}" = Application Profiles
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C9F128C-F465-488E-AC97-B42DCF90C9C1}" = Mumble 1.2.3
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks: update 0.7.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21F3F7EC-CD32-D678-63AD-305F556D7BC9}" = Application Profiles
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.02
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000028301}" = Fable III
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6B99E90E-2AC4-4D72-8D88-39030783172B}" = e-kort
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E01CA7-EB20-4CAC-8386-D9297450AF06}" = ZoneAlarm Firewall
"{75E9A522-65D2-4200-A95F-C3EF89703263}" = Lyrics Plugin for Winamp
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{801EFC7D-AA66-F889-030D-C96E99F884A4}" = Catalyst Control Center InstallProxy
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.22
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C007AE6-3F7D-41CC-AB7C-75C08C276EC8}_is1" = Grabber version 3.1.3
"{909E265A-037A-9177-248B-CF1B04D9DBB6}" = Application Profiles
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B44212D2-C9B1-062F-A5C4-6057FBC9FDD8}" = Application Profiles
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{BA9632CB-2B93-4FD6-905C-BB325CE1C4DD}" = e-kort
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{DCA75ECE-39A9-0648-CB77-F6D759364CF9}" = Application Profiles
"{DEAD48E5-E36C-431E-B83C-E61CE71AA13F}" = Livestream Procaster
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2F51864-7C2A-4524-AEA4-B40A4068459A}" = ZoneAlarm Antivirus
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F57FD7AF-DC0A-2E99-B850-9047DAB3F24C}" = Application Profiles
"{FA0964BB-FC33-4023-B8B2-CFC4CC8EAFCC}" = ZoneAlarm Security
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Afterburner" = MSI Afterburner 2.1.0
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Wonders 2_is1" = Age of Wonders 2
"AMIP" = AMIP (remove only)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Battle for Wesnoth 1.10.1" = Battle for Wesnoth 1.10.1
"CraftBukkit" = CraftBukkit
"Creative Centrale" = Creative Centrale
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fraps" = Fraps (remove only)
"Furcadia" = Furcadia
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"ImgBurn" = ImgBurn
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"IrfanView" = IrfanView (remove only)
"Knights and Merchants - The Peasants Rebellion_is1" = Knights and Merchants - The Peasants Rebellion
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"ManiaPlanet_is1" = ManiaPlanet
"NoIPDUC" = No-IP DUC
"Notepad++" = Notepad++
"NOX_is1" = NOX
"One Unit Whole Blood_is1" = One Unit Whole Blood
"OpenAL" = OpenAL
"Origin" = Origin
"Original War_is1" = Original War
"PunkBusterSvc" = PunkBuster Services
"RV House_is1" = RV House 0.93.4
"Sid Meier's Alpha Centauri_is1" = Sid Meier's Alpha Centauri
"StarCraft II" = StarCraft II
"Steam App 102600" = Orcs Must Die!
"Steam App 104900" = ORION: Dino Beatdown
"Steam App 105600" = Terraria
"Steam App 113400" = APB Reloaded
"Steam App 1250" = Killing Floor
"Steam App 200210" = Realm of the Mad God
"Steam App 207250" = Cubemen
"Steam App 23310" = The Last Remnant
"Steam App 24240" = PAYDAY: The Heist
"Steam App 24740" = Burnout Paradise: The Ultimate Box
"Steam App 2990" = FlatOut 2
"Steam App 4000" = Garry's Mod
"Steam App 4010" = Garry's Mod 13
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42890" = Sword of the Stars Complete Collection
"Steam App 48700" = Mount & Blade: Warband
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Steam App 55230" = Saints Row: The Third
"Steam App 61700" = Might and Magic: Clash of Heroes
"Steam App 620" = Portal 2
"Steam App 65800" = Dungeon Defenders
"Steam App 70400" = Recettear: An Item Shop's Tale
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 96400" = Shoot Many Robots
"Steam App 98200" = Frozen Synapse
"Steam App 98800" = Dungeons of Dredmor
"Sword of the Stars Demo" = Sword of the Stars Demo
"Total Annihilation - Commander Pack_is1" = Total Annihilation - Commander Pack
"Westwood Online_is1" = Westwood Online
"Winamp" = Winamp
"Vindictus EU" = Vindictus EU
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"VLC media player" = VLC media player 1.1.11
"Yahoo! Messenger" = Yahoo! Messenger
"ZENMozaicUG" = Creative ZEN Mozaic User's Guide
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-844620092-437053476-3928910320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 12.0 (x86 en-US)" = Mozilla Thunderbird 12.0 (x86 en-US)
"ShockWave 1.1" = ShockWave 1.1
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2012-05-13 15:57:01 | Computer Name = Dicetas | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4f6cfb24 Faulting module name: client.dll_unloaded, version: 0.0.0.0, time stamp:
0x4fad6c49 Exception code: 0xc0000005 Fault offset: 0x61e0c1b3 Faulting process id:
0x1588 Faulting application start time: 0x01cd3141fdc4af7f Faulting application path:
e:\steam\steamapps\asaguda\garry's mod beta\hl2.exe Faulting module path: client.dll
Report
Id: cd6e2f53-9d35-11e1-9cd4-6cf049e42fa1

Error - 2012-05-14 02:29:16 | Computer Name = Dicetas | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2012-05-14 02:29:16 | Computer Name = Dicetas | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 011
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2012-05-14 02:29:16 | Computer Name = Dicetas | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2012-05-14 02:29:16 | Computer Name = Dicetas | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 011
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2012-05-14 10:18:06 | Computer Name = Dicetas | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "f:\Program\Spybot\DelZip179.dll".Error
in manifest or policy file "f:\Program\Spybot\DelZip179.dll" on line 8. The value
"*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 2012-05-15 01:35:24 | Computer Name = Dicetas | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2012-05-15 01:35:24 | Computer Name = Dicetas | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 011
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2012-05-15 01:35:24 | Computer Name = Dicetas | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 009
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 2012-05-15 01:35:24 | Computer Name = Dicetas | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 011
language ID. The first DWORD in the Data section contains the Win32 error code.

[ System Events ]
Error - 2012-05-12 09:46:30 | Computer Name = Dicetas | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error %%1.

Error - 2012-05-12 09:46:32 | Computer Name = Dicetas | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2012-05-12 23:30:11 | Computer Name = Dicetas | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%2

Error - 2012-05-12 23:30:18 | Computer Name = Dicetas | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2012-05-13 14:26:27 | Computer Name = Dicetas | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 2012-05-14 02:23:17 | Computer Name = Dicetas | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%2

Error - 2012-05-14 02:23:23 | Computer Name = Dicetas | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 2012-05-14 12:32:44 | Computer Name = Dicetas | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 2012-05-15 01:29:27 | Computer Name = Dicetas | Source = Service Control Manager | ID = 7000
Description = The Lavasoft Ad-Aware Service service failed to start due to the following
error: %%2

Error - 2012-05-15 01:29:31 | Computer Name = Dicetas | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd


< End of report >


I run game servers from time to time, hosting gaming nights for a gaming community I'm part of. The DNS client helps keep my redirect name up to date with my otherwise dynamic IP, making it easier for people to join the server, and the webserver acts as my fileserver for hosting the custom files the server uses, so as to bypass trickle downloading, so clients download at the full speed my connection can offer.

Regarding the Spybot log that were asked, the particular log in question isn't there because I must of gotten it deleted one way or another when I was trying to fix things before coming here. Can't remember any threat names in specifics, all of them sounded relatively generic to me. I pointed it out because most of the time, all my scans show up green.

As for the problematic behavior, it's been fine since I moved from AVG to ZoneAlarm's antivirus/firewall combo. Something I did before I got the first reply to this thread. If the logs look clean I'd assume AVG caused the behavior for whatever reason.
asaguda
Active Member
 
Posts: 9
Joined: January 12th, 2008, 4:07 pm

Re: Suspected infections

Unread postby torreattack » May 15th, 2012, 6:04 pm

Hi asaguda :

Since you are using service from No-IP.com, I think you might also interest to read these:
https://www.virustotal.com/file/66064d9 ... /analysis/
http://www.isthisfilesafe.com/sha1/9776 ... tails.aspx

It is up to you whether to continue using this service after you have read the articles.


Having too many anti-malware may not be a good idea. They might reduce your computer performance and conflict with each others.

1. remove program
Some of the following programs are outdated, useless or not recommended to keep. Please uninstall them.
  • Click start>> Control Panel >> Under Programs, click on Uninstall a program.
  • Locate the following program(s):
    Spybot - Search & Destroy
    Ad-Aware
    WinPcap 4.1.2
  • Select the program above and click on Uninstall to uninstall it.
NOTE: Take extra care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


RESTART your computer now.


2. Your Java is out of date.
It can be updated by the Java control panel
  • click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Just follow the prompts.




3. ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on Run ESET Online Scanner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Suspected infections

Unread postby torreattack » May 17th, 2012, 5:37 pm

Hi asaguda

3 Day Response Rule
It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!

torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Suspected infections

Unread postby deltalima » May 19th, 2012, 2:57 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware