Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirect on Firefox, IE, Chrome even Second Life

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Jessicka » May 24th, 2012, 6:53 am

That little box keeps popping up in the lower right corner on all browsers I have installed, and on the Second Life client for some reason. I ran Malewarebytes, eset, MSE and it's not showing up in any of those, but it's the one everyone is describing and I can't seem to get rid of it. Can anyone help?

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Lightning at 5:51:22 on 2012-05-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.7122 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Alienware\Command Center\DoorController.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\ThermalController.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Windows\system32\notepad.exe
C:\Program Files\SUPERAntiSpyware\4652d6ef-30b8-42b3-b681-ef4fe8a64a3d.com
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\notepad.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [DriverMax_RESTART]
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [<NO NAME>]
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AWMOUS~1.LNK - C:\Program Files (x86)\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/ ... emLite.CAB
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E43AB5AF-E531-4A4B-981B-9223A8A2D4E1} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [(Default)]
mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 69.10.57.36 http://www.google-analytics.com.
Hosts: 69.10.57.36 ad-emea.doubleclick.net.
Hosts: 69.10.57.36 http://www.statcounter.com.
Hosts: 108.163.215.51 http://www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.searchya_i.hmpgUrl - hxxp://searchya.com/?chnl=ft-100&s=0&cr ... tBtDtBtCyD
FF - user.js: extensions.searchya_i.dfltSrch - true
FF - user.js: extensions.searchya_i.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya_i.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - true
FF - user.js: extensions.searchya_i.newTabUrl - hxxp://searchya.com/?chnl=ft-100&s=2&cr ... tBtDtBtCyD
FF - user.js: extensions.searchya_i.tlbrSrchUrl - hxxp://searchya.com/?chnl=ft-100&s=3&cr ... DtBtCyD&q=
FF - user.js: extensions.searchya_i.id - bacb074a000000000000a4badbfd71ba
FF - user.js: extensions.searchya_i.instlDay - 15385
FF - user.js: extensions.searchya_i.vrsn - 1.5.13.0
FF - user.js: extensions.searchya_i.vrsni - 1.5.13.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.5.13.014:39:16
FF - user.js: extensions.searchya_i.prtnrId - ironsrc
FF - user.js: extensions.searchya_i.prdct - searchya
FF - user.js: extensions.searchya_i.aflt - foxtab
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya_i.tlbrId - base
FF - user.js: extensions.searchya_i.instlRef - ft-100
FF - user.js: extensions.searchya_i.dfltLng -
FF - user.js: extensions.searchya_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-11-5 15296]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2011-1-14 163328]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-7 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-21 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-21 1262400]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 SiHbaWakeupService;SiI31xx HBA Wakeup Utility;C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe [2009-7-27 62464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 AWOPFilterDriver;AWOPFilterDriver;\??\C:\Windows\system32\drivers\AWOPFilterDriver.sys --> C:\Windows\system32\drivers\AWOPFilterDriver.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mio;Master IO Filter Driver;C:\Windows\system32\DRIVERS\mio.sys --> C:\Windows\system32\DRIVERS\mio.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 rzudd;Razer Mouse Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2010/12/07 15:29:09;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-4-26 232944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-22 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys --> C:\Windows\system32\DRIVERS\btwdpan.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-1-6 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-7 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-1-6 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-1-26 135584]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-22 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\system32\DRIVERS\gtkdrv.sys --> C:\Windows\system32\DRIVERS\gtkdrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-1 214896]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2010-12-7 1692480]
.
=============== Created Last 30 ================
.
2012-05-24 03:08:58 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7CE8D9A-235C-49A7-A1A9-827D127FAFF9}\offreg.dll
2012-05-23 23:30:57 -------- d-----w- C:\Users\Lightning\AppData\Local\{7BAB18E2-0345-477B-A322-78BA2930A22D}
2012-05-23 23:30:46 -------- d-----w- C:\Users\Lightning\AppData\Local\{BB80044A-27DD-4568-A6B8-90F3BCC15D2A}
2012-05-23 23:30:03 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7CE8D9A-235C-49A7-A1A9-827D127FAFF9}\mpengine.dll
2012-05-22 20:46:36 -------- d-----w- C:\Users\Lightning\AppData\Local\{08496945-B200-4845-8F5D-625317B58129}
2012-05-22 20:46:25 -------- d-----w- C:\Users\Lightning\AppData\Local\{5555DA86-B1D2-4B27-8DC3-4DB836AB5FF0}
2012-05-22 08:35:03 -------- d-----w- C:\Users\Lightning\AppData\Local\{B402261C-0006-43FD-ACBD-14EE7985C9D9}
2012-05-22 08:34:52 -------- d-----w- C:\Users\Lightning\AppData\Local\{F46CE1F7-7274-4FA1-B889-7282B50E1D2B}
2012-05-22 08:34:42 -------- d-----w- C:\Users\Lightning\AppData\Local\{5490BD05-34BF-4615-867C-B579544822E6}
2012-05-22 08:34:31 -------- d-----w- C:\Users\Lightning\AppData\Local\{15173883-3AE6-4676-8C34-49A93C5E183E}
2012-05-22 08:34:10 -------- d-----w- C:\Users\Lightning\AppData\Local\{9CB6E20C-16A8-4AF4-9BC2-C4A777A319E2}
2012-05-22 08:32:52 -------- d-----w- C:\Users\Lightning\AppData\Local\{BB76A48C-91C5-4792-8B44-2BA1A7393043}
2012-05-22 08:09:59 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-22 00:14:21 978944 ----a-w- C:\Windows\System32\msvcp71.dll
2012-05-22 00:14:21 520192 ----a-w- C:\Windows\System32\msvcr71.dll
2012-05-22 00:14:21 381952 ----a-w- C:\Windows\System32\nvexpBar.dll
2012-05-22 00:14:21 372736 ----a-w- C:\Windows\System32\NVUNINST.EXE
2012-05-22 00:14:21 2065920 ----a-w- C:\Windows\System32\nvcplUI.exe
2012-05-22 00:14:21 1524736 ----a-w- C:\Windows\System32\MFC71.dll
2012-05-22 00:14:21 1064448 ----a-w- C:\Windows\System32\nvcplUIR.dll
2012-05-22 00:14:12 -------- d-----w- C:\Users\Lightning\AppData\Local\NVIDIA Corporation
2012-05-22 00:13:29 -------- d-----w- C:\Program Files (x86)\NVIDIA nTune Performance Application
2012-05-21 20:23:52 -------- d-----w- C:\Users\Lightning\AppData\Local\{695A79C2-D774-4B05-8836-CF4D4C6F8013}
2012-05-21 20:23:42 -------- d-----w- C:\Users\Lightning\AppData\Local\{7B355EC0-7E15-43C7-B562-AF4E8DD9D68D}
2012-05-20 23:00:47 -------- d-----w- C:\Users\Lightning\AppData\Local\{DB9EE5E3-BCB2-4489-8A4B-1F5D3D8417B7}
2012-05-20 23:00:37 -------- d-----w- C:\Users\Lightning\AppData\Local\{480D3817-F403-4BA6-81BF-D6B56BF03F56}
2012-05-20 10:09:51 -------- d-----w- C:\Users\Lightning\AppData\Local\{3E5F4D3D-494A-46DB-B2A6-517E5865FAF3}
2012-05-20 10:09:29 -------- d-----w- C:\Users\Lightning\AppData\Local\{FC2098F1-6104-4186-931E-9342F7F66486}
2012-05-19 22:09:04 -------- d-----w- C:\Users\Lightning\AppData\Local\{0286F34E-FF9A-4042-80E3-1C9D8987EEEB}
2012-05-19 22:08:53 -------- d-----w- C:\Users\Lightning\AppData\Local\{23DDD0B7-A008-460B-BF1D-88EF14C2FAFA}
2012-05-19 09:49:40 -------- d-----w- C:\Users\Lightning\AppData\Local\{B17B0578-8C27-45BA-839E-4977E02BECEF}
2012-05-19 09:49:18 -------- d-----w- C:\Users\Lightning\AppData\Local\{1805F74D-429B-455A-B089-47BE66E13C23}
2012-05-19 01:26:18 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-05-19 01:26:18 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-05-19 01:26:18 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-05-19 01:25:56 -------- d-----w- C:\Program Files\iPod
2012-05-19 01:25:55 -------- d-----w- C:\Program Files\iTunes
2012-05-19 01:25:55 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-19 01:25:16 -------- d-----w- C:\Program Files\Bonjour
2012-05-19 01:25:16 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-18 21:48:53 -------- d-----w- C:\Users\Lightning\AppData\Local\{F189A3B2-94A4-497C-A7C9-A1D6B3AAC1A3}
2012-05-18 21:48:30 -------- d-----w- C:\Users\Lightning\AppData\Local\{36B14775-2FCD-4C74-AF86-0A2886F176CC}
2012-05-18 02:41:41 -------- d-----w- C:\Users\Lightning\AppData\Local\Razer
2012-05-18 00:37:25 -------- d-----w- C:\Users\Lightning\AppData\Local\{3855A4A5-21D6-4A8D-B5E8-AE1368D19F9C}
2012-05-18 00:37:03 -------- d-----w- C:\Users\Lightning\AppData\Local\{0AF56C2D-CB34-42AD-BDE4-920F275B4B5D}
2012-05-17 08:58:28 -------- d-----w- C:\Users\Lightning\AppData\Local\{8CC8A56C-3836-4A5D-83F1-E0BD93665C70}
2012-05-17 08:58:17 -------- d-----w- C:\Users\Lightning\AppData\Local\{1BE0983F-6804-487C-AEC7-914FAAB4E254}
2012-05-16 20:58:04 -------- d-----w- C:\Users\Lightning\AppData\Local\{5BE81193-AD0F-46B8-ADFD-74990CDCB0D3}
2012-05-16 20:57:53 -------- d-----w- C:\Users\Lightning\AppData\Local\{0BA64573-696A-4E67-A94C-3AD7CDB089F5}
2012-05-16 01:16:43 -------- d-----w- C:\Users\Lightning\AppData\Local\{E75028C4-70DF-4107-9CBF-3EF596F12B9E}
2012-05-16 01:16:32 -------- d-----w- C:\Users\Lightning\AppData\Local\{218AA661-9B58-44AB-BAC2-A81055215E03}
2012-05-15 07:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-15 05:58:36 -------- d-----w- C:\Users\Lightning\AppData\Local\{7ACCF44C-0D4B-4C6F-8527-312333CA5215}
2012-05-15 05:57:46 -------- d-----w- C:\Users\Lightning\AppData\Local\{D5300770-F350-44F0-9209-A15003EF8BDB}
2012-05-14 17:57:33 -------- d-----w- C:\Users\Lightning\AppData\Local\{92E86B17-5B88-4709-BB0F-1D4206397A32}
2012-05-14 17:57:11 -------- d-----w- C:\Users\Lightning\AppData\Local\{9F4A09C6-B8B6-450C-95C5-B7B810267CBE}
2012-05-14 00:28:44 -------- d-----w- C:\Users\Lightning\AppData\Local\{78E4DA42-CCF5-4838-BA8E-C0779EED6898}
2012-05-14 00:28:33 -------- d-----w- C:\Users\Lightning\AppData\Local\{E065DB90-86C0-47FA-8D3A-520976B10133}
2012-05-13 00:55:11 -------- d-----w- C:\Users\Lightning\AppData\Local\{25B3C571-C789-4DEF-9816-99A4AAC3F68D}
2012-05-13 00:55:00 -------- d-----w- C:\Users\Lightning\AppData\Local\{06640C94-44C7-4D6A-8813-E7A1A7DD76A5}
2012-05-12 07:38:44 -------- d-----w- C:\Users\Lightning\AppData\Local\{ADCA69E0-44C4-449E-AE87-8402FC71DE8D}
2012-05-12 07:38:23 -------- d-----w- C:\Users\Lightning\AppData\Local\{8644B141-1767-4AF7-8B90-A0BAAAE6A91D}
2012-05-11 19:37:57 -------- d-----w- C:\Users\Lightning\AppData\Local\{5CF25E04-73C8-41A5-A001-6CE49E693D0D}
2012-05-11 19:37:46 -------- d-----w- C:\Users\Lightning\AppData\Local\{E53F95B3-4557-4C13-AC7D-F9D65EE88FE6}
2012-05-11 07:31:35 -------- d-----w- C:\Users\Lightning\AppData\Local\{F91E865A-A19C-47C7-9907-23D748E461D9}
2012-05-11 07:31:13 -------- d-----w- C:\Users\Lightning\AppData\Local\{05E27C7F-DB0C-4D65-AB15-57837B9AA8CC}
2012-05-10 19:31:00 -------- d-----w- C:\Users\Lightning\AppData\Local\{E5D174FB-3645-405F-B53A-28BA1B4BDC4F}
2012-05-10 19:30:39 -------- d-----w- C:\Users\Lightning\AppData\Local\{63529318-2197-4596-AB4D-9E9EAE390788}
2012-05-10 07:30:13 -------- d-----w- C:\Users\Lightning\AppData\Local\{6A69C422-5C5C-4D84-8820-4926B9F4B3B2}
2012-05-10 07:29:52 -------- d-----w- C:\Users\Lightning\AppData\Local\{0438930B-287B-4833-8987-6240411B0B6F}
2012-05-09 19:29:39 -------- d-----w- C:\Users\Lightning\AppData\Local\{0267D066-EF50-4C49-AFDB-374A41B5C182}
2012-05-09 19:29:28 -------- d-----w- C:\Users\Lightning\AppData\Local\{898F34E2-7B21-4A73-90AB-B819C3C01FEB}
2012-05-09 08:01:35 -------- d-----w- C:\e6e8d012520a8e56c76bc7665b9488
2012-05-08 20:01:03 -------- d-----w- C:\Users\Lightning\AppData\Local\{8FAFC6F2-BF55-49DE-9587-FDA13F2CB5BD}
2012-05-08 20:00:41 -------- d-----w- C:\Users\Lightning\AppData\Local\{E12635CD-754C-43D5-821A-2322F8619B2A}
2012-05-08 08:00:17 -------- d-----w- C:\Users\Lightning\AppData\Local\{BEC338E6-BC3B-4CAE-9A47-644AB45A6262}
2012-05-08 07:59:55 -------- d-----w- C:\Users\Lightning\AppData\Local\{2C087274-22D2-4A0E-947B-2A72656076D7}
2012-05-07 19:59:42 -------- d-----w- C:\Users\Lightning\AppData\Local\{1D94EA2E-2D67-46A9-8171-DC756D842203}
2012-05-07 19:59:20 -------- d-----w- C:\Users\Lightning\AppData\Local\{6FC8C58A-A257-4650-8808-3AE9DEE31400}
2012-05-07 07:58:56 -------- d-----w- C:\Users\Lightning\AppData\Local\{56F87393-BA28-479B-9F16-D23406A85934}
2012-05-07 07:58:35 -------- d-----w- C:\Users\Lightning\AppData\Local\{C9CFBF69-030C-4995-A8A4-AEB2F836A6AD}
2012-05-06 19:58:21 -------- d-----w- C:\Users\Lightning\AppData\Local\{D9098F0C-F754-44ED-9C5A-EE73C06E4754}
2012-05-06 19:57:59 -------- d-----w- C:\Users\Lightning\AppData\Local\{B22849BF-F535-4B15-85D9-A488B2555F00}
2012-05-06 07:57:35 -------- d-----w- C:\Users\Lightning\AppData\Local\{04E72FB9-2CBA-4AE7-8016-E37A24387E94}
2012-05-06 07:57:13 -------- d-----w- C:\Users\Lightning\AppData\Local\{EAF4D99A-0FFE-472A-8C5B-90B55B9219AE}
2012-05-05 19:57:00 -------- d-----w- C:\Users\Lightning\AppData\Local\{D720956D-6D99-437D-8C44-9952C1B5D36C}
2012-05-05 19:56:49 -------- d-----w- C:\Users\Lightning\AppData\Local\{036A2801-81C5-46B8-882D-3E86A970688E}
2012-05-05 07:54:02 -------- d-----w- C:\Users\Lightning\AppData\Local\{BFAEEF38-DC67-4B4A-B8F3-C31AEB70D95A}
2012-05-05 07:53:40 -------- d-----w- C:\Users\Lightning\AppData\Local\{BB4330C9-4CCE-42A0-A967-7D6B4CEB1045}
2012-05-04 19:53:24 -------- d-----w- C:\Users\Lightning\AppData\Local\{5C8AEAD7-AE7C-40B4-8594-B85F5967E9D4}
2012-05-04 19:53:02 -------- d-----w- C:\Users\Lightning\AppData\Local\{9F4A72B9-38EE-45C5-95DB-FC69F619DB20}
2012-05-04 07:49:46 -------- d-----w- C:\Users\Lightning\AppData\Local\{538529CE-4138-4632-B24F-5231549469BB}
2012-05-04 07:49:24 -------- d-----w- C:\Users\Lightning\AppData\Local\{F2E6B971-2A3F-41B9-A3E6-0918C5672364}
2012-05-03 19:49:11 -------- d-----w- C:\Users\Lightning\AppData\Local\{73E86C5C-215F-479A-B36A-637A7DF38DF5}
2012-05-03 19:48:50 -------- d-----w- C:\Users\Lightning\AppData\Local\{0950AE19-799E-4194-9DE0-498EDCD1C910}
2012-05-03 19:32:32 -------- d-----w- C:\Users\Lightning\AppData\Local\Innovative Solutions
2012-05-03 19:32:30 -------- d-----w- C:\Program Files (x86)\Innovative Solutions
2012-05-03 19:30:50 -------- d--h--w- C:\ProgramData\Common Files
2012-05-03 07:48:25 -------- d-----w- C:\Users\Lightning\AppData\Local\{301DEB12-2569-4E72-B223-34BE50A156DD}
2012-05-03 07:48:03 -------- d-----w- C:\Users\Lightning\AppData\Local\{95BF36DE-189E-4188-A4F2-50EC68FDF560}
2012-05-02 19:47:49 -------- d-----w- C:\Users\Lightning\AppData\Local\{A97C69AB-4FE3-4A15-AD53-94305EB49E8A}
2012-05-02 19:47:38 -------- d-----w- C:\Users\Lightning\AppData\Local\{0799BCB6-5EB1-46FB-8944-72D0A33DA132}
2012-05-01 21:34:32 -------- d-----w- C:\Users\Lightning\AppData\Local\{F99D9B7F-A6DA-4323-A171-D6004303022C}
2012-05-01 21:34:10 -------- d-----w- C:\Users\Lightning\AppData\Local\{4CE64A14-166F-4DDA-918E-6CE3BB4ED233}
2012-05-01 09:33:45 -------- d-----w- C:\Users\Lightning\AppData\Local\{15071BF1-7FEE-406A-AB07-68272DF842A0}
2012-05-01 09:33:23 -------- d-----w- C:\Users\Lightning\AppData\Local\{8F859861-7DBD-40A0-B0D1-6C0C486E4714}
2012-05-01 08:00:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-30 21:33:10 -------- d-----w- C:\Users\Lightning\AppData\Local\{79775016-1C83-400A-9019-6E7A2C7A56BA}
2012-04-30 21:32:49 -------- d-----w- C:\Users\Lightning\AppData\Local\{AF0C0804-AC4D-47DE-8742-C5137D76E5BC}
2012-04-30 09:32:23 -------- d-----w- C:\Users\Lightning\AppData\Local\{007421F4-B7A9-4A7F-9FDC-F39CE8B9E252}
2012-04-30 09:32:02 -------- d-----w- C:\Users\Lightning\AppData\Local\{E7C6821C-F57E-4B7D-97FA-091C8C4BE880}
2012-04-29 21:31:35 -------- d-----w- C:\Users\Lightning\AppData\Local\{1358A382-AB1E-4928-8B00-1748C215A250}
2012-04-29 21:31:24 -------- d-----w- C:\Users\Lightning\AppData\Local\{FC5B258E-EA63-4770-AA99-9F518A903DF4}
2012-04-29 11:33:15 -------- d-----w- C:\Users\Lightning\AppData\Local\{40F7C910-B02E-4C0C-A106-A53A8A18DA96}
2012-04-28 08:11:32 -------- d-----w- C:\Users\Lightning\AppData\Local\{68375E77-8201-4288-83F8-1FB58BC1AB16}
2012-04-28 08:11:10 -------- d-----w- C:\Users\Lightning\AppData\Local\{3C47B299-3EB5-4555-BF9D-70394E50959D}
2012-04-27 20:10:57 -------- d-----w- C:\Users\Lightning\AppData\Local\{988034D2-DF2F-43FD-917A-C08C587DD6D3}
2012-04-27 20:10:46 -------- d-----w- C:\Users\Lightning\AppData\Local\{BE77D127-68BA-458B-9222-75B3E079C8B9}
2012-04-27 07:49:32 -------- d-----w- C:\Users\Lightning\AppData\Local\{65762524-24B2-4D84-8158-E049581A1416}
2012-04-27 07:49:10 -------- d-----w- C:\Users\Lightning\AppData\Local\{B0F5A489-60E3-4D32-B394-26491296C063}
2012-04-26 23:29:49 -------- d-----w- C:\_OTL
2012-04-26 01:34:44 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 01:34:42 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 01:34:42 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-05 00:09:16 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 00:09:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 00:09:06 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-21 18:20:15 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-04-20 20:13:40 269712 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-04-17 08:07:01 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 23:15:45 269712 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-21 01:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-08 23:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-08 05:46:50 138752 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2012-03-05 08:49:56 19536 ----a-w- C:\Windows\System32\drivers\AWOPFilterDriver.sys
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-01 08:32:06 284672 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-24 15:36:50 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
.
============= FINISH: 5:51:47.74 ===============






http://www.malwarebytes.org

Database version: v2012.05.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Lightning :: LIGHTNING-PC [administrator]

5/24/2012 1:54:05 AM
mbam-log-2012-05-24 (01-54-05).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 724507
Time elapsed: 2 hour(s), 9 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


It said not to post the attach file but there was this in there:

==== Hosts File Hijack ======================
.
Hosts: 69.10.57.36 www.google-analytics.com.
Hosts: 69.10.57.36 ad-emea.doubleclick.net.
Hosts: 69.10.57.36 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.

when i go to the hosts file it looks correct. none of those entires. somehow second life has it's own built in browser or something too and as I said all my browsers (firefox, chrome, ie) are infected. This little box in everything I mentioned including second life appears in the lower right. It's legit places but I don't want that there.
Jessicka
Active Member
 
Posts: 11
Joined: May 24th, 2012, 6:46 am
Advertisement
Register to Remove

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Alander » May 27th, 2012, 12:28 pm

Hello, I Am Alander :)

Welcome to the Malware Removal forums.

I would be glad to take a look at your log and help you with solving any malware problems.

DDS logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

As I am still training, everything that I post to you, must be checked by an Admin or Moderator.

Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.


  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Alander » May 28th, 2012, 12:12 pm

Step 1
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  3. Click on Run Scan at the top left hand corner.
  4. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  5. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 2
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTL.txt
  3. Extras.txt
  4. TDSS Log
Thanks
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Jessicka » May 28th, 2012, 4:48 pm

Hi and thanks for helping me. I ran the first scan but there was no extras text file minimized and when I did a search on my computer, no extras.txt anywhere.

OTL logfile created on: 5/28/2012 3:36:00 PM - Run 8
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Lightning\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 8.90 Gb Available Physical Memory | 74.19% Memory free
23.98 Gb Paging File | 20.46 Gb Available in Paging File | 85.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1854.96 Gb Total Space | 1272.25 Gb Free Space | 68.59% Space Free | Partition Type: NTFS

Computer Name: LIGHTNING-PC | User Name: Lightning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/28 15:35:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
PRC - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/25 20:34:42 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/29 22:47:22 | 000,318,344 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/05 17:50:08 | 000,014,792 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
PRC - [2010/11/05 17:46:10 | 000,069,584 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
PRC - [2010/07/07 13:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
PRC - [2009/04/09 12:06:00 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2007/12/19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/05/09 16:50:27 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012/05/09 16:49:28 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0a80fd3af7e48eb9cc9099fee5814dff\UIAutomationTypes.ni.dll
MOD - [2012/05/09 16:49:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 16:49:18 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll
MOD - [2012/05/09 16:49:18 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/05/09 16:49:18 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll
MOD - [2012/05/09 16:49:16 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
MOD - [2012/05/09 16:48:59 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/09 16:48:55 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\62c1a496dff99a6e5f5e4278d31ca4c1\Accessibility.ni.dll
MOD - [2012/05/09 16:47:27 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll
MOD - [2012/05/09 03:13:33 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll
MOD - [2012/05/09 03:13:25 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll
MOD - [2012/05/09 03:13:19 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll
MOD - [2012/05/09 03:13:19 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 03:11:16 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll
MOD - [2012/05/09 03:11:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 03:10:46 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/09 03:10:42 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/09 03:10:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/09 03:10:22 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 03:10:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 03:10:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 03:10:16 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/09 03:10:11 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
MOD - [2012/05/09 03:10:06 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
MOD - [2012/05/09 03:09:55 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012/05/09 03:09:32 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll
MOD - [2012/05/09 03:09:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/09 03:09:29 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/09 03:09:27 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/09 03:09:24 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/09 03:09:20 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/05/04 19:09:15 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/04/25 20:34:42 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/11/05 17:42:36 | 000,016,832 | ---- | M] () -- C:\Program Files\Alienware\Command Center\AlienFusionController.exe
MOD - [2010/01/12 16:36:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/09/22 16:57:50 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2009/02/27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/09/20 12:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/01/14 18:11:02 | 000,163,328 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2010/11/05 17:42:44 | 000,015,296 | ---- | M] (Alienware) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/16 15:44:59 | 000,530,216 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 05:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/04 19:09:16 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/25 20:34:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/01 16:55:58 | 000,214,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2012/01/06 05:28:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/01/06 05:24:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/12/07 16:27:45 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/07 16:15:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/04/26 19:10:14 | 000,232,944 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/10/13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/27 15:48:34 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe -- (SiHbaWakeupService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/04 19:31:22 | 000,180,224 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/18 12:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/05 03:49:56 | 000,019,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/12 21:57:28 | 000,076,800 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/09/20 18:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/20 18:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/20 18:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/20 18:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/20 18:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/20 18:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/08/22 16:14:14 | 000,121,856 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/19 16:55:34 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/27 15:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/13 12:39:52 | 000,014,928 | ---- | M] (Dell/Alienware) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mio.sys -- (mio)
DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/07/07 15:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 15:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 15:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 15:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 15:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 15:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 15:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010/07/07 15:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 15:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 15:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 15:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/03/22 18:29:12 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/16 06:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/29 21:14:10 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2009/07/29 21:14:10 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009/07/29 21:14:10 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/21 19:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2007/08/02 18:33:04 | 000,012,672 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/09/04 19:26:38 | 000,039,968 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E49B0E12-EE88-49C0-AA6E-16841194F8D3}&mid=aba078c88b6d47d0bbc775f39d19984a-cc04f510db957582d76f29708ac65f9e9e17c9a1&lang=en&ds=is015&pr=sa&d=2012-05-03 14:31:26&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}: "URL" = http://searchya.com/?chnl=ft-100&s=1&cr ... DtBtCyD&q={searchTerms}
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "https://www.google.com/"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 20:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/17 13:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/18 20:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/12/10 23:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Extensions
[2012/05/24 02:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions
[2011/09/23 09:13:43 | 000,000,000 | ---D | M] () -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012/05/22 15:46:36 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/05/19 21:07:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/21 13:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/05 18:43:10 | 000,512,595 | ---- | M] () (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012/05/24 02:57:36 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/17 19:38:03 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/04/17 15:49:01 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\LIGHTNING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FB08NRXG.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012/04/25 20:34:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/17 03:07:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/04/25 20:34:41 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/05/03 14:31:24 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/19 10:08:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/25 20:34:41 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 20:34:41 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 20:34:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 20:34:41 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={E49B0E12-EE88-49C0-AA6E-16841194F8D3}&mid=aba078c88b6d47d0bbc775f39d19984a-cc04f510db957582d76f29708ac65f9e9e17c9a1&lang=en&ds=is015&pr=sa&d=2012-05-03 14:31:26&v=11.0.0.9&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Lightning\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/20 23:43:06 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.10.57.36 www.google-analytics.com.
O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net.
O1 - Hosts: 69.10.57.36 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Launch Keyboard CI] c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Alienware)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-633762127-47815373-1907182395-1000..\Run: [DriverMax_RESTART] File not found
O4 - HKU\S-1-5-21-633762127-47815373-1907182395-1011..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-633762127-47815373-1907182395-1011..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-633762127-47815373-1907182395-1011\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1011\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1011\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1011\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-633762127-47815373-1907182395-1011\..Trusted Domains: sony.com ([]* in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/ ... emLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E43AB5AF-E531-4A4B-981B-9223A8A2D4E1}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 15:35:19 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lightning\Desktop\tdsskiller.exe
[2012/05/28 15:34:59 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/05/27 20:34:05 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6AEDF530-84CF-46AC-B1BA-98C6B595E5CD}
[2012/05/27 20:33:44 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{083DDD71-C4DF-4C1A-BBD7-203F6F24E8AE}
[2012/05/26 21:16:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5691ADCC-8681-4233-B149-73F301719B4B}
[2012/05/26 21:16:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{16874EB0-37DE-4742-9ABD-703BFE20AC39}
[2012/05/26 06:54:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{386521FE-D231-4296-80CF-F2FC25B20F1E}
[2012/05/26 06:53:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{1A75D92D-A0E8-4FB1-91B4-3AB2A04DF8C8}
[2012/05/25 18:53:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{51E4308C-0B0E-44B1-8EF9-AAC45511256E}
[2012/05/25 18:53:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8AA97310-670A-4D66-A333-85AFB9F6DACA}
[2012/05/25 18:52:44 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{CF380FFD-3B4B-4EC0-BABB-2FC53A28D7EB}
[2012/05/25 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{58D2B005-1AD7-4D10-952F-451B28B516CC}
[2012/05/24 21:36:53 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E64372C4-FEE1-4758-AD1F-FC431360B1C3}
[2012/05/24 21:36:22 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A638D759-D983-4CDA-98E5-1185C2D1EFC0}
[2012/05/24 05:51:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Lightning\Desktop\dds.scr
[2012/05/24 03:14:00 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Desktop\june 2012
[2012/05/23 18:30:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7BAB18E2-0345-477B-A322-78BA2930A22D}
[2012/05/23 18:30:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BB80044A-27DD-4568-A6B8-90F3BCC15D2A}
[2012/05/22 21:28:37 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/05/22 21:28:37 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/05/22 21:28:37 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/05/22 21:28:37 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/05/22 21:28:37 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/05/22 21:28:37 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/05/22 21:28:37 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/05/22 21:28:37 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/05/22 21:28:37 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/05/22 21:28:37 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/05/22 21:28:37 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/05/22 21:28:37 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/05/22 21:28:37 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/05/22 21:28:37 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/05/22 21:28:37 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/05/22 21:28:36 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/05/22 21:28:36 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/05/22 21:28:36 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/05/22 21:22:28 | 168,454,136 | ---- | C] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\301.42-desktop-win7-winvista-64bit-english-whql.exe
[2012/05/22 15:46:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{08496945-B200-4845-8F5D-625317B58129}
[2012/05/22 15:46:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5555DA86-B1D2-4B27-8DC3-4DB836AB5FF0}
[2012/05/22 03:35:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B402261C-0006-43FD-ACBD-14EE7985C9D9}
[2012/05/22 03:34:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F46CE1F7-7274-4FA1-B889-7282B50E1D2B}
[2012/05/22 03:34:42 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5490BD05-34BF-4615-867C-B579544822E6}
[2012/05/22 03:34:31 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{15173883-3AE6-4676-8C34-49A93C5E183E}
[2012/05/22 03:34:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{9CB6E20C-16A8-4AF4-9BC2-C4A777A319E2}
[2012/05/22 03:32:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BB76A48C-91C5-4792-8B44-2BA1A7393043}
[2012/05/21 19:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/05/21 19:37:49 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/05/21 19:37:49 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/05/21 19:37:49 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/05/21 19:37:49 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/05/21 19:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/05/21 19:37:16 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/05/21 19:37:16 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/05/21 19:37:16 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/05/21 19:37:16 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/05/21 19:37:16 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/05/21 19:37:16 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/05/21 19:37:16 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/05/21 19:37:16 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/05/21 19:37:16 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/05/21 19:37:16 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/05/21 19:37:16 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/05/21 19:25:39 | 166,448,312 | ---- | C] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\296.10-desktop-win7-winvista-64bit-english-whql.exe
[2012/05/21 19:14:21 | 000,372,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE
[2012/05/21 19:14:12 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\NVIDIA Corporation
[2012/05/21 19:13:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA nTune Performance Application
[2012/05/21 15:23:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{695A79C2-D774-4B05-8836-CF4D4C6F8013}
[2012/05/21 15:23:42 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7B355EC0-7E15-43C7-B562-AF4E8DD9D68D}
[2012/05/20 18:00:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{DB9EE5E3-BCB2-4489-8A4B-1F5D3D8417B7}
[2012/05/20 18:00:37 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{480D3817-F403-4BA6-81BF-D6B56BF03F56}
[2012/05/20 05:09:51 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3E5F4D3D-494A-46DB-B2A6-517E5865FAF3}
[2012/05/20 05:09:29 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{FC2098F1-6104-4186-931E-9342F7F66486}
[2012/05/19 17:09:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0286F34E-FF9A-4042-80E3-1C9D8987EEEB}
[2012/05/19 17:08:53 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{23DDD0B7-A008-460B-BF1D-88EF14C2FAFA}
[2012/05/19 04:49:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B17B0578-8C27-45BA-839E-4977E02BECEF}
[2012/05/19 04:49:18 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{1805F74D-429B-455A-B089-47BE66E13C23}
[2012/05/18 20:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/18 20:26:18 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/05/18 20:26:18 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/05/18 20:26:18 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/05/18 20:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/18 20:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/18 20:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/05/18 20:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/05/18 20:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/05/18 20:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/05/18 20:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/05/18 20:25:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/05/18 18:02:47 | 000,000,000 | ---D | C] -- C:\Users\Lightning\Documents\CAPCOM
[2012/05/18 16:48:53 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F189A3B2-94A4-497C-A7C9-A1D6B3AAC1A3}
[2012/05/18 16:48:30 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{36B14775-2FCD-4C74-AF86-0A2886F176CC}
[2012/05/17 21:41:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Razer
[2012/05/17 21:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012/05/17 19:37:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{3855A4A5-21D6-4A8D-B5E8-AE1368D19F9C}
[2012/05/17 19:37:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0AF56C2D-CB34-42AD-BDE4-920F275B4B5D}
[2012/05/17 03:58:28 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8CC8A56C-3836-4A5D-83F1-E0BD93665C70}
[2012/05/17 03:58:17 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{1BE0983F-6804-487C-AEC7-914FAAB4E254}
[2012/05/16 15:58:04 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5BE81193-AD0F-46B8-ADFD-74990CDCB0D3}
[2012/05/16 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0BA64573-696A-4E67-A94C-3AD7CDB089F5}
[2012/05/15 20:16:43 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E75028C4-70DF-4107-9CBF-3EF596F12B9E}
[2012/05/15 20:16:32 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{218AA661-9B58-44AB-BAC2-A81055215E03}
[2012/05/15 00:58:36 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{7ACCF44C-0D4B-4C6F-8527-312333CA5215}
[2012/05/15 00:57:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D5300770-F350-44F0-9209-A15003EF8BDB}
[2012/05/14 13:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/14 13:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/14 13:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/14 12:57:33 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{92E86B17-5B88-4709-BB0F-1D4206397A32}
[2012/05/14 12:57:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{9F4A09C6-B8B6-450C-95C5-B7B810267CBE}
[2012/05/13 19:28:44 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{78E4DA42-CCF5-4838-BA8E-C0779EED6898}
[2012/05/13 19:28:33 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E065DB90-86C0-47FA-8D3A-520976B10133}
[2012/05/12 19:55:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{25B3C571-C789-4DEF-9816-99A4AAC3F68D}
[2012/05/12 19:55:00 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{06640C94-44C7-4D6A-8813-E7A1A7DD76A5}
[2012/05/12 02:38:44 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{ADCA69E0-44C4-449E-AE87-8402FC71DE8D}
[2012/05/12 02:38:23 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8644B141-1767-4AF7-8B90-A0BAAAE6A91D}
[2012/05/11 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5CF25E04-73C8-41A5-A001-6CE49E693D0D}
[2012/05/11 14:37:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E53F95B3-4557-4C13-AC7D-F9D65EE88FE6}
[2012/05/11 02:31:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F91E865A-A19C-47C7-9907-23D748E461D9}
[2012/05/11 02:31:13 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{05E27C7F-DB0C-4D65-AB15-57837B9AA8CC}
[2012/05/10 14:31:00 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E5D174FB-3645-405F-B53A-28BA1B4BDC4F}
[2012/05/10 14:30:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{63529318-2197-4596-AB4D-9E9EAE390788}
[2012/05/10 02:30:13 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6A69C422-5C5C-4D84-8820-4926B9F4B3B2}
[2012/05/10 02:29:52 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0438930B-287B-4833-8987-6240411B0B6F}
[2012/05/09 14:29:39 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0267D066-EF50-4C49-AFDB-374A41B5C182}
[2012/05/09 14:29:28 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{898F34E2-7B21-4A73-90AB-B819C3C01FEB}
[2012/05/09 03:01:35 | 000,000,000 | ---D | C] -- C:\e6e8d012520a8e56c76bc7665b9488
[2012/05/08 21:52:23 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/08 21:52:18 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/08 21:52:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/08 21:52:15 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/08 15:01:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8FAFC6F2-BF55-49DE-9587-FDA13F2CB5BD}
[2012/05/08 15:00:41 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E12635CD-754C-43D5-821A-2322F8619B2A}
[2012/05/08 03:00:17 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BEC338E6-BC3B-4CAE-9A47-644AB45A6262}
[2012/05/08 02:59:55 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{2C087274-22D2-4A0E-947B-2A72656076D7}
[2012/05/07 14:59:42 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{1D94EA2E-2D67-46A9-8171-DC756D842203}
[2012/05/07 14:59:20 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{6FC8C58A-A257-4650-8808-3AE9DEE31400}
[2012/05/07 02:58:56 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{56F87393-BA28-479B-9F16-D23406A85934}
[2012/05/07 02:58:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{C9CFBF69-030C-4995-A8A4-AEB2F836A6AD}
[2012/05/06 14:58:21 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D9098F0C-F754-44ED-9C5A-EE73C06E4754}
[2012/05/06 14:57:59 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{B22849BF-F535-4B15-85D9-A488B2555F00}
[2012/05/06 02:57:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{04E72FB9-2CBA-4AE7-8016-E37A24387E94}
[2012/05/06 02:57:13 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{EAF4D99A-0FFE-472A-8C5B-90B55B9219AE}
[2012/05/05 14:57:00 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{D720956D-6D99-437D-8C44-9952C1B5D36C}
[2012/05/05 14:56:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{036A2801-81C5-46B8-882D-3E86A970688E}
[2012/05/05 02:54:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BFAEEF38-DC67-4B4A-B8F3-C31AEB70D95A}
[2012/05/05 02:53:40 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{BB4330C9-4CCE-42A0-A967-7D6B4CEB1045}
[2012/05/04 15:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2012/05/04 14:53:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{5C8AEAD7-AE7C-40B4-8594-B85F5967E9D4}
[2012/05/04 14:53:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{9F4A72B9-38EE-45C5-95DB-FC69F619DB20}
[2012/05/04 02:49:46 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{538529CE-4138-4632-B24F-5231549469BB}
[2012/05/04 02:49:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F2E6B971-2A3F-41B9-A3E6-0918C5672364}
[2012/05/03 14:49:11 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{73E86C5C-215F-479A-B36A-637A7DF38DF5}
[2012/05/03 14:48:50 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0950AE19-799E-4194-9DE0-498EDCD1C910}
[2012/05/03 14:32:32 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\Innovative Solutions
[2012/05/03 14:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2012/05/03 14:30:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/03 02:48:25 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{301DEB12-2569-4E72-B223-34BE50A156DD}
[2012/05/03 02:48:03 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{95BF36DE-189E-4188-A4F2-50EC68FDF560}
[2012/05/02 14:47:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{A97C69AB-4FE3-4A15-AD53-94305EB49E8A}
[2012/05/02 14:47:38 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{0799BCB6-5EB1-46FB-8944-72D0A33DA132}
[2012/05/01 16:34:32 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{F99D9B7F-A6DA-4323-A171-D6004303022C}
[2012/05/01 16:34:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{4CE64A14-166F-4DDA-918E-6CE3BB4ED233}
[2012/05/01 04:33:45 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{15071BF1-7FEE-406A-AB07-68272DF842A0}
[2012/05/01 04:33:23 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{8F859861-7DBD-40A0-B0D1-6C0C486E4714}
[2012/05/01 03:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/30 16:33:10 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{79775016-1C83-400A-9019-6E7A2C7A56BA}
[2012/04/30 16:32:49 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{AF0C0804-AC4D-47DE-8742-C5137D76E5BC}
[2012/04/30 04:32:23 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{007421F4-B7A9-4A7F-9FDC-F39CE8B9E252}
[2012/04/30 04:32:02 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{E7C6821C-F57E-4B7D-97FA-091C8C4BE880}
[2012/04/29 16:31:35 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{1358A382-AB1E-4928-8B00-1748C215A250}
[2012/04/29 16:31:24 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{FC5B258E-EA63-4770-AA99-9F518A903DF4}
[2012/04/29 06:33:15 | 000,000,000 | ---D | C] -- C:\Users\Lightning\AppData\Local\{40F7C910-B02E-4C0C-A106-A53A8A18DA96}

========== Files - Modified Within 30 Days ==========

[2012/05/28 15:39:42 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 15:39:42 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 15:37:48 | 000,796,026 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/28 15:37:48 | 000,671,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/28 15:37:48 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/28 15:35:21 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lightning\Desktop\tdsskiller.exe
[2012/05/28 15:35:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lightning\Desktop\OTL.exe
[2012/05/28 15:33:31 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/28 15:32:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/28 15:31:56 | 1066,582,014 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/28 04:04:59 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/05/28 04:04:59 | 000,062,308 | ---- | M] () -- C:\Windows\SysNative\BMXState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/05/28 04:04:59 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{0000000A-00000000-00000000-00001102-0000000B-00441102}.rfx
[2012/05/28 03:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/28 03:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/27 18:16:40 | 1100,122,648 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/24 05:51:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Lightning\Desktop\dds.scr
[2012/05/23 23:24:52 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/23 22:40:42 | 093,565,757 | ---- | M] () -- C:\Users\Lightning\Desktop\Blonde Angel Dark And Diana Do ... - XVIDEOS.COM.flv
[2012/05/22 21:23:46 | 168,454,136 | ---- | M] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\301.42-desktop-win7-winvista-64bit-english-whql.exe
[2012/05/22 16:35:47 | 003,082,601 | ---- | M] () -- C:\Users\Lightning\Desktop\bookmarks-2012-05-22.json
[2012/05/21 19:25:40 | 166,448,312 | ---- | M] (NVIDIA Corporation) -- C:\Users\Lightning\Desktop\296.10-desktop-win7-winvista-64bit-english-whql.exe
[2012/05/21 19:13:45 | 000,372,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE
[2012/05/21 18:48:12 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Alienware Command Center.lnk
[2012/05/21 18:48:12 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2012/05/20 23:43:06 | 000,001,392 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/17 21:47:05 | 004,855,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/17 21:44:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/05/15 05:48:00 | 025,743,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/05/15 05:48:00 | 025,248,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/05/15 05:48:00 | 019,607,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/05/15 05:48:00 | 018,044,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/05/15 05:48:00 | 017,551,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/05/15 05:48:00 | 015,322,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/05/15 05:48:00 | 010,194,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/05/15 05:48:00 | 008,139,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/05/15 05:48:00 | 008,105,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/05/15 05:48:00 | 005,982,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/05/15 05:48:00 | 002,881,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/05/15 05:48:00 | 002,741,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/05/15 05:48:00 | 002,681,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/05/15 05:48:00 | 002,524,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/05/15 05:48:00 | 002,445,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/05/15 05:48:00 | 002,368,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/05/15 05:48:00 | 001,738,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/05/15 05:48:00 | 001,468,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/05/15 05:48:00 | 000,949,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/05/15 05:48:00 | 000,818,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/05/15 05:48:00 | 000,364,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012/05/15 05:48:00 | 000,301,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012/05/15 05:48:00 | 000,246,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/05/15 05:48:00 | 000,202,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/05/15 05:48:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/05/15 05:48:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/05/15 05:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012/05/15 04:29:46 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/05/15 04:29:46 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/05/15 04:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/05/15 04:29:25 | 003,149,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/05/15 04:28:42 | 006,151,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/12 20:04:38 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk
[2012/05/10 21:29:11 | 000,003,606 | ---- | M] () -- C:\Users\Lightning\Documents\swtor.rzp
[2012/05/05 15:14:16 | 000,007,607 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Resmon.ResmonCfg
[2012/05/05 13:23:59 | 000,001,854 | ---- | M] () -- C:\Users\Lightning\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/04 19:09:16 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/04 19:09:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/04 19:09:06 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/01 23:26:36 | 000,030,324 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/05/01 23:26:26 | 000,001,955 | ---- | M] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/05/01 03:01:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/01 03:00:54 | 000,809,684 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/05/23 22:27:56 | 093,565,757 | ---- | C] () -- C:\Users\Lightning\Desktop\Blonde Angel Dark And Diana Do ... - XVIDEOS.COM.flv
[2012/05/22 16:35:46 | 003,082,601 | ---- | C] () -- C:\Users\Lightning\Desktop\bookmarks-2012-05-22.json
[2012/05/21 19:37:49 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/05/21 19:37:16 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/05/21 19:14:21 | 002,065,920 | ---- | C] () -- C:\Windows\SysNative\nvcplUI.exe
[2012/05/21 19:14:21 | 001,524,736 | ---- | C] () -- C:\Windows\SysNative\MFC71.dll
[2012/05/21 19:14:21 | 001,064,448 | ---- | C] () -- C:\Windows\SysNative\nvcplUIR.dll
[2012/05/21 19:14:21 | 000,978,944 | ---- | C] () -- C:\Windows\SysNative\msvcp71.dll
[2012/05/21 19:14:21 | 000,520,192 | ---- | C] () -- C:\Windows\SysNative\msvcr71.dll
[2012/05/21 19:14:21 | 000,403,456 | ---- | C] () -- C:\Windows\SysNative\nvcpl.cpl
[2012/05/21 19:14:21 | 000,381,952 | ---- | C] () -- C:\Windows\SysNative\nvexpBar.dll
[2012/05/18 20:25:28 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/05/17 21:44:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/10 21:29:11 | 000,003,606 | ---- | C] () -- C:\Users\Lightning\Documents\swtor.rzp
[2012/03/06 06:46:05 | 000,030,324 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp20.html
[2012/03/05 00:13:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/02/17 01:32:32 | 000,000,132 | ---- | C] () -- C:\Users\Lightning\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/15 15:39:16 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012/02/02 23:37:46 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/02/02 23:37:39 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2012/02/02 23:37:39 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2012/01/08 02:47:18 | 000,001,955 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Temp1.html
[2012/01/01 05:49:12 | 000,007,607 | ---- | C] () -- C:\Users\Lightning\AppData\Local\Resmon.ResmonCfg
[2011/12/29 09:07:52 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/12/12 22:43:29 | 000,110,168 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/12/07 22:42:00 | 002,089,984 | ---- | C] () -- C:\Windows\libmem.dll
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/10 23:41:48 | 000,000,097 | ---- | C] () -- C:\Users\Lightning\AppData\Local\fusioncache.dat
[2010/12/10 23:40:00 | 000,809,684 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/10 23:04:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/07 17:39:34 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/12/07 16:28:09 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/12/07 16:28:09 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2010/12/07 16:16:02 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/12/07 16:16:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/11/05 17:49:42 | 000,098,232 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll
[2010/07/07 14:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/07/07 13:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/07/07 13:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010/07/07 13:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/07/07 13:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/07/07 13:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010/07/07 13:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >








TDSSKiller -

Found nothing at all.



I noticed these ads are related to flash when i click them I get flash property settings etc.
Jessicka
Active Member
 
Posts: 11
Joined: May 24th, 2012, 6:46 am

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Alander » May 29th, 2012, 12:56 am

Hi :), please post the full log of TDSSKiller

It is found here: TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Jessicka » May 29th, 2012, 4:16 am

15:45:44.0343 1108 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
15:45:44.0744 1108 ============================================================
15:45:44.0744 1108 Current date / time: 2012/05/28 15:45:44.0744
15:45:44.0744 1108 SystemInfo:
15:45:44.0744 1108
15:45:44.0744 1108 OS Version: 6.1.7601 ServicePack: 1.0
15:45:44.0744 1108 Product type: Workstation
15:45:44.0744 1108 ComputerName: LIGHTNING-PC
15:45:44.0744 1108 UserName: Lightning
15:45:44.0744 1108 Windows directory: C:\Windows
15:45:44.0744 1108 System windows directory: C:\Windows
15:45:44.0744 1108 Running under WOW64
15:45:44.0744 1108 Processor architecture: Intel x64
15:45:44.0744 1108 Number of processors: 12
15:45:44.0744 1108 Page size: 0x1000
15:45:44.0744 1108 Boot type: Normal boot
15:45:44.0744 1108 ============================================================
15:45:45.0008 1108 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1600000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:45:45.0020 1108 ============================================================
15:45:45.0020 1108 \Device\Harddisk0\DR0:
15:45:45.0020 1108 MBR partitions:
15:45:45.0020 1108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x100D000
15:45:45.0020 1108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1021000, BlocksNum 0xE7DE9800
15:45:45.0020 1108 ============================================================
15:45:45.0066 1108 C: <-> \Device\Harddisk0\DR0\Partition1
15:45:45.0066 1108 ============================================================
15:45:45.0066 1108 Initialize success
15:45:45.0066 1108 ============================================================
15:46:16.0106 1272 ============================================================
15:46:16.0106 1272 Scan started
15:46:16.0106 1272 Mode: Manual;
15:46:16.0106 1272 ============================================================
15:46:16.0329 1272 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:46:16.0329 1272 !SASCORE - ok
15:46:16.0423 1272 1394hub - ok
15:46:16.0493 1272 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:46:16.0494 1272 1394ohci - ok
15:46:16.0565 1272 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:46:16.0566 1272 ACPI - ok
15:46:16.0575 1272 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:46:16.0576 1272 AcpiPmi - ok
15:46:16.0712 1272 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:46:16.0713 1272 AdobeFlashPlayerUpdateSvc - ok
15:46:16.0757 1272 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:46:16.0766 1272 adp94xx - ok
15:46:16.0807 1272 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:46:16.0808 1272 adpahci - ok
15:46:16.0839 1272 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:46:16.0840 1272 adpu320 - ok
15:46:16.0875 1272 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:46:16.0875 1272 AeLookupSvc - ok
15:46:16.0946 1272 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:46:16.0948 1272 AFD - ok
15:46:16.0962 1272 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:46:16.0963 1272 agp440 - ok
15:46:16.0995 1272 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:46:16.0995 1272 ALG - ok
15:46:17.0048 1272 AlienFusionService (63eaf9f1a60c44e26f6ef22e8f479d76) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
15:46:17.0048 1272 AlienFusionService - ok
15:46:17.0051 1272 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:46:17.0052 1272 aliide - ok
15:46:17.0070 1272 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:46:17.0071 1272 amdide - ok
15:46:17.0080 1272 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:46:17.0080 1272 AmdK8 - ok
15:46:17.0083 1272 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:46:17.0084 1272 AmdPPM - ok
15:46:17.0128 1272 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:46:17.0128 1272 amdsata - ok
15:46:17.0157 1272 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:46:17.0158 1272 amdsbs - ok
15:46:17.0176 1272 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:46:17.0177 1272 amdxata - ok
15:46:17.0206 1272 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:46:17.0207 1272 AppID - ok
15:46:17.0216 1272 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:46:17.0217 1272 AppIDSvc - ok
15:46:17.0250 1272 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:46:17.0252 1272 Appinfo - ok
15:46:17.0371 1272 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:46:17.0380 1272 Apple Mobile Device - ok
15:46:17.0436 1272 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:46:17.0436 1272 AppMgmt - ok
15:46:17.0457 1272 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:46:17.0458 1272 arc - ok
15:46:17.0475 1272 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:46:17.0476 1272 arcsas - ok
15:46:17.0655 1272 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:46:17.0656 1272 aspnet_state - ok
15:46:17.0675 1272 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:46:17.0676 1272 AsyncMac - ok
15:46:17.0719 1272 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:46:17.0720 1272 atapi - ok
15:46:17.0774 1272 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:46:17.0777 1272 AudioEndpointBuilder - ok
15:46:17.0780 1272 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:46:17.0782 1272 AudioSrv - ok
15:46:17.0826 1272 AWOPFilterDriver (0e15300e54fdce8939e8651873117636) C:\Windows\system32\drivers\AWOPFilterDriver.sys
15:46:17.0826 1272 AWOPFilterDriver - ok
15:46:17.0880 1272 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:46:17.0881 1272 AxInstSV - ok
15:46:17.0908 1272 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:46:17.0909 1272 b06bdrv - ok
15:46:17.0939 1272 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:46:17.0940 1272 b57nd60a - ok
15:46:17.0984 1272 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:46:17.0984 1272 BDESVC - ok
15:46:18.0003 1272 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:46:18.0003 1272 Beep - ok
15:46:18.0062 1272 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:46:18.0065 1272 BFE - ok
15:46:18.0109 1272 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:46:18.0113 1272 BITS - ok
15:46:18.0132 1272 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:46:18.0132 1272 blbdrive - ok
15:46:18.0218 1272 Blfp (8ab4719971b7280313835c28616ea7b4) C:\Windows\system32\DRIVERS\basp.sys
15:46:18.0219 1272 Blfp - ok
15:46:18.0330 1272 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:46:18.0331 1272 Bonjour Service - ok
15:46:18.0367 1272 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:46:18.0368 1272 bowser - ok
15:46:18.0468 1272 BrcmMgmtAgent (f742f89449e6d345425c2fef9158b008) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
15:46:18.0468 1272 BrcmMgmtAgent - ok
15:46:18.0484 1272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:46:18.0485 1272 BrFiltLo - ok
15:46:18.0498 1272 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:46:18.0498 1272 BrFiltUp - ok
15:46:18.0514 1272 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:46:18.0515 1272 BridgeMP - ok
15:46:18.0549 1272 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:46:18.0550 1272 Browser - ok
15:46:18.0610 1272 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:46:18.0611 1272 Brserid - ok
15:46:18.0627 1272 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:46:18.0627 1272 BrSerWdm - ok
15:46:18.0638 1272 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:46:18.0639 1272 BrUsbMdm - ok
15:46:18.0640 1272 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:46:18.0641 1272 BrUsbSer - ok
15:46:18.0670 1272 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:46:18.0671 1272 BthEnum - ok
15:46:18.0692 1272 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:46:18.0693 1272 BTHMODEM - ok
15:46:18.0728 1272 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:46:18.0729 1272 BthPan - ok
15:46:18.0795 1272 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
15:46:18.0797 1272 BTHPORT - ok
15:46:18.0827 1272 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:46:18.0827 1272 bthserv - ok
15:46:18.0849 1272 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
15:46:18.0850 1272 BTHUSB - ok
15:46:18.0944 1272 btwampfl (0e78584d5faca0509dfa97bd8b635075) C:\Windows\system32\drivers\btwampfl.sys
15:46:18.0946 1272 btwampfl - ok
15:46:18.0980 1272 btwaudio (409c4117e6027672ef41e68ace1468ad) C:\Windows\system32\drivers\btwaudio.sys
15:46:18.0980 1272 btwaudio - ok
15:46:19.0040 1272 btwavdt (8ca7cabd13316abace386d9f380b4cf3) C:\Windows\system32\drivers\btwavdt.sys
15:46:19.0041 1272 btwavdt - ok
15:46:19.0101 1272 btwdins (1249ede2280f9a1564c946afddcd59d5) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:46:19.0105 1272 btwdins - ok
15:46:19.0151 1272 BTWDPAN (41933521a618475644b6e8d8487af326) C:\Windows\system32\DRIVERS\btwdpan.sys
15:46:19.0151 1272 BTWDPAN - ok
15:46:19.0166 1272 btwl2cap (b9354f9f111c64f2495b60f1e24cb453) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:46:19.0166 1272 btwl2cap - ok
15:46:19.0194 1272 btwrchid (71a04f2d9deb21b162561eb574d7d629) C:\Windows\system32\DRIVERS\btwrchid.sys
15:46:19.0195 1272 btwrchid - ok
15:46:19.0197 1272 catchme - ok
15:46:19.0212 1272 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:46:19.0213 1272 cdfs - ok
15:46:19.0268 1272 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:46:19.0269 1272 cdrom - ok
15:46:19.0344 1272 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:46:19.0344 1272 CertPropSvc - ok
15:46:19.0373 1272 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:46:19.0373 1272 circlass - ok
15:46:19.0423 1272 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:46:19.0425 1272 CLFS - ok
15:46:19.0496 1272 CLKMSVC10_9EC60124 (fdff50af8a708a23b7de1d69c285a2ae) c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
15:46:19.0497 1272 CLKMSVC10_9EC60124 - ok
15:46:19.0557 1272 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:46:19.0557 1272 clr_optimization_v2.0.50727_32 - ok
15:46:19.0619 1272 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:46:19.0619 1272 clr_optimization_v2.0.50727_64 - ok
15:46:19.0723 1272 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:46:19.0746 1272 clr_optimization_v4.0.30319_32 - ok
15:46:19.0790 1272 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:46:19.0791 1272 clr_optimization_v4.0.30319_64 - ok
15:46:19.0807 1272 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:46:19.0808 1272 CmBatt - ok
15:46:19.0854 1272 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:46:19.0855 1272 cmdide - ok
15:46:19.0917 1272 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:46:19.0919 1272 CNG - ok
15:46:19.0939 1272 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:46:19.0939 1272 Compbatt - ok
15:46:19.0975 1272 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:46:19.0976 1272 CompositeBus - ok
15:46:19.0977 1272 COMSysApp - ok
15:46:20.0035 1272 cpuz135 (76355d5eafdfa3e9b7580b9153de1f30) C:\Windows\system32\drivers\cpuz135_x64.sys
15:46:20.0035 1272 cpuz135 - ok
15:46:20.0038 1272 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:46:20.0039 1272 crcdisk - ok
15:46:20.0107 1272 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
15:46:20.0108 1272 Creative ALchemy AL6 Licensing Service - ok
15:46:20.0154 1272 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:46:20.0154 1272 Creative Audio Engine Licensing Service - ok
15:46:20.0184 1272 Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
15:46:20.0184 1272 Creative Media Toolbox 6 Licensing Service - ok
15:46:20.0245 1272 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:46:20.0246 1272 CryptSvc - ok
15:46:20.0277 1272 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:46:20.0279 1272 CSC - ok
15:46:20.0325 1272 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:46:20.0328 1272 CscService - ok
15:46:20.0380 1272 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
15:46:20.0381 1272 CT20XUT - ok
15:46:20.0383 1272 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
15:46:20.0384 1272 CT20XUT.SYS - ok
15:46:20.0448 1272 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
15:46:20.0450 1272 ctac32k - ok
15:46:20.0493 1272 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
15:46:20.0496 1272 ctaud2k - ok
15:46:20.0569 1272 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:46:20.0570 1272 CTAudSvcService - ok
15:46:20.0628 1272 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
15:46:20.0632 1272 CTEXFIFX - ok
15:46:20.0645 1272 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
15:46:20.0649 1272 CTEXFIFX.SYS - ok
15:46:20.0706 1272 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
15:46:20.0707 1272 CTHWIUT - ok
15:46:20.0708 1272 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
15:46:20.0709 1272 CTHWIUT.SYS - ok
15:46:20.0728 1272 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
15:46:20.0729 1272 ctprxy2k - ok
15:46:20.0762 1272 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
15:46:20.0763 1272 ctsfm2k - ok
15:46:20.0806 1272 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) C:\Windows\system32\drivers\dadder.sys
15:46:20.0806 1272 DAdderFltr - ok
15:46:20.0833 1272 danewFltr (329bc03a1ccd45941df52dc021d27ac5) C:\Windows\system32\drivers\danew.sys
15:46:20.0834 1272 danewFltr - ok
15:46:20.0881 1272 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:46:20.0883 1272 DcomLaunch - ok
15:46:20.0917 1272 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:46:20.0918 1272 defragsvc - ok
15:46:20.0961 1272 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:46:20.0977 1272 DfsC - ok
15:46:21.0033 1272 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:46:21.0034 1272 Dhcp - ok
15:46:21.0056 1272 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:46:21.0057 1272 discache - ok
15:46:21.0086 1272 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:46:21.0087 1272 Disk - ok
15:46:21.0166 1272 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:46:21.0167 1272 Dnscache - ok
15:46:21.0225 1272 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:46:21.0226 1272 dot3svc - ok
15:46:21.0272 1272 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:46:21.0273 1272 DPS - ok
15:46:21.0294 1272 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:46:21.0294 1272 drmkaud - ok
15:46:21.0363 1272 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:46:21.0365 1272 DXGKrnl - ok
15:46:21.0404 1272 EagleX64 - ok
15:46:21.0445 1272 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:46:21.0446 1272 EapHost - ok
15:46:21.0538 1272 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:46:21.0564 1272 ebdrv - ok
15:46:21.0599 1272 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:46:21.0600 1272 EFS - ok
15:46:21.0672 1272 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:46:21.0675 1272 ehRecvr - ok
15:46:21.0719 1272 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:46:21.0720 1272 ehSched - ok
15:46:21.0760 1272 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:46:21.0762 1272 elxstor - ok
15:46:21.0796 1272 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
15:46:21.0796 1272 emupia - ok
15:46:21.0825 1272 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:46:21.0825 1272 ErrDev - ok
15:46:21.0864 1272 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:46:21.0866 1272 EventSystem - ok
15:46:21.0884 1272 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:46:21.0885 1272 exfat - ok
15:46:21.0924 1272 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:46:21.0925 1272 fastfat - ok
15:46:21.0995 1272 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:46:21.0998 1272 Fax - ok
15:46:22.0019 1272 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:46:22.0023 1272 fdc - ok
15:46:22.0036 1272 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:46:22.0037 1272 fdPHost - ok
15:46:22.0043 1272 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:46:22.0044 1272 FDResPub - ok
15:46:22.0071 1272 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:46:22.0071 1272 FileInfo - ok
15:46:22.0095 1272 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:46:22.0104 1272 Filetrace - ok
15:46:22.0187 1272 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:46:22.0191 1272 FLEXnet Licensing Service - ok
15:46:22.0205 1272 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:46:22.0205 1272 flpydisk - ok
15:46:22.0253 1272 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:46:22.0254 1272 FltMgr - ok
15:46:22.0328 1272 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:46:22.0332 1272 FontCache - ok
15:46:22.0388 1272 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:46:22.0388 1272 FontCache3.0.0.0 - ok
15:46:22.0409 1272 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:46:22.0410 1272 FsDepends - ok
15:46:22.0445 1272 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:46:22.0446 1272 Fs_Rec - ok
15:46:22.0532 1272 Futuremark SystemInfo Service (0d015d3584704ec814a58276232f143b) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
15:46:22.0532 1272 Futuremark SystemInfo Service - ok
15:46:22.0574 1272 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:46:22.0575 1272 fvevol - ok
15:46:22.0579 1272 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:46:22.0579 1272 gagp30kx - ok
15:46:22.0603 1272 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:46:22.0603 1272 GEARAspiWDM - ok
15:46:22.0664 1272 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:46:22.0666 1272 gpsvc - ok
15:46:22.0748 1272 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:22.0748 1272 gupdate - ok
15:46:22.0755 1272 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:22.0755 1272 gupdatem - ok
15:46:22.0849 1272 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
15:46:22.0854 1272 ha20x22k - ok
15:46:22.0911 1272 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
15:46:22.0916 1272 ha20x2k - ok
15:46:22.0939 1272 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:46:22.0939 1272 hcw85cir - ok
15:46:22.0998 1272 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:46:23.0003 1272 HdAudAddService - ok
15:46:23.0050 1272 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:46:23.0051 1272 HDAudBus - ok
15:46:23.0054 1272 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:46:23.0054 1272 HidBatt - ok
15:46:23.0080 1272 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:46:23.0080 1272 HidBth - ok
15:46:23.0085 1272 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:46:23.0092 1272 HidIr - ok
15:46:23.0134 1272 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:46:23.0135 1272 hidserv - ok
15:46:23.0177 1272 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:46:23.0178 1272 HidUsb - ok
15:46:23.0253 1272 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:46:23.0254 1272 hkmsvc - ok
15:46:23.0305 1272 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:46:23.0307 1272 HomeGroupListener - ok
15:46:23.0363 1272 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:46:23.0364 1272 HomeGroupProvider - ok
15:46:23.0401 1272 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:46:23.0402 1272 HpSAMD - ok
15:46:23.0447 1272 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:46:23.0449 1272 HTTP - ok
15:46:23.0465 1272 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:46:23.0465 1272 hwpolicy - ok
15:46:23.0533 1272 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:46:23.0534 1272 i8042prt - ok
15:46:23.0586 1272 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
15:46:23.0588 1272 iaStor - ok
15:46:23.0644 1272 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:46:23.0645 1272 IAStorDataMgrSvc - ok
15:46:23.0672 1272 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:46:23.0673 1272 iaStorV - ok
15:46:23.0760 1272 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:46:23.0763 1272 idsvc - ok
15:46:23.0798 1272 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:46:23.0798 1272 iirsp - ok
15:46:23.0847 1272 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:46:23.0849 1272 IKEEXT - ok
15:46:23.0888 1272 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:46:23.0888 1272 intelide - ok
15:46:23.0926 1272 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:46:23.0926 1272 intelppm - ok
15:46:23.0966 1272 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:46:23.0967 1272 IPBusEnum - ok
15:46:23.0983 1272 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:46:23.0984 1272 IpFilterDriver - ok
15:46:24.0081 1272 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:46:24.0083 1272 iphlpsvc - ok
15:46:24.0101 1272 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:46:24.0101 1272 IPMIDRV - ok
15:46:24.0143 1272 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:46:24.0144 1272 IPNAT - ok
15:46:24.0225 1272 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:46:24.0228 1272 iPod Service - ok
15:46:24.0264 1272 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:46:24.0273 1272 IRENUM - ok
15:46:24.0302 1272 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:46:24.0303 1272 isapnp - ok
15:46:24.0317 1272 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:46:24.0318 1272 iScsiPrt - ok
15:46:24.0369 1272 JRAID (c0d9ba660a41ee8a269ef804e6cd0d7b) C:\Windows\system32\DRIVERS\jraid.sys
15:46:24.0370 1272 JRAID - ok
15:46:24.0431 1272 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:46:24.0433 1272 k57nd60a - ok
15:46:24.0454 1272 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:46:24.0454 1272 kbdclass - ok
15:46:24.0457 1272 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:46:24.0458 1272 kbdhid - ok
15:46:24.0488 1272 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:24.0488 1272 KeyIso - ok
15:46:24.0493 1272 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:46:24.0494 1272 KSecDD - ok
15:46:24.0519 1272 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:46:24.0520 1272 KSecPkg - ok
15:46:24.0534 1272 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:46:24.0534 1272 ksthunk - ok
15:46:24.0598 1272 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:46:24.0600 1272 KtmRm - ok
15:46:24.0663 1272 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:46:24.0665 1272 LanmanServer - ok
15:46:24.0696 1272 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:46:24.0698 1272 LanmanWorkstation - ok
15:46:24.0750 1272 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:46:24.0750 1272 lltdio - ok
15:46:24.0822 1272 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:46:24.0824 1272 lltdsvc - ok
15:46:24.0854 1272 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:46:24.0854 1272 lmhosts - ok
15:46:24.0891 1272 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:46:24.0891 1272 LSI_FC - ok
15:46:24.0897 1272 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:46:24.0897 1272 LSI_SAS - ok
15:46:24.0928 1272 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:46:24.0928 1272 LSI_SAS2 - ok
15:46:24.0968 1272 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:46:24.0969 1272 LSI_SCSI - ok
15:46:24.0988 1272 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:46:24.0989 1272 luafv - ok
15:46:25.0007 1272 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:46:25.0008 1272 MBAMProtector - ok
15:46:25.0077 1272 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:46:25.0079 1272 MBAMService - ok
15:46:25.0129 1272 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:46:25.0130 1272 Mcx2Svc - ok
15:46:25.0162 1272 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:46:25.0163 1272 megasas - ok
15:46:25.0193 1272 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:46:25.0194 1272 MegaSR - ok
15:46:25.0225 1272 mio (8fa3c6a34458bc78c9b13ce08b277faf) C:\Windows\system32\DRIVERS\mio.sys
15:46:25.0226 1272 mio - ok
15:46:25.0239 1272 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:46:25.0240 1272 MMCSS - ok
15:46:25.0274 1272 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:46:25.0275 1272 Modem - ok
15:46:25.0321 1272 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:46:25.0321 1272 monitor - ok
15:46:25.0416 1272 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
15:46:25.0417 1272 MotoHelper - ok
15:46:25.0457 1272 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:46:25.0457 1272 mouclass - ok
15:46:25.0477 1272 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:46:25.0477 1272 mouhid - ok
15:46:25.0525 1272 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:46:25.0526 1272 mountmgr - ok
15:46:25.0630 1272 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:46:25.0631 1272 MozillaMaintenance - ok
15:46:25.0715 1272 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
15:46:25.0716 1272 MpFilter - ok
15:46:25.0809 1272 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:46:25.0810 1272 mpio - ok
15:46:25.0856 1272 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:46:25.0857 1272 mpsdrv - ok
15:46:25.0943 1272 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:46:25.0957 1272 MpsSvc - ok
15:46:26.0025 1272 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:46:26.0026 1272 MRxDAV - ok
15:46:26.0094 1272 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:46:26.0095 1272 mrxsmb - ok
15:46:26.0129 1272 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:46:26.0130 1272 mrxsmb10 - ok
15:46:26.0136 1272 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:46:26.0136 1272 mrxsmb20 - ok
15:46:26.0175 1272 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:46:26.0176 1272 msahci - ok
15:46:26.0227 1272 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:46:26.0227 1272 msdsm - ok
15:46:26.0259 1272 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:46:26.0260 1272 MSDTC - ok
15:46:26.0281 1272 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:46:26.0282 1272 Msfs - ok
15:46:26.0296 1272 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:46:26.0297 1272 mshidkmdf - ok
15:46:26.0316 1272 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:46:26.0316 1272 msisadrv - ok
15:46:26.0360 1272 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:46:26.0376 1272 MSiSCSI - ok
15:46:26.0378 1272 msiserver - ok
15:46:26.0415 1272 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:46:26.0416 1272 MSKSSRV - ok
15:46:26.0477 1272 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:46:26.0477 1272 MsMpSvc - ok
15:46:26.0494 1272 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:46:26.0494 1272 MSPCLOCK - ok
15:46:26.0517 1272 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:46:26.0517 1272 MSPQM - ok
15:46:26.0552 1272 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:46:26.0553 1272 MsRPC - ok
15:46:26.0568 1272 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:46:26.0568 1272 mssmbios - ok
15:46:26.0571 1272 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:46:26.0571 1272 MSTEE - ok
15:46:26.0574 1272 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:46:26.0574 1272 MTConfig - ok
15:46:26.0596 1272 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:46:26.0596 1272 Mup - ok
15:46:26.0657 1272 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:46:26.0659 1272 napagent - ok
15:46:26.0687 1272 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:46:26.0688 1272 NativeWifiP - ok
15:46:26.0736 1272 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:46:26.0739 1272 NDIS - ok
15:46:26.0756 1272 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:46:26.0756 1272 NdisCap - ok
15:46:26.0785 1272 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:46:26.0795 1272 NdisTapi - ok
15:46:26.0815 1272 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:46:26.0816 1272 Ndisuio - ok
15:46:26.0850 1272 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:46:26.0850 1272 NdisWan - ok
15:46:26.0866 1272 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:46:26.0866 1272 NDProxy - ok
15:46:26.0954 1272 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:46:26.0957 1272 Nero BackItUp Scheduler 4.0 - ok
15:46:26.0967 1272 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:46:26.0968 1272 NetBIOS - ok
15:46:26.0994 1272 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:46:26.0995 1272 NetBT - ok
15:46:26.0997 1272 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:26.0997 1272 Netlogon - ok
15:46:27.0090 1272 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:46:27.0092 1272 Netman - ok
15:46:27.0234 1272 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:46:27.0247 1272 NetMsmqActivator - ok
15:46:27.0249 1272 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:46:27.0250 1272 NetPipeActivator - ok
15:46:27.0311 1272 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:46:27.0313 1272 netprofm - ok
15:46:27.0315 1272 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:46:27.0316 1272 NetTcpActivator - ok
15:46:27.0318 1272 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:46:27.0318 1272 NetTcpPortSharing - ok
15:46:27.0345 1272 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:46:27.0346 1272 nfrd960 - ok
15:46:27.0405 1272 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:46:27.0406 1272 NisDrv - ok
15:46:27.0455 1272 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
15:46:27.0456 1272 NisSrv - ok
15:46:27.0526 1272 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:46:27.0527 1272 NlaSvc - ok
15:46:27.0545 1272 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:46:27.0546 1272 Npfs - ok
15:46:27.0584 1272 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:46:27.0586 1272 nsi - ok
15:46:27.0598 1272 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:46:27.0598 1272 nsiproxy - ok
15:46:27.0700 1272 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:46:27.0705 1272 Ntfs - ok
15:46:27.0798 1272 nTuneService - ok
15:46:27.0870 1272 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:46:27.0871 1272 Null - ok
15:46:27.0931 1272 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
15:46:27.0932 1272 NVHDA - ok
15:46:28.0128 1272 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:46:28.0170 1272 nvlddmkm - ok
15:46:28.0208 1272 NVR0Dev (241a095631570a9cef4f126c87605c60) C:\Windows\nvoclk64.sys
15:46:28.0209 1272 NVR0Dev - ok
15:46:28.0274 1272 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:46:28.0275 1272 nvraid - ok
15:46:28.0296 1272 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:46:28.0297 1272 nvstor - ok
15:46:28.0376 1272 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
15:46:28.0379 1272 nvsvc - ok
15:46:28.0466 1272 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:46:28.0470 1272 nvUpdatusService - ok
15:46:28.0500 1272 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:46:28.0501 1272 nv_agp - ok
15:46:28.0521 1272 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:46:28.0521 1272 ohci1394 - ok
15:46:28.0564 1272 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
15:46:28.0564 1272 ossrv - ok
15:46:28.0605 1272 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:46:28.0607 1272 p2pimsvc - ok
15:46:28.0656 1272 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:46:28.0658 1272 p2psvc - ok
15:46:28.0686 1272 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:46:28.0686 1272 Parport - ok
15:46:28.0723 1272 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:46:28.0724 1272 partmgr - ok
15:46:28.0756 1272 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:46:28.0757 1272 PcaSvc - ok
15:46:28.0788 1272 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:46:28.0789 1272 pci - ok
15:46:28.0819 1272 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:46:28.0820 1272 pciide - ok
15:46:28.0862 1272 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:46:28.0863 1272 pcmcia - ok
15:46:28.0872 1272 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:46:28.0872 1272 pcw - ok
15:46:28.0913 1272 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:46:28.0915 1272 PEAUTH - ok
15:46:28.0984 1272 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:46:28.0988 1272 PeerDistSvc - ok
15:46:29.0065 1272 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:46:29.0066 1272 PerfHost - ok
15:46:29.0145 1272 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:46:29.0150 1272 pla - ok
15:46:29.0198 1272 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:46:29.0200 1272 PlugPlay - ok
15:46:29.0216 1272 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:46:29.0217 1272 PNRPAutoReg - ok
15:46:29.0222 1272 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:46:29.0224 1272 PNRPsvc - ok
15:46:29.0287 1272 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:46:29.0289 1272 PolicyAgent - ok
15:46:29.0318 1272 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:46:29.0320 1272 Power - ok
15:46:29.0367 1272 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:46:29.0367 1272 PptpMiniport - ok
15:46:29.0385 1272 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:46:29.0386 1272 Processor - ok
15:46:29.0409 1272 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:46:29.0416 1272 ProfSvc - ok
15:46:29.0441 1272 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:29.0442 1272 ProtectedStorage - ok
15:46:29.0510 1272 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:46:29.0511 1272 Psched - ok
15:46:29.0544 1272 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
15:46:29.0544 1272 PSI - ok
15:46:29.0606 1272 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:46:29.0612 1272 ql2300 - ok
15:46:29.0633 1272 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:46:29.0634 1272 ql40xx - ok
15:46:29.0666 1272 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:46:29.0668 1272 QWAVE - ok
15:46:29.0683 1272 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:46:29.0684 1272 QWAVEdrv - ok
15:46:29.0713 1272 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:46:29.0713 1272 RasAcd - ok
15:46:29.0735 1272 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:46:29.0736 1272 RasAgileVpn - ok
15:46:29.0775 1272 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:46:29.0776 1272 RasAuto - ok
15:46:29.0802 1272 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:46:29.0802 1272 Rasl2tp - ok
15:46:29.0838 1272 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:46:29.0839 1272 RasMan - ok
15:46:29.0879 1272 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:46:29.0879 1272 RasPppoe - ok
15:46:29.0900 1272 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:46:29.0900 1272 RasSstp - ok
15:46:29.0942 1272 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:46:29.0944 1272 rdbss - ok
15:46:29.0999 1272 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:46:30.0000 1272 rdpbus - ok
15:46:30.0002 1272 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:46:30.0002 1272 RDPCDD - ok
15:46:30.0044 1272 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:46:30.0045 1272 RDPDR - ok
15:46:30.0070 1272 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:46:30.0070 1272 RDPENCDD - ok
15:46:30.0089 1272 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:46:30.0089 1272 RDPREFMP - ok
15:46:30.0121 1272 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:46:30.0122 1272 RdpVideoMiniport - ok
15:46:30.0173 1272 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:46:30.0173 1272 RDPWD - ok
15:46:30.0244 1272 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:46:30.0245 1272 rdyboost - ok
15:46:30.0260 1272 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:46:30.0261 1272 RemoteAccess - ok
15:46:30.0268 1272 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:46:30.0269 1272 RemoteRegistry - ok
15:46:30.0330 1272 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:46:30.0330 1272 RFCOMM - ok
15:46:30.0335 1272 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:46:30.0336 1272 RpcEptMapper - ok
15:46:30.0363 1272 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:46:30.0364 1272 RpcLocator - ok
15:46:30.0405 1272 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:46:30.0408 1272 RpcSs - ok
15:46:30.0441 1272 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:46:30.0448 1272 rspndr - ok
15:46:30.0513 1272 RzSynapse (24510c4a77aba3b07aefa840db888637) C:\Windows\system32\DRIVERS\RzSynapse.sys
15:46:30.0514 1272 RzSynapse - ok
15:46:30.0556 1272 rzudd (668256c178f0b90acd5ddcbf3216764f) C:\Windows\system32\DRIVERS\rzudd.sys
15:46:30.0556 1272 rzudd - ok
15:46:30.0593 1272 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:46:30.0593 1272 s3cap - ok
15:46:30.0595 1272 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:30.0596 1272 SamSs - ok
15:46:30.0697 1272 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:46:30.0697 1272 SASDIFSV - ok
15:46:30.0699 1272 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:46:30.0699 1272 SASKUTIL - ok
15:46:30.0744 1272 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:46:30.0744 1272 sbp2port - ok
15:46:30.0784 1272 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:46:30.0786 1272 SCardSvr - ok
15:46:30.0814 1272 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:46:30.0820 1272 scfilter - ok
15:46:30.0878 1272 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:46:30.0882 1272 Schedule - ok
15:46:30.0940 1272 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:46:30.0941 1272 SCPolicySvc - ok
15:46:30.0979 1272 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:46:30.0980 1272 SDRSVC - ok
15:46:30.0995 1272 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:46:30.0996 1272 secdrv - ok
15:46:31.0033 1272 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:46:31.0034 1272 seclogon - ok
15:46:31.0117 1272 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
15:46:31.0120 1272 Secunia PSI Agent - ok
15:46:31.0182 1272 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
15:46:31.0184 1272 Secunia Update Agent - ok
15:46:31.0201 1272 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:46:31.0202 1272 SENS - ok
15:46:31.0218 1272 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:46:31.0219 1272 SensrSvc - ok
15:46:31.0224 1272 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:46:31.0231 1272 Serenum - ok
15:46:31.0248 1272 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:46:31.0248 1272 Serial - ok
15:46:31.0283 1272 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:46:31.0283 1272 sermouse - ok
15:46:31.0323 1272 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:46:31.0329 1272 SessionEnv - ok
15:46:31.0355 1272 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:46:31.0356 1272 sffdisk - ok
15:46:31.0377 1272 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:46:31.0377 1272 sffp_mmc - ok
15:46:31.0387 1272 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:46:31.0387 1272 sffp_sd - ok
15:46:31.0408 1272 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:46:31.0408 1272 sfloppy - ok
15:46:31.0495 1272 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
15:46:31.0500 1272 SftService - ok
15:46:31.0549 1272 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:46:31.0550 1272 SharedAccess - ok
15:46:31.0735 1272 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:46:31.0737 1272 ShellHWDetection - ok
15:46:31.0788 1272 SI3132 (0f498dee92fd73dd999bae4d506367f5) C:\Windows\system32\DRIVERS\SI3132.sys
15:46:31.0788 1272 SI3132 - ok
15:46:31.0817 1272 SiFilter (127ce10e01f53f2edaca7fe42e5631ea) C:\Windows\system32\DRIVERS\SiWinAcc.sys
15:46:31.0817 1272 SiFilter - ok
15:46:31.0925 1272 SiHbaWakeupService (da7724632d582cdb3ee6a6d529f5a24e) C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
15:46:31.0926 1272 SiHbaWakeupService - ok
15:46:31.0928 1272 SiRemFil (b742c37002b8ebef6e230df9b4b28546) C:\Windows\system32\DRIVERS\SiRemFil.sys
15:46:31.0928 1272 SiRemFil - ok
15:46:31.0954 1272 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:46:31.0954 1272 SiSRaid2 - ok
15:46:31.0966 1272 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:46:31.0967 1272 SiSRaid4 - ok
15:46:32.0021 1272 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:46:32.0021 1272 Smb - ok
15:46:32.0081 1272 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:46:32.0082 1272 SNMPTRAP - ok
15:46:32.0085 1272 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:46:32.0085 1272 spldr - ok
15:46:32.0212 1272 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:46:32.0218 1272 Spooler - ok
15:46:32.0381 1272 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:46:32.0394 1272 sppsvc - ok
15:46:32.0412 1272 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:46:32.0413 1272 sppuinotify - ok
15:46:32.0460 1272 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:46:32.0461 1272 srv - ok
15:46:32.0513 1272 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:46:32.0514 1272 srv2 - ok
15:46:32.0584 1272 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:46:32.0585 1272 srvnet - ok
15:46:32.0617 1272 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:46:32.0618 1272 SSDPSRV - ok
15:46:32.0661 1272 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:46:32.0662 1272 SstpSvc - ok
15:46:32.0683 1272 Steam Client Service - ok
15:46:32.0790 1272 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:46:32.0791 1272 Stereo Service - ok
15:46:32.0807 1272 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:46:32.0807 1272 stexstor - ok
15:46:32.0862 1272 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:46:32.0865 1272 stisvc - ok
15:46:32.0892 1272 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:46:32.0892 1272 storflt - ok
15:46:32.0945 1272 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:46:32.0946 1272 storvsc - ok
15:46:32.0963 1272 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:46:32.0963 1272 swenum - ok
15:46:33.0074 1272 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:46:33.0076 1272 SwitchBoard - ok
15:46:33.0108 1272 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:46:33.0111 1272 swprv - ok
15:46:33.0118 1272 Synth3dVsc - ok
15:46:33.0176 1272 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:46:33.0189 1272 SysMain - ok
15:46:33.0230 1272 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:46:33.0231 1272 TabletInputService - ok
15:46:33.0266 1272 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:46:33.0268 1272 TapiSrv - ok
15:46:33.0281 1272 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:46:33.0283 1272 TBS - ok
15:46:33.0374 1272 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:46:33.0380 1272 Tcpip - ok
15:46:33.0400 1272 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:46:33.0406 1272 TCPIP6 - ok
15:46:33.0439 1272 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:46:33.0439 1272 tcpipreg - ok
15:46:33.0461 1272 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:46:33.0461 1272 TDPIPE - ok
15:46:33.0486 1272 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:46:33.0486 1272 TDTCP - ok
15:46:33.0530 1272 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:46:33.0530 1272 tdx - ok
15:46:33.0541 1272 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:46:33.0541 1272 TermDD - ok
15:46:33.0595 1272 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:46:33.0598 1272 TermService - ok
15:46:33.0628 1272 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:46:33.0629 1272 Themes - ok
15:46:33.0665 1272 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:46:33.0666 1272 THREADORDER - ok
15:46:33.0698 1272 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:46:33.0699 1272 TrkWks - ok
15:46:33.0744 1272 TrojanKillerDriver (9bf9e809fbb2d5d0403b32b15abe5f30) C:\Windows\system32\DRIVERS\gtkdrv.sys
15:46:33.0745 1272 TrojanKillerDriver - ok
15:46:33.0800 1272 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:46:33.0801 1272 TrustedInstaller - ok
15:46:33.0830 1272 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:46:33.0830 1272 tssecsrv - ok
15:46:33.0875 1272 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:46:33.0876 1272 TsUsbFlt - ok
15:46:33.0884 1272 tsusbhub - ok
15:46:33.0962 1272 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:46:33.0963 1272 tunnel - ok
15:46:33.0989 1272 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:46:33.0996 1272 uagp35 - ok
15:46:34.0017 1272 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:46:34.0021 1272 udfs - ok
15:46:34.0068 1272 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:46:34.0069 1272 UI0Detect - ok
15:46:34.0114 1272 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:46:34.0122 1272 uliagpkx - ok
15:46:34.0144 1272 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:46:34.0145 1272 umbus - ok
15:46:34.0166 1272 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:46:34.0167 1272 UmPass - ok
15:46:34.0247 1272 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:46:34.0249 1272 UmRdpService - ok
15:46:34.0287 1272 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:46:34.0289 1272 upnphost - ok
15:46:34.0336 1272 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:46:34.0337 1272 USBAAPL64 - ok
15:46:34.0396 1272 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:46:34.0396 1272 usbccgp - ok
15:46:34.0437 1272 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:46:34.0437 1272 usbcir - ok
15:46:34.0457 1272 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:46:34.0458 1272 usbehci - ok
15:46:34.0501 1272 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:46:34.0502 1272 usbhub - ok
15:46:34.0541 1272 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:46:34.0541 1272 usbohci - ok
15:46:34.0563 1272 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:46:34.0563 1272 usbprint - ok
15:46:34.0606 1272 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:46:34.0607 1272 USBSTOR - ok
15:46:34.0635 1272 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:46:34.0644 1272 usbuhci - ok
15:46:34.0677 1272 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:46:34.0678 1272 UxSms - ok
15:46:34.0694 1272 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:34.0694 1272 VaultSvc - ok
15:46:34.0715 1272 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:46:34.0716 1272 vdrvroot - ok
15:46:34.0783 1272 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:46:34.0786 1272 vds - ok
15:46:34.0808 1272 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:46:34.0809 1272 vga - ok
15:46:34.0828 1272 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:46:34.0830 1272 VgaSave - ok
15:46:34.0836 1272 VGPU - ok
15:46:34.0877 1272 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:46:34.0878 1272 vhdmp - ok
15:46:34.0911 1272 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:46:34.0911 1272 viaide - ok
15:46:34.0955 1272 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:46:34.0956 1272 vmbus - ok
15:46:34.0976 1272 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:46:34.0977 1272 VMBusHID - ok
15:46:35.0000 1272 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:46:35.0001 1272 volmgr - ok
15:46:35.0056 1272 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:46:35.0058 1272 volmgrx - ok
15:46:35.0111 1272 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:46:35.0112 1272 volsnap - ok
15:46:35.0141 1272 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:46:35.0142 1272 vsmraid - ok
15:46:35.0208 1272 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:46:35.0213 1272 VSS - ok
15:46:35.0235 1272 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:46:35.0236 1272 vwifibus - ok
15:46:35.0278 1272 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:46:35.0280 1272 W32Time - ok
15:46:35.0302 1272 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:46:35.0302 1272 WacomPen - ok
15:46:35.0327 1272 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:35.0327 1272 WANARP - ok
15:46:35.0329 1272 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:46:35.0329 1272 Wanarpv6 - ok
15:46:35.0425 1272 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:46:35.0429 1272 WatAdminSvc - ok
15:46:35.0507 1272 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:46:35.0513 1272 wbengine - ok
15:46:35.0544 1272 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:46:35.0545 1272 WbioSrvc - ok
15:46:35.0608 1272 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:46:35.0610 1272 wcncsvc - ok
15:46:35.0669 1272 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:46:35.0670 1272 WcsPlugInService - ok
15:46:35.0678 1272 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:46:35.0678 1272 Wd - ok
15:46:35.0738 1272 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:46:35.0740 1272 Wdf01000 - ok
15:46:35.0793 1272 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:46:35.0794 1272 WdiServiceHost - ok
15:46:35.0796 1272 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:46:35.0797 1272 WdiSystemHost - ok
15:46:35.0828 1272 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:46:35.0830 1272 WebClient - ok
15:46:35.0864 1272 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:46:35.0866 1272 Wecsvc - ok
15:46:35.0884 1272 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:46:35.0885 1272 wercplsupport - ok
15:46:35.0903 1272 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:46:35.0904 1272 WerSvc - ok
15:46:35.0921 1272 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:46:35.0922 1272 WfpLwf - ok
15:46:35.0977 1272 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:46:35.0978 1272 WimFltr - ok
15:46:35.0995 1272 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:46:35.0996 1272 WIMMount - ok
15:46:36.0020 1272 WinDefend - ok
15:46:36.0024 1272 WinHttpAutoProxySvc - ok
15:46:36.0095 1272 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:46:36.0096 1272 Winmgmt - ok
15:46:36.0183 1272 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:46:36.0190 1272 WinRM - ok
15:46:36.0231 1272 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:46:36.0231 1272 WinUsb - ok
15:46:36.0278 1272 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:46:36.0282 1272 Wlansvc - ok
15:46:36.0421 1272 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:46:36.0429 1272 wlidsvc - ok
15:46:36.0455 1272 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:46:36.0456 1272 WmiAcpi - ok
15:46:36.0494 1272 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:46:36.0495 1272 wmiApSrv - ok
15:46:36.0497 1272 WMPNetworkSvc - ok
15:46:36.0515 1272 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:46:36.0516 1272 WPCSvc - ok
15:46:36.0563 1272 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:46:36.0564 1272 WPDBusEnum - ok
15:46:36.0573 1272 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:46:36.0573 1272 ws2ifsl - ok
15:46:36.0615 1272 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:46:36.0617 1272 wscsvc - ok
15:46:36.0618 1272 WSearch - ok
15:46:36.0717 1272 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:46:36.0726 1272 wuauserv - ok
15:46:36.0786 1272 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:46:36.0787 1272 WudfPf - ok
15:46:36.0833 1272 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:46:36.0834 1272 WUDFRd - ok
15:46:36.0862 1272 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:46:36.0868 1272 wudfsvc - ok
15:46:36.0918 1272 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:46:36.0919 1272 WwanSvc - ok
15:46:37.0020 1272 X6va005 - ok
15:46:37.0071 1272 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
15:46:37.0071 1272 xusb21 - ok
15:46:37.0087 1272 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
15:46:37.0228 1272 \Device\Harddisk0\DR0 - ok
15:46:37.0229 1272 Boot (0x1200) (2de108a7b6d24c3ea0eee04e7a746eb9) \Device\Harddisk0\DR0\Partition0
15:46:37.0230 1272 \Device\Harddisk0\DR0\Partition0 - ok
15:46:37.0240 1272 Boot (0x1200) (dcbf64ef4a42ee28f080bcc20101557e) \Device\Harddisk0\DR0\Partition1
15:46:37.0249 1272 \Device\Harddisk0\DR0\Partition1 - ok
15:46:37.0249 1272 ============================================================
15:46:37.0249 1272 Scan finished
15:46:37.0249 1272 ============================================================
15:46:37.0255 4508 Detected object count: 0
15:46:37.0255 4508 Actual detected object count: 0
15:47:11.0456 4216 Deinitialize success
Jessicka
Active Member
 
Posts: 11
Joined: May 24th, 2012, 6:46 am

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Alander » May 29th, 2012, 7:29 am

Hi :), I am missing information that is needed from extras.txt, I need you to post the attach.txt from DDS if you still have it, if not please

RE-RUN DDS
Please disable any anti-malware program that will block scripts from running before running DDS.

  • Right-Click on dds.scr And select " Run as administrator "... and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Jessicka » May 29th, 2012, 4:45 pm

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Lightning at 15:43:37 on 2012-05-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.8296 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Alienware\Command Center\DoorController.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Alienware\Command Center\ThermalController.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Origin\OriginClientService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [DriverMax_RESTART]
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [<NO NAME>]
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AWMOUS~1.LNK - C:\Program Files (x86)\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/ ... emLite.CAB
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E43AB5AF-E531-4A4B-981B-9223A8A2D4E1} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [(Default)]
mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 69.10.57.36 www.google-analytics.com.
Hosts: 69.10.57.36 ad-emea.doubleclick.net.
Hosts: 69.10.57.36 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Lightning\AppData\Roaming\Mozilla\Firefox\Profiles\fb08nrxg.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.searchya_i.hmpg - true
FF - user.js: extensions.searchya_i.hmpgUrl - hxxp://searchya.com/?chnl=ft-100&s=0&cr ... tBtDtBtCyD
FF - user.js: extensions.searchya_i.dfltSrch - true
FF - user.js: extensions.searchya_i.srchPrvdr - SearchYa!
FF - user.js: extensions.searchya_i.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - true
FF - user.js: extensions.searchya_i.newTabUrl - hxxp://searchya.com/?chnl=ft-100&s=2&cr ... tBtDtBtCyD
FF - user.js: extensions.searchya_i.tlbrSrchUrl - hxxp://searchya.com/?chnl=ft-100&s=3&cr ... DtBtCyD&q=
FF - user.js: extensions.searchya_i.id - bacb074a000000000000a4badbfd71ba
FF - user.js: extensions.searchya_i.instlDay - 15385
FF - user.js: extensions.searchya_i.vrsn - 1.5.13.0
FF - user.js: extensions.searchya_i.vrsni - 1.5.13.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.5.13.014:39:16
FF - user.js: extensions.searchya_i.prtnrId - ironsrc
FF - user.js: extensions.searchya_i.prdct - searchya
FF - user.js: extensions.searchya_i.aflt - foxtab
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya_i.tlbrId - base
FF - user.js: extensions.searchya_i.instlRef - ft-100
FF - user.js: extensions.searchya_i.dfltLng -
FF - user.js: extensions.searchya_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-11-5 15296]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2011-1-14 163328]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-7 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-21 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-21 1262400]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 SiHbaWakeupService;SiI31xx HBA Wakeup Utility;C:\Program Files (x86)\Silicon Image\SiI31xx HBA Wakeup Utility\SiHbaWakeupService.exe [2009-7-27 62464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 AWOPFilterDriver;AWOPFilterDriver;\??\C:\Windows\system32\drivers\AWOPFilterDriver.sys --> C:\Windows\system32\drivers\AWOPFilterDriver.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mio;Master IO Filter Driver;C:\Windows\system32\DRIVERS\mio.sys --> C:\Windows\system32\DRIVERS\mio.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 rzudd;Razer Mouse Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2010/12/07 15:29:09;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-4-26 232944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-22 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys --> C:\Windows\system32\DRIVERS\btwdpan.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-1-6 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-7 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-1-6 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-1-26 135584]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-22 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;C:\Windows\system32\DRIVERS\gtkdrv.sys --> C:\Windows\system32\DRIVERS\gtkdrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-1 214896]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2010-12-7 1692480]
.
=============== Created Last 30 ================
.
2012-05-29 20:41:51 -------- d-----w- C:\Users\Lightning\AppData\Local\{AB19835F-9FFD-46BB-BA34-8FB2428FB4EF}
2012-05-29 20:41:40 -------- d-----w- C:\Users\Lightning\AppData\Local\{9319ACAA-2AB7-48AF-A3B6-8ABC55508844}
2012-05-29 20:27:09 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4A69195-D01A-4E42-9AC9-8241C6EE8117}\mpengine.dll
2012-05-28 21:35:36 -------- d-----w- C:\Users\Lightning\AppData\Local\{DEB5501C-E032-4A09-9382-3E3EC5268AAB}
2012-05-28 21:35:25 -------- d-----w- C:\Users\Lightning\AppData\Local\{F4F30771-E513-455D-96CD-C47A464D91A8}
2012-05-28 01:34:05 -------- d-----w- C:\Users\Lightning\AppData\Local\{6AEDF530-84CF-46AC-B1BA-98C6B595E5CD}
2012-05-28 01:33:44 -------- d-----w- C:\Users\Lightning\AppData\Local\{083DDD71-C4DF-4C1A-BBD7-203F6F24E8AE}
2012-05-27 22:29:31 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-27 02:16:31 -------- d-----w- C:\Users\Lightning\AppData\Local\{5691ADCC-8681-4233-B149-73F301719B4B}
2012-05-27 02:16:20 -------- d-----w- C:\Users\Lightning\AppData\Local\{16874EB0-37DE-4742-9ABD-703BFE20AC39}
2012-05-26 11:54:18 -------- d-----w- C:\Users\Lightning\AppData\Local\{386521FE-D231-4296-80CF-F2FC25B20F1E}
2012-05-26 11:53:57 -------- d-----w- C:\Users\Lightning\AppData\Local\{1A75D92D-A0E8-4FB1-91B4-3AB2A04DF8C8}
2012-05-25 23:53:31 -------- d-----w- C:\Users\Lightning\AppData\Local\{51E4308C-0B0E-44B1-8EF9-AAC45511256E}
2012-05-25 23:53:20 -------- d-----w- C:\Users\Lightning\AppData\Local\{8AA97310-670A-4D66-A333-85AFB9F6DACA}
2012-05-25 23:52:44 -------- d-----w- C:\Users\Lightning\AppData\Local\{CF380FFD-3B4B-4EC0-BABB-2FC53A28D7EB}
2012-05-25 23:52:21 -------- d-----w- C:\Users\Lightning\AppData\Local\{58D2B005-1AD7-4D10-952F-451B28B516CC}
2012-05-25 02:36:53 -------- d-----w- C:\Users\Lightning\AppData\Local\{E64372C4-FEE1-4758-AD1F-FC431360B1C3}
2012-05-25 02:36:22 -------- d-----w- C:\Users\Lightning\AppData\Local\{A638D759-D983-4CDA-98E5-1185C2D1EFC0}
2012-05-23 23:30:57 -------- d-----w- C:\Users\Lightning\AppData\Local\{7BAB18E2-0345-477B-A322-78BA2930A22D}
2012-05-23 23:30:46 -------- d-----w- C:\Users\Lightning\AppData\Local\{BB80044A-27DD-4568-A6B8-90F3BCC15D2A}
2012-05-22 20:46:36 -------- d-----w- C:\Users\Lightning\AppData\Local\{08496945-B200-4845-8F5D-625317B58129}
2012-05-22 20:46:25 -------- d-----w- C:\Users\Lightning\AppData\Local\{5555DA86-B1D2-4B27-8DC3-4DB836AB5FF0}
2012-05-22 08:35:03 -------- d-----w- C:\Users\Lightning\AppData\Local\{B402261C-0006-43FD-ACBD-14EE7985C9D9}
2012-05-22 08:34:52 -------- d-----w- C:\Users\Lightning\AppData\Local\{F46CE1F7-7274-4FA1-B889-7282B50E1D2B}
2012-05-22 08:34:42 -------- d-----w- C:\Users\Lightning\AppData\Local\{5490BD05-34BF-4615-867C-B579544822E6}
2012-05-22 08:34:31 -------- d-----w- C:\Users\Lightning\AppData\Local\{15173883-3AE6-4676-8C34-49A93C5E183E}
2012-05-22 08:34:10 -------- d-----w- C:\Users\Lightning\AppData\Local\{9CB6E20C-16A8-4AF4-9BC2-C4A777A319E2}
2012-05-22 08:32:52 -------- d-----w- C:\Users\Lightning\AppData\Local\{BB76A48C-91C5-4792-8B44-2BA1A7393043}
2012-05-22 00:14:21 978944 ----a-w- C:\Windows\System32\msvcp71.dll
2012-05-22 00:14:21 520192 ----a-w- C:\Windows\System32\msvcr71.dll
2012-05-22 00:14:21 381952 ----a-w- C:\Windows\System32\nvexpBar.dll
2012-05-22 00:14:21 372736 ----a-w- C:\Windows\System32\NVUNINST.EXE
2012-05-22 00:14:21 2065920 ----a-w- C:\Windows\System32\nvcplUI.exe
2012-05-22 00:14:21 1524736 ----a-w- C:\Windows\System32\MFC71.dll
2012-05-22 00:14:21 1064448 ----a-w- C:\Windows\System32\nvcplUIR.dll
2012-05-22 00:14:12 -------- d-----w- C:\Users\Lightning\AppData\Local\NVIDIA Corporation
2012-05-22 00:13:29 -------- d-----w- C:\Program Files (x86)\NVIDIA nTune Performance Application
2012-05-21 20:23:52 -------- d-----w- C:\Users\Lightning\AppData\Local\{695A79C2-D774-4B05-8836-CF4D4C6F8013}
2012-05-21 20:23:42 -------- d-----w- C:\Users\Lightning\AppData\Local\{7B355EC0-7E15-43C7-B562-AF4E8DD9D68D}
2012-05-20 23:00:47 -------- d-----w- C:\Users\Lightning\AppData\Local\{DB9EE5E3-BCB2-4489-8A4B-1F5D3D8417B7}
2012-05-20 23:00:37 -------- d-----w- C:\Users\Lightning\AppData\Local\{480D3817-F403-4BA6-81BF-D6B56BF03F56}
2012-05-20 10:09:51 -------- d-----w- C:\Users\Lightning\AppData\Local\{3E5F4D3D-494A-46DB-B2A6-517E5865FAF3}
2012-05-20 10:09:29 -------- d-----w- C:\Users\Lightning\AppData\Local\{FC2098F1-6104-4186-931E-9342F7F66486}
2012-05-19 22:09:04 -------- d-----w- C:\Users\Lightning\AppData\Local\{0286F34E-FF9A-4042-80E3-1C9D8987EEEB}
2012-05-19 22:08:53 -------- d-----w- C:\Users\Lightning\AppData\Local\{23DDD0B7-A008-460B-BF1D-88EF14C2FAFA}
2012-05-19 09:49:40 -------- d-----w- C:\Users\Lightning\AppData\Local\{B17B0578-8C27-45BA-839E-4977E02BECEF}
2012-05-19 09:49:18 -------- d-----w- C:\Users\Lightning\AppData\Local\{1805F74D-429B-455A-B089-47BE66E13C23}
2012-05-19 01:26:18 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-05-19 01:26:18 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-05-19 01:26:18 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-05-19 01:25:56 -------- d-----w- C:\Program Files\iPod
2012-05-19 01:25:55 -------- d-----w- C:\Program Files\iTunes
2012-05-19 01:25:55 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-19 01:25:16 -------- d-----w- C:\Program Files\Bonjour
2012-05-19 01:25:16 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-18 21:48:53 -------- d-----w- C:\Users\Lightning\AppData\Local\{F189A3B2-94A4-497C-A7C9-A1D6B3AAC1A3}
2012-05-18 21:48:30 -------- d-----w- C:\Users\Lightning\AppData\Local\{36B14775-2FCD-4C74-AF86-0A2886F176CC}
2012-05-18 02:41:41 -------- d-----w- C:\Users\Lightning\AppData\Local\Razer
2012-05-18 00:37:25 -------- d-----w- C:\Users\Lightning\AppData\Local\{3855A4A5-21D6-4A8D-B5E8-AE1368D19F9C}
2012-05-18 00:37:03 -------- d-----w- C:\Users\Lightning\AppData\Local\{0AF56C2D-CB34-42AD-BDE4-920F275B4B5D}
2012-05-17 08:58:28 -------- d-----w- C:\Users\Lightning\AppData\Local\{8CC8A56C-3836-4A5D-83F1-E0BD93665C70}
2012-05-17 08:58:17 -------- d-----w- C:\Users\Lightning\AppData\Local\{1BE0983F-6804-487C-AEC7-914FAAB4E254}
2012-05-16 20:58:04 -------- d-----w- C:\Users\Lightning\AppData\Local\{5BE81193-AD0F-46B8-ADFD-74990CDCB0D3}
2012-05-16 20:57:53 -------- d-----w- C:\Users\Lightning\AppData\Local\{0BA64573-696A-4E67-A94C-3AD7CDB089F5}
2012-05-16 01:16:43 -------- d-----w- C:\Users\Lightning\AppData\Local\{E75028C4-70DF-4107-9CBF-3EF596F12B9E}
2012-05-16 01:16:32 -------- d-----w- C:\Users\Lightning\AppData\Local\{218AA661-9B58-44AB-BAC2-A81055215E03}
2012-05-15 07:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-15 05:58:36 -------- d-----w- C:\Users\Lightning\AppData\Local\{7ACCF44C-0D4B-4C6F-8527-312333CA5215}
2012-05-15 05:57:46 -------- d-----w- C:\Users\Lightning\AppData\Local\{D5300770-F350-44F0-9209-A15003EF8BDB}
2012-05-14 17:57:33 -------- d-----w- C:\Users\Lightning\AppData\Local\{92E86B17-5B88-4709-BB0F-1D4206397A32}
2012-05-14 17:57:11 -------- d-----w- C:\Users\Lightning\AppData\Local\{9F4A09C6-B8B6-450C-95C5-B7B810267CBE}
2012-05-14 00:28:44 -------- d-----w- C:\Users\Lightning\AppData\Local\{78E4DA42-CCF5-4838-BA8E-C0779EED6898}
2012-05-14 00:28:33 -------- d-----w- C:\Users\Lightning\AppData\Local\{E065DB90-86C0-47FA-8D3A-520976B10133}
2012-05-13 00:55:11 -------- d-----w- C:\Users\Lightning\AppData\Local\{25B3C571-C789-4DEF-9816-99A4AAC3F68D}
2012-05-13 00:55:00 -------- d-----w- C:\Users\Lightning\AppData\Local\{06640C94-44C7-4D6A-8813-E7A1A7DD76A5}
2012-05-12 07:38:44 -------- d-----w- C:\Users\Lightning\AppData\Local\{ADCA69E0-44C4-449E-AE87-8402FC71DE8D}
2012-05-12 07:38:23 -------- d-----w- C:\Users\Lightning\AppData\Local\{8644B141-1767-4AF7-8B90-A0BAAAE6A91D}
2012-05-11 19:37:57 -------- d-----w- C:\Users\Lightning\AppData\Local\{5CF25E04-73C8-41A5-A001-6CE49E693D0D}
2012-05-11 19:37:46 -------- d-----w- C:\Users\Lightning\AppData\Local\{E53F95B3-4557-4C13-AC7D-F9D65EE88FE6}
2012-05-11 07:31:35 -------- d-----w- C:\Users\Lightning\AppData\Local\{F91E865A-A19C-47C7-9907-23D748E461D9}
2012-05-11 07:31:13 -------- d-----w- C:\Users\Lightning\AppData\Local\{05E27C7F-DB0C-4D65-AB15-57837B9AA8CC}
2012-05-10 19:31:00 -------- d-----w- C:\Users\Lightning\AppData\Local\{E5D174FB-3645-405F-B53A-28BA1B4BDC4F}
2012-05-10 19:30:39 -------- d-----w- C:\Users\Lightning\AppData\Local\{63529318-2197-4596-AB4D-9E9EAE390788}
2012-05-10 07:30:13 -------- d-----w- C:\Users\Lightning\AppData\Local\{6A69C422-5C5C-4D84-8820-4926B9F4B3B2}
2012-05-10 07:29:52 -------- d-----w- C:\Users\Lightning\AppData\Local\{0438930B-287B-4833-8987-6240411B0B6F}
2012-05-09 19:29:39 -------- d-----w- C:\Users\Lightning\AppData\Local\{0267D066-EF50-4C49-AFDB-374A41B5C182}
2012-05-09 19:29:28 -------- d-----w- C:\Users\Lightning\AppData\Local\{898F34E2-7B21-4A73-90AB-B819C3C01FEB}
2012-05-09 08:01:35 -------- d-----w- C:\e6e8d012520a8e56c76bc7665b9488
2012-05-08 20:01:03 -------- d-----w- C:\Users\Lightning\AppData\Local\{8FAFC6F2-BF55-49DE-9587-FDA13F2CB5BD}
2012-05-08 20:00:41 -------- d-----w- C:\Users\Lightning\AppData\Local\{E12635CD-754C-43D5-821A-2322F8619B2A}
2012-05-08 08:00:17 -------- d-----w- C:\Users\Lightning\AppData\Local\{BEC338E6-BC3B-4CAE-9A47-644AB45A6262}
2012-05-08 07:59:55 -------- d-----w- C:\Users\Lightning\AppData\Local\{2C087274-22D2-4A0E-947B-2A72656076D7}
2012-05-07 19:59:42 -------- d-----w- C:\Users\Lightning\AppData\Local\{1D94EA2E-2D67-46A9-8171-DC756D842203}
2012-05-07 19:59:20 -------- d-----w- C:\Users\Lightning\AppData\Local\{6FC8C58A-A257-4650-8808-3AE9DEE31400}
2012-05-07 07:58:56 -------- d-----w- C:\Users\Lightning\AppData\Local\{56F87393-BA28-479B-9F16-D23406A85934}
2012-05-07 07:58:35 -------- d-----w- C:\Users\Lightning\AppData\Local\{C9CFBF69-030C-4995-A8A4-AEB2F836A6AD}
2012-05-06 19:58:21 -------- d-----w- C:\Users\Lightning\AppData\Local\{D9098F0C-F754-44ED-9C5A-EE73C06E4754}
2012-05-06 19:57:59 -------- d-----w- C:\Users\Lightning\AppData\Local\{B22849BF-F535-4B15-85D9-A488B2555F00}
2012-05-06 07:57:35 -------- d-----w- C:\Users\Lightning\AppData\Local\{04E72FB9-2CBA-4AE7-8016-E37A24387E94}
2012-05-06 07:57:13 -------- d-----w- C:\Users\Lightning\AppData\Local\{EAF4D99A-0FFE-472A-8C5B-90B55B9219AE}
2012-05-05 19:57:00 -------- d-----w- C:\Users\Lightning\AppData\Local\{D720956D-6D99-437D-8C44-9952C1B5D36C}
2012-05-05 19:56:49 -------- d-----w- C:\Users\Lightning\AppData\Local\{036A2801-81C5-46B8-882D-3E86A970688E}
2012-05-05 07:54:02 -------- d-----w- C:\Users\Lightning\AppData\Local\{BFAEEF38-DC67-4B4A-B8F3-C31AEB70D95A}
2012-05-05 07:53:40 -------- d-----w- C:\Users\Lightning\AppData\Local\{BB4330C9-4CCE-42A0-A967-7D6B4CEB1045}
2012-05-04 19:53:24 -------- d-----w- C:\Users\Lightning\AppData\Local\{5C8AEAD7-AE7C-40B4-8594-B85F5967E9D4}
2012-05-04 19:53:02 -------- d-----w- C:\Users\Lightning\AppData\Local\{9F4A72B9-38EE-45C5-95DB-FC69F619DB20}
2012-05-04 07:49:46 -------- d-----w- C:\Users\Lightning\AppData\Local\{538529CE-4138-4632-B24F-5231549469BB}
2012-05-04 07:49:24 -------- d-----w- C:\Users\Lightning\AppData\Local\{F2E6B971-2A3F-41B9-A3E6-0918C5672364}
2012-05-03 19:49:11 -------- d-----w- C:\Users\Lightning\AppData\Local\{73E86C5C-215F-479A-B36A-637A7DF38DF5}
2012-05-03 19:48:50 -------- d-----w- C:\Users\Lightning\AppData\Local\{0950AE19-799E-4194-9DE0-498EDCD1C910}
2012-05-03 19:32:32 -------- d-----w- C:\Users\Lightning\AppData\Local\Innovative Solutions
2012-05-03 19:32:30 -------- d-----w- C:\Program Files (x86)\Innovative Solutions
2012-05-03 19:30:50 -------- d--h--w- C:\ProgramData\Common Files
2012-05-03 07:48:25 -------- d-----w- C:\Users\Lightning\AppData\Local\{301DEB12-2569-4E72-B223-34BE50A156DD}
2012-05-03 07:48:03 -------- d-----w- C:\Users\Lightning\AppData\Local\{95BF36DE-189E-4188-A4F2-50EC68FDF560}
2012-05-02 19:47:49 -------- d-----w- C:\Users\Lightning\AppData\Local\{A97C69AB-4FE3-4A15-AD53-94305EB49E8A}
2012-05-02 19:47:38 -------- d-----w- C:\Users\Lightning\AppData\Local\{0799BCB6-5EB1-46FB-8944-72D0A33DA132}
2012-05-01 21:34:32 -------- d-----w- C:\Users\Lightning\AppData\Local\{F99D9B7F-A6DA-4323-A171-D6004303022C}
2012-05-01 21:34:10 -------- d-----w- C:\Users\Lightning\AppData\Local\{4CE64A14-166F-4DDA-918E-6CE3BB4ED233}
2012-05-01 09:33:45 -------- d-----w- C:\Users\Lightning\AppData\Local\{15071BF1-7FEE-406A-AB07-68272DF842A0}
2012-05-01 09:33:23 -------- d-----w- C:\Users\Lightning\AppData\Local\{8F859861-7DBD-40A0-B0D1-6C0C486E4714}
2012-05-01 08:00:53 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-30 21:33:10 -------- d-----w- C:\Users\Lightning\AppData\Local\{79775016-1C83-400A-9019-6E7A2C7A56BA}
2012-04-30 21:32:49 -------- d-----w- C:\Users\Lightning\AppData\Local\{AF0C0804-AC4D-47DE-8742-C5137D76E5BC}
2012-04-30 09:32:23 -------- d-----w- C:\Users\Lightning\AppData\Local\{007421F4-B7A9-4A7F-9FDC-F39CE8B9E252}
2012-04-30 09:32:02 -------- d-----w- C:\Users\Lightning\AppData\Local\{E7C6821C-F57E-4B7D-97FA-091C8C4BE880}
2012-04-29 21:31:35 -------- d-----w- C:\Users\Lightning\AppData\Local\{1358A382-AB1E-4928-8B00-1748C215A250}
2012-04-29 21:31:24 -------- d-----w- C:\Users\Lightning\AppData\Local\{FC5B258E-EA63-4770-AA99-9F518A903DF4}
.
==================== Find3M ====================
.
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-05 00:09:16 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 00:09:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 00:09:06 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-21 18:20:15 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-04-20 20:13:40 269712 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-04-17 08:07:01 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 23:15:45 269712 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-21 01:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-08 23:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-08 05:46:50 138752 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2012-03-05 08:49:56 19536 ----a-w- C:\Windows\System32\drivers\AWOPFilterDriver.sys
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-01 08:32:06 284672 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
============= FINISH: 15:44:06.11 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 12/10/2010 9:38:47 PM
System Uptime: 5/29/2012 3:15:29 PM (0 hours ago)
.
Motherboard: Alienware | | 0XDJ4C
Processor: Intel(R) Core(TM) i7 CPU X 980 @ 3.33GHz | CPU 1 | 3334/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1855 GiB total, 1273.402 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP283: 5/22/2012 9:41:14 PM - Removed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
RP284: 5/22/2012 9:43:42 PM - Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
RP285: 5/22/2012 9:44:27 PM - Configured Gears of War
RP286: 5/24/2012 9:45:11 PM - Windows Update
RP287: 5/29/2012 3:20:10 PM - Installed DirectX
RP288: 5/29/2012 3:27:04 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 69.10.57.36 www.google-analytics.com.
Hosts: 69.10.57.36 ad-emea.doubleclick.net.
Hosts: 69.10.57.36 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
3132-W-D
3DMark 11
Adobe AIR
Adobe Community Help
Adobe Photoshop CS5.1
Adobe Reader 9.1.2
Adobe Shockwave Player 11.6
Advertising Center
AlienRespawn
AlienRespawn - Support Software
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
Assassin's Creed Revelations
Batman: Arkham City™ PC
Beatport Downloader
BeatportDownloader
Blades of Time Demo
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Champions Online
City of Heroes
Clone Wars
Command Center
Creative 3DMIDI Player
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative Diagnostics
Creative Media Toolbox 6
Creative Media Toolbox 6 (Shared Components)
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
CyberLink PowerDVD 9.5
D3DX10
DC Universe Online Live
DC Universe Online Test
Dear Esther
Deus Ex: Human Revolution
Deus Ex: Human Revolution - The Missing Link
Dolby Digital Live Pack
Dragon Age II
Dragon Age Origins
DriverFinder
DriverMax 6
DTS Connect Pack
Dungeon Siege III
EA Installer
EA Shared Game Component: Activation
Earth Defense Force: Insect Armageddon
ESET Online Scanner v3
Fraps (remove only)
Free Realms
Futuremark SystemInfo
Google Chrome
Google Update Helper
HD Tune 2.55
Hexagon 2
HiJackThis
Hunted: The Demon's Forge
ImagXpress
imollo
Intel(R) Control Center
Intel(R) Rapid Storage Technology
iStonsoft iPad to Computer Transfer build(3.6.0)
Java Auto Updater
Junk Mail filter update
Kingdoms Of Amalur: Reckoning
Kingdoms of Amalur: Reckoning Demo
Left 4 Dead 2
Left 4 Dead 2 Add-on Support
Left 4 Dead 2 Authoring Tools
Left 4 Dead 2 Dedicated Server
Left 4 Dead Authoring Tools
LotRO Plugin Assistant
Magicka - Demo
Malwarebytes Anti-Malware version 1.61.0.1400
Mass Effect 2
Mass Effect™ 3
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 3.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Moon Breakers
MotoHelper 2.1.40 Driver 5.5.0
MotoHelper MergeModules
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 9.0.1 (x86 en-GB)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Naga Firmware Updater 1.13
NCsoft Launcher
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero Rescue Agent
Nero RescueAgent Help
Nero StartSmart
Nero StartSmart Help
NeroExpress
neroxml
NirSoft BlueScreenView
NVIDIA nTune
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OCCT 4.0.0
OnLive
OpenAL
Origin
PAYDAY: The Heist
PDF Settings CS5
Ralink RT2870 Wireless LAN Card
Razer DeathAdder(TM) Mouse
Razer Naga
Razer Synapse 2.0
Resident Evil™: Operation Raccoon City
Ridge Racer™ Unbounded Demo
Rusty Hearts
Saints Row The Third Prima Official Strategy Guide
Saints Row: The Third
Saints Row: The Third - Initiation Station
SecondLifeViewer (remove only)
SecondLifeViewer2 (remove only)
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SiI31xx HBA Wakeup Utility
SIW version 2011.10.29
Sound Blaster X-Fi
Source SDK
Star Trek Online
Star Wars: The Old Republic
Steam
swMSM
System Requirements Lab CYRI
The Elder Scrolls V: Skyrim
The Lord of the Rings Online™ v03.02.03.8013
The Lord of the Rings: War in the North
The Witcher 2: Enhanced Edition
THX TruStudio PC
Torchlight
Trine 2
Trojan Killer
Tron: Evolution
Ubisoft Game Launcher
Ultimate DCUO Character Planner
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Warhammer 40,000 Space Marine
Winamp
Winamp Detector Plug-in
Winamp Essentials Pack
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 14.5
.
==== Event Viewer Messages From Past Week ========
.
5/29/2012 3:15:51 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
5/27/2012 6:16:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003b8ab45, 0x0000000000000001, 0x0000000004331f8b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052712-20638-01.
5/27/2012 5:29:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.127.836.0).
5/22/2012 9:33:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80003b856f2, 0xfffff88012664d00, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052212-19718-01.
5/22/2012 3:56:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa800e082028, 0x00000000f2000000, 0x0000000000010005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052212-17924-01.
5/22/2012 2:59:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff880037086e8, 0xfffff88003707f40, 0xfffff800038a80f4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052212-19141-01.
.
==== End Of File ===========================
Jessicka
Active Member
 
Posts: 11
Joined: May 24th, 2012, 6:46 am

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Alander » May 30th, 2012, 5:45 am

Step 1.
Run OTL - System Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. When the window appears, make sure Include 64bit Scans is CHECKED.
  3. Under the Standard Registry box change it to All.
  4. Check/tick the boxes beside LOP Check and Purity Check.
  5. Copy the following text... do not include the quote box title "Quote'
    :processes
    :OTL
    IE - HKU\S-1-5-21-633762127-47815373-1907182395-1000\..\SearchScopes\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}: "URL" = http://searchya.com/?chnl=ft-100&s=1&cr ... DtBtCyD&q={search
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-633762127-47815373-1907182395-1000..\Run: [DriverMax_RESTART] File not found
    O4 - HKU\S-1-5-21-633762127-47815373-1907182395-1011..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

    :Files
    C:\Users\Lightning\AppData\Local\Temp20.html
    C:\Users\Lightning\AppData\Local\Temp1.html

    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]

  6. Click under the Custom Scan/Fixes box and paste the copied text.
  7. Click the Run Fix button. If prompted... click OK.
  8. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  9. Please post the contents of report in your next reply.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Jessicka » May 30th, 2012, 4:40 pm

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-633762127-47815373-1907182395-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDA8FA1E-2D67-497A-A3BD-C22850C3975C}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-633762127-47815373-1907182395-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DriverMax_RESTART deleted successfully.
Registry value HKEY_USERS\S-1-5-21-633762127-47815373-1907182395-1011\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\Users\Lightning\AppData\Local\Temp20.html moved successfully.
C:\Users\Lightning\AppData\Local\Temp1.html moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lightning
->Temp folder emptied: 767102037 bytes
->Temporary Internet Files folder emptied: 91777694 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 117626050 bytes
->Google Chrome cache emptied: 349231113 bytes
->Flash cache emptied: 25976 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
Jessicka
Active Member
 
Posts: 11
Joined: May 24th, 2012, 6:46 am

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Alander » May 31st, 2012, 5:03 am

Step 1.
ESET NOD32 Online Scan
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  1. Click the green [ESET Online Scanner] button.
  2. Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  3. Click the green [Start] button.
  4. Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  5. Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  6. Click Advanced settings ... select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  7. Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  8. When the scan completes... press the text: Image
  9. Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  10. Press the [Back] button... then press the [Finish] button.
  11. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection... before continuing!


Step 2.
Malwarebytes' Anti-Malware (MBAM)
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab...
  4. Select FULL SCAN this time... then press the Scan...button. This scan will take a while, so please be patient.
    When the scan finishes...
  5. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  6. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  7. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.


Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. ESET Log
  3. MBAM Log
  4. How is the computer behaving? Is it still redirecting?
Thanks
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Alander » June 1st, 2012, 8:51 am

3 Day Response
Hello...
It has been almost 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
After 36 hrs., if you have not replied to this thread... it will be closed!
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Jessicka » June 1st, 2012, 5:00 pm

I'll have what you need in a few hours. I've had to work more hours lately, since my dog has hip dysplasia. The surgery is very expensive... so I wasn't online as much. It's hard to make the 36 hour deadline with work.
Jessicka
Active Member
 
Posts: 11
Joined: May 24th, 2012, 6:46 am

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Jessicka » June 1st, 2012, 10:14 pm

Alot of these ESET found look normal. Alienware and the Shimmer Ravenlie stuff is just game trainers from a legit site, and I recognize the folders I put those in (by months). One of the entries is a false positive from Left 4 Dead:2 according to Valve's site, Winamp I know, but not sure why it detected it as a threat.

Aside from the logs below, the redirects are gone and everything is running fast.

C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Lightning\Desktop\2012 january the october 2011 was newer than dec 2011\batman arkham city trainer\bac-ravenlie-0116ed0a9b33f69.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\februray 2012\koa-ravenlie-8281502b11ad6e3.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\march2\april 2012 1\tron evolution trainer\me3-ravenlie-2dffb8527405895.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\march2\april 2012 1\tron evolution trainer\me3-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\march2\april 2012 1\tron evolution trainer\tron-ravenlie-0dfc783957aefb9.zip a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\march2\april 2012 1\tron evolution trainer\tron-Ravenlie.exe a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\me 3 trainer mass effect 3\me3-ravenlie-83d9a93cc52bfe3.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\me 3 trainer mass effect 3\me3-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\me 3 trainer mass effect 3\me2 trainer\Mass Effect 2 Trainer.exe a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\me 3 trainer mass effect 3\me2 trainer\me2s-ravenlie-b3bf53e9f17bf55mass effect 2.zip a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\me 3 trainer mass effect 3\me2 trainer\me2s-Ravenlie.exe a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\me 3 trainer mass effect 3\me2 trainer\sum1ejecth4x0rintospace101-ch.zip a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\me 3 trainer mass effect 3\me3 trainer march 6\me3-ravenlie-3f67745c09fd534.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\februray 2012\march 2012\batwoman newest\me 3 trainer mass effect 3\me3 trainer march 6\me3-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\februray 2012\march 2012\Kingdoms of Alamur recokning\koa-ravenlie-c8ecac930b87b2d.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\februray 2012\march 2012\Kingdoms of Alamur recokning\koa-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\CNET_TechTracker_2_0_1_51a_Setup.exe Win32/OpenCandy application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\r6sincity106-ch.zip a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\Rainbow Six Vegas 1.06 Trainer.exe a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\winamp561_full_emusic-7plus_en-us.exe Win32/OpenCandy application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\pth-HEIST ravenlie-7e1db2e23e29d6e.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\batman arkham city trainer\bac-ravenlie-365fc4746b955bd.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\batman arkham city trainer\bac-ravenlie-7e8d967.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\batman arkham city trainer\bac-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\batman arkham city trainer\mw3-ravenlie-ed18f9b.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\batman arkham city trainer\sr3-ravenlie-0b31c63.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\batman arkham city trainer\win-ravenlie-ad247fb.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\batman arkham city trainer\update\bac-ravenlie-feec37c2f2e6940.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\bulletstorm\nw-ravenlie-f2fee35621a80f2.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\bulletstorm\nw-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\mw3\mw3-ravenlie-0ccabc04c87a4bc.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\mw3\mw3-ravenlie-c8d40e863f3c5d3.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\mw3\mw3-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\saints row t\htdf-ravenlie-4c1a90ef687f559.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\saints row t\htdf-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\saints row t\l4d2-ravenlie-069d556d846d053.zip a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\saints row t\l4d2-Ravenlie.exe a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\saints row t\sr3-ravenlie-8a46222ff948944.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\saints row t\sr3-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\space marine\wsm-ravenlie-cbf057c405dda95.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\test drive unlimited\tdu2-ravenlie-a46099cc1489.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\august\september\september 3\sept 4\test drive unlimited\tdu2-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\darksiders trainer\dark-shimmer-4e7b9ceab569688.zip a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\april 2\may 2011\may 2011 2\may 2011 2\july 2011\darksiders trainer\dark-Shimmer.exe a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\batman trainer paid\bgoy-shimmer-2c5117db03a5a60.zip a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\batman trainer paid\bgoy-Shimmer.exe a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\batman trainer paid\mw2-shimmer-4c7b80e5877fb68.zip a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\feburary 2011\feburary 2011\february 2 for 2011\februrary3\februrary3\february 4\april\batman trainer paid\mw2-Shimmer.exe a variant of Win32/GameHack.F application
C:\Users\Lightning\Desktop\october 2011\acr-ravenlie-3ab7cfeef994a0c.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\october 2011\edfi-ravenlie-91ede53cadc429e.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\october 2011\sr3-ravenlie-2cc6a7d26ca51c9.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\october 2011\trn2-ravenlie-a4c1bf521d2d07a.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\october 2011\acr trainer\acr-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\october 2011\edif\edfi-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\october 2011\lord of the rings war in the north\win-ravenlie-716eb205ea5e74a.zip a variant of Win32/GameHack.BE application
C:\Users\Lightning\Desktop\october 2011\lord of the rings war in the north\win-Ravenlie.exe a variant of Win32/GameHack.BE application
C:\Users\Lightning\Downloads\siw-setup.exe Win32/OpenCandy application
C:\Users\Lightning\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application
-----------------------------------

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Lightning :: LIGHTNING-PC [administrator]

6/1/2012 7:15:16 PM
mbam-log-2012-06-01 (19-15-16).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 724360
Time elapsed: 1 hour(s), 53 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Jessicka
Active Member
 
Posts: 11
Joined: May 24th, 2012, 6:46 am

Re: Google redirect on Firefox, IE, Chrome even Second Life

Unread postby Alander » June 3rd, 2012, 2:32 am

Hi :),
You may keep the game trainers you have downloaded, however, I would strongly recommend you to remove them as Win32/GameHack communicates with remote servers to display pop-up advertisements without adequate user consent. It may download arbitrary files, such as updates of the installed executable, or DLL component.

Step 1.
OTL - System Scan
Please download OTL.exe ... by Old Timer . Save it to your Desktop
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. When the window appears, make sure Include 64bit Scans is CHECKED.
  3. Under the Standard Registry box change it to All.
  4. Check/tick the boxes beside LOP Check and Purity Check.
  5. Copy the following text... do not include the quote box title "Quote'
    :Files
    C:\Users\Lightning\Downloads\siw-setup.exe
    C:\Users\Lightning\Downloads\winamp5623_full_emusic-7plus_en-us.exe

    :commands
    [Reboot]
  6. Click under the Custom Scan/Fixes box and paste the copied text.
  7. Click the Run Fix button. If prompted... click OK.
  8. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  9. Please post the contents of report in your next reply.
User avatar
Alander
Regular Member
 
Posts: 1603
Joined: September 15th, 2007, 2:04 pm
Location: Singapore
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware