Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

services.exe trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

services.exe trojan

Unread postby fp581 » August 15th, 2012, 4:34 am

hi i will love your help with this one this is the log file from hijackthis:
edit: the trojan name is is patched_c.LXT (the log did not change)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:29 AM, on 8/15/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kaki&pipi\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\kaki&pipi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50771659-6B4D-4876-9D7F-12D273859363}: NameServer = 192.117.235.237 62.219.186.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{50771659-6B4D-4876-9D7F-12D273859363}: NameServer = 192.117.235.237 62.219.186.7
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\32788R22FWJFW\pev.3XE
O23 - Service: PhoneMyPC_Helper - SoftwareForMe Inc - C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: Smart View Service (SmartViewService) - Unknown owner - C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - Unknown owner - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater12.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12485 bytes
fp581
Active Member
 
Posts: 10
Joined: August 15th, 2012, 4:32 am
Advertisement
Register to Remove

Re: services.exe trojan

Unread postby torreattack » August 15th, 2012, 7:53 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi fp581 and welcome to Malware Removal :)

My name is torreattack, and I will be helping you with your malware problems. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7


I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.


Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

===============================================================================================================================================

I need more info, please run the following tools.

1. Defogger
Disable Drivers
Please download DeFogger... by jpshortstuff. Save it to your desktop.
  1. Double click DeFogger.exe to run the tool. The application window will appear.
  2. Click the Disable button to disable your CD Emulation drivers.
  3. Click Yes to continue. A 'Finished!' message will appear. Click OK.
  4. Click OK when DeFogger asks to reboot the machine.
Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.



2. TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.
  1. Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. When the TDSSKiller finish loading, click on Change parameters.
  3. Tick the Detect TDLFS file system and click ok.
  4. Click on Start Scan, the scan will run.
  5. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  6. Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  7. To find the log go to Start > Computer > C:
  8. Post the contents of that log in your next reply please.
  9. DO NOT TRY TO FIX ANYTHING AT THIS POINT



3. OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Minimal Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.



4. Checklist
Please post:
  • TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt
  • OTL.txt and Extra.txt
  • An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: services.exe trojan

Unread postby fp581 » August 15th, 2012, 8:05 pm

this is the tdsskiller.exe report:

03:03:38.0671 2608 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
03:03:38.0932 2608 ============================================================
03:03:38.0932 2608 Current date / time: 2012/08/16 03:03:38.0932
03:03:38.0932 2608 SystemInfo:
03:03:38.0932 2608
03:03:38.0932 2608 OS Version: 6.1.7600 ServicePack: 0.0
03:03:38.0932 2608 Product type: Workstation
03:03:38.0932 2608 ComputerName: KAKIPIPI-PC
03:03:38.0932 2608 UserName: kaki&pipi
03:03:38.0932 2608 Windows directory: C:\Windows
03:03:38.0932 2608 System windows directory: C:\Windows
03:03:38.0932 2608 Running under WOW64
03:03:38.0932 2608 Processor architecture: Intel x64
03:03:38.0932 2608 Number of processors: 4
03:03:38.0932 2608 Page size: 0x1000
03:03:38.0932 2608 Boot type: Normal boot
03:03:38.0932 2608 ============================================================
03:03:39.0747 2608 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
03:03:39.0753 2608 ============================================================
03:03:39.0753 2608 \Device\Harddisk0\DR0:
03:03:39.0753 2608 MBR partitions:
03:03:39.0753 2608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
03:03:39.0753 2608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
03:03:39.0753 2608 ============================================================
03:03:39.0764 2608 C: <-> \Device\Harddisk0\DR0\Partition2
03:03:39.0764 2608 ============================================================
03:03:39.0764 2608 Initialize success
03:03:39.0764 2608 ============================================================
03:04:01.0989 4844 ============================================================
03:04:01.0989 4844 Scan started
03:04:01.0990 4844 Mode: Manual; TDLFS;
03:04:01.0990 4844 ============================================================
03:04:02.0903 4844 ================ Scan services =============================
03:04:03.0023 4844 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
03:04:03.0024 4844 1394ohci - ok
03:04:03.0064 4844 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
03:04:03.0065 4844 ACPI - ok
03:04:03.0073 4844 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
03:04:03.0073 4844 AcpiPmi - ok
03:04:03.0181 4844 [ 62b7936f9036dd6ed36e6a7efa805dc0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:04:03.0183 4844 AdobeARMservice - ok
03:04:03.0319 4844 [ 0d4c486a24a711a45fd83acdf4d18506 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:04:03.0320 4844 AdobeFlashPlayerUpdateSvc - ok
03:04:03.0361 4844 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
03:04:03.0363 4844 adp94xx - ok
03:04:03.0373 4844 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
03:04:03.0374 4844 adpahci - ok
03:04:03.0386 4844 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
03:04:03.0388 4844 adpu320 - ok
03:04:03.0435 4844 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
03:04:03.0435 4844 AeLookupSvc - ok
03:04:03.0494 4844 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\Windows\system32\drivers\afd.sys
03:04:03.0496 4844 AFD - ok
03:04:03.0515 4844 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
03:04:03.0515 4844 agp440 - ok
03:04:03.0541 4844 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
03:04:03.0541 4844 ALG - ok
03:04:03.0566 4844 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
03:04:03.0566 4844 aliide - ok
03:04:03.0738 4844 [ 9c616ba191b80f5cd1a1b9553e107100 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:04:03.0739 4844 AMD External Events Utility - ok
03:04:03.0754 4844 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
03:04:03.0755 4844 amdide - ok
03:04:03.0769 4844 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
03:04:03.0770 4844 AmdK8 - ok
03:04:03.0926 4844 [ 5165e83751b8ff40e5e4925996fcc506 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
03:04:03.0963 4844 amdkmdag - ok
03:04:04.0014 4844 [ 86ab3cf484260c4318f3a6e8b035f422 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
03:04:04.0015 4844 amdkmdap - ok
03:04:04.0025 4844 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
03:04:04.0025 4844 AmdPPM - ok
03:04:04.0055 4844 [ ec7ebab00a4d8448bab68d1e49b4beb9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
03:04:04.0055 4844 amdsata - ok
03:04:04.0074 4844 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
03:04:04.0075 4844 amdsbs - ok
03:04:04.0084 4844 [ db27766102c7bf7e95140a2aa81d042e ] amdxata C:\Windows\system32\drivers\amdxata.sys
03:04:04.0085 4844 amdxata - ok
03:04:04.0103 4844 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
03:04:04.0104 4844 AppID - ok
03:04:04.0121 4844 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
03:04:04.0121 4844 AppIDSvc - ok
03:04:04.0150 4844 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
03:04:04.0151 4844 Appinfo - ok
03:04:04.0269 4844 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:04:04.0269 4844 Apple Mobile Device - ok
03:04:04.0310 4844 [ 301aa64f9643bc453d90a66c4c0e7204 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
03:04:04.0310 4844 AppleCharger - ok
03:04:04.0336 4844 [ 95ef7247c50c7241fdae39a9b3aff4ae ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
03:04:04.0336 4844 AppleChargerSrv - ok
03:04:04.0365 4844 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
03:04:04.0366 4844 AppMgmt - ok
03:04:04.0390 4844 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
03:04:04.0390 4844 arc - ok
03:04:04.0404 4844 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
03:04:04.0405 4844 arcsas - ok
03:04:04.0451 4844 aspnet_state - ok
03:04:04.0464 4844 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
03:04:04.0464 4844 AsyncMac - ok
03:04:04.0475 4844 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
03:04:04.0475 4844 atapi - ok
03:04:04.0518 4844 [ adf7ef046725442ba32c4aef12646fd0 ] atidgllk C:\ati_winflash_2.0.1.14\atidgllk.sys
03:04:04.0519 4844 atidgllk - ok
03:04:04.0568 4844 [ 24464b908e143d2561e9e452fee97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
03:04:04.0569 4844 AtiHDAudioService - ok
03:04:04.0666 4844 [ 26d973d6d9a0d133dfda7d8c1adc04b7 ] atillk64 C:\ati_winflash_2.0.1.14\atillk64.sys
03:04:04.0668 4844 atillk64 - ok
03:04:04.0821 4844 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:04:04.0825 4844 AudioEndpointBuilder - ok
03:04:04.0833 4844 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
03:04:04.0835 4844 AudioSrv - ok
03:04:04.0903 4844 [ 96b4456f1dca4eda506ed31c7d2d6b05 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
03:04:04.0904 4844 Avgfwfd - ok
03:04:04.0973 4844 [ bd5d11cedbcde4fa97d2387e7069b1ff ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
03:04:04.0981 4844 avgfws - ok
03:04:05.0063 4844 [ d67719bcfde5798f5c30d14efed3bcaf ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
03:04:05.0081 4844 AVGIDSAgent - ok
03:04:05.0106 4844 [ 1b2e9fcdc26dc7c81d4131430e2dc936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
03:04:05.0108 4844 AVGIDSDriver - ok
03:04:05.0118 4844 [ 0f293406f64b48d5d2f0d3a1117f3a83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
03:04:05.0118 4844 AVGIDSFilter - ok
03:04:05.0126 4844 [ cffc3a4a638f462e0561cb368b9a7a3a ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
03:04:05.0128 4844 AVGIDSHA - ok
03:04:05.0170 4844 [ 59955b4c288dd2a8b9fd2cd5158355c5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
03:04:05.0173 4844 Avgldx64 - ok
03:04:05.0178 4844 [ a6aec362aae5e2dda7445e7690cb0f33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
03:04:05.0178 4844 Avgmfx64 - ok
03:04:05.0210 4844 [ 645c7f0a0e39758a0024a9b1748273c0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
03:04:05.0210 4844 Avgrkx64 - ok
03:04:05.0336 4844 [ 1bee674ad792b1c63bb0dac5fa724b23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
03:04:05.0338 4844 Avgtdia - ok
03:04:05.0393 4844 [ e964ea70249dde1343c8f694b52575ee ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
03:04:05.0394 4844 avgtp - ok
03:04:05.0419 4844 [ ea1145debcd508fd25bd1e95c4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
03:04:05.0420 4844 avgwd - ok
03:04:05.0446 4844 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
03:04:05.0446 4844 AxInstSV - ok
03:04:05.0485 4844 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
03:04:05.0488 4844 b06bdrv - ok
03:04:05.0559 4844 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
03:04:05.0560 4844 b57nd60a - ok
03:04:05.0598 4844 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
03:04:05.0599 4844 BDESVC - ok
03:04:05.0621 4844 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
03:04:05.0621 4844 Beep - ok
03:04:05.0641 4844 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
03:04:05.0643 4844 blbdrive - ok
03:04:05.0881 4844 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
03:04:05.0884 4844 Bonjour Service - ok
03:04:05.0916 4844 [ 19d20159708e152267e53b66677a4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
03:04:05.0916 4844 bowser - ok
03:04:05.0950 4844 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:04:05.0951 4844 BrFiltLo - ok
03:04:05.0954 4844 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:04:05.0954 4844 BrFiltUp - ok
03:04:06.0006 4844 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
03:04:06.0006 4844 BridgeMP - ok
03:04:06.0065 4844 [ 94fbc06f294d58d02361918418f996e3 ] Browser C:\Windows\System32\browser.dll
03:04:06.0066 4844 Browser - ok
03:04:06.0093 4844 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
03:04:06.0094 4844 Brserid - ok
03:04:06.0110 4844 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
03:04:06.0111 4844 BrSerWdm - ok
03:04:06.0123 4844 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
03:04:06.0124 4844 BrUsbMdm - ok
03:04:06.0135 4844 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
03:04:06.0135 4844 BrUsbSer - ok
03:04:06.0144 4844 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
03:04:06.0144 4844 BTHMODEM - ok
03:04:06.0160 4844 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
03:04:06.0160 4844 bthserv - ok
03:04:06.0171 4844 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
03:04:06.0173 4844 cdfs - ok
03:04:06.0206 4844 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
03:04:06.0208 4844 cdrom - ok
03:04:06.0231 4844 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll
03:04:06.0231 4844 CertPropSvc - ok
03:04:06.0249 4844 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
03:04:06.0249 4844 circlass - ok
03:04:06.0299 4844 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
03:04:06.0300 4844 CLFS - ok
03:04:06.0376 4844 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:04:06.0378 4844 clr_optimization_v2.0.50727_32 - ok
03:04:06.0436 4844 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:04:06.0438 4844 clr_optimization_v2.0.50727_64 - ok
03:04:06.0503 4844 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:04:06.0504 4844 clr_optimization_v4.0.30319_32 - ok
03:04:06.0545 4844 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:04:06.0546 4844 clr_optimization_v4.0.30319_64 - ok
03:04:06.0548 4844 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
03:04:06.0549 4844 CmBatt - ok
03:04:06.0579 4844 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
03:04:06.0579 4844 cmdide - ok
03:04:06.0658 4844 [ 0367f029425cbd5506e8db2757ff3a8f ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys
03:04:06.0668 4844 cmudaxp - ok
03:04:06.0714 4844 [ ca7720b73446fddec5c69519c1174c98 ] CNG C:\Windows\system32\Drivers\cng.sys
03:04:06.0716 4844 CNG - ok
03:04:06.0784 4844 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
03:04:06.0785 4844 Compbatt - ok
03:04:06.0824 4844 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
03:04:06.0824 4844 CompositeBus - ok
03:04:06.0845 4844 COMSysApp - ok
03:04:06.0871 4844 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
03:04:06.0871 4844 crcdisk - ok
03:04:06.0944 4844 [ f02786b66375292e58c8777082d4396d ] CryptSvc C:\Windows\system32\cryptsvc.dll
03:04:06.0945 4844 CryptSvc - ok
03:04:06.0956 4844 [ 4a6173c2279b498cd8f57cae504564cb ] CSC C:\Windows\system32\drivers\csc.sys
03:04:06.0958 4844 CSC - ok
03:04:07.0005 4844 [ 873fbf927c06e5cee04dec617502f8fd ] CscService C:\Windows\System32\cscsvc.dll
03:04:07.0008 4844 CscService - ok
03:04:07.0039 4844 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll
03:04:07.0041 4844 DcomLaunch - ok
03:04:07.0095 4844 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
03:04:07.0096 4844 defragsvc - ok
03:04:07.0179 4844 [ fdc0c5adde1cde6edb0bef78f0699af3 ] DES2 Service C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
03:04:07.0179 4844 DES2 Service - ok
03:04:07.0200 4844 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
03:04:07.0201 4844 DfsC - ok
03:04:07.0223 4844 [ 388039f99ce8769024ee0438352aca99 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
03:04:07.0223 4844 dg_ssudbus - ok
03:04:07.0246 4844 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll
03:04:07.0248 4844 Dhcp - ok
03:04:07.0266 4844 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
03:04:07.0266 4844 discache - ok
03:04:07.0291 4844 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
03:04:07.0291 4844 Disk - ok
03:04:07.0325 4844 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\Windows\System32\dnsrslvr.dll
03:04:07.0326 4844 Dnscache - ok
03:04:07.0423 4844 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll
03:04:07.0424 4844 dot3svc - ok
03:04:07.0454 4844 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll
03:04:07.0455 4844 DPS - ok
03:04:07.0483 4844 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
03:04:07.0484 4844 drmkaud - ok
03:04:07.0514 4844 [ 1633b9abf52784a1331476397a48cbef ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
03:04:07.0518 4844 DXGKrnl - ok
03:04:07.0529 4844 EagleX64 - ok
03:04:07.0553 4844 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
03:04:07.0553 4844 EapHost - ok
03:04:07.0611 4844 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
03:04:07.0624 4844 ebdrv - ok
03:04:07.0673 4844 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\Windows\System32\lsass.exe
03:04:07.0674 4844 EFS - ok
03:04:07.0723 4844 [ 47c071994c3f649f23d9cd075ac9304a ] ehRecvr C:\Windows\ehome\ehRecvr.exe
03:04:07.0725 4844 ehRecvr - ok
03:04:07.0749 4844 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
03:04:07.0749 4844 ehSched - ok
03:04:07.0889 4844 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
03:04:07.0891 4844 elxstor - ok
03:04:07.0943 4844 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
03:04:07.0944 4844 ErrDev - ok
03:04:07.0969 4844 [ 84486624268e078255bc7aa47f0960bc ] etdrv C:\Windows\etdrv.sys
03:04:07.0969 4844 etdrv - ok
03:04:08.0014 4844 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
03:04:08.0016 4844 EventSystem - ok
03:04:08.0039 4844 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
03:04:08.0039 4844 exfat - ok
03:04:08.0050 4844 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
03:04:08.0051 4844 fastfat - ok
03:04:08.0084 4844 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe
03:04:08.0086 4844 Fax - ok
03:04:08.0099 4844 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
03:04:08.0099 4844 fdc - ok
03:04:08.0110 4844 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
03:04:08.0111 4844 fdPHost - ok
03:04:08.0118 4844 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
03:04:08.0119 4844 FDResPub - ok
03:04:08.0169 4844 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
03:04:08.0169 4844 FileInfo - ok
03:04:08.0210 4844 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
03:04:08.0210 4844 Filetrace - ok
03:04:08.0235 4844 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
03:04:08.0235 4844 flpydisk - ok
03:04:08.0286 4844 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
03:04:08.0288 4844 FltMgr - ok
03:04:08.0450 4844 [ cb5e4b9c319e3c6bb363eb7e58a4a051 ] FontCache C:\Windows\system32\FntCache.dll
03:04:08.0455 4844 FontCache - ok
03:04:08.0516 4844 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:04:08.0518 4844 FontCache3.0.0.0 - ok
03:04:08.0564 4844 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
03:04:08.0564 4844 FsDepends - ok
03:04:08.0594 4844 [ d3e3f93d67821a2db2b3d9fac2dc2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
03:04:08.0595 4844 Fs_Rec - ok
03:04:08.0604 4844 [ ae87ba80d0ec3b57126ed2cdc15b24ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
03:04:08.0605 4844 fvevol - ok
03:04:08.0623 4844 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
03:04:08.0623 4844 gagp30kx - ok
03:04:08.0680 4844 [ 7907e14f9bcf3a4689c9a74a1a873cb6 ] gdrv C:\Windows\gdrv.sys
03:04:08.0681 4844 gdrv - ok
03:04:08.0696 4844 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:04:08.0696 4844 GEARAspiWDM - ok
03:04:08.0739 4844 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll
03:04:08.0743 4844 gpsvc - ok
03:04:09.0123 4844 GPU-Z - ok
03:04:09.0151 4844 [ 8126331fbd4ed29eb3b356f9c905064d ] GVTDrv64 C:\Windows\GVTDrv64.sys
03:04:09.0153 4844 GVTDrv64 - ok
03:04:09.0164 4844 [ 1e6438d4ea6e1174a3b3b1edc4de660b ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
03:04:09.0164 4844 hamachi - ok
03:04:09.0253 4844 [ d483dbaef409e8ab7477c28615fcd853 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
03:04:09.0261 4844 Hamachi2Svc - ok
03:04:09.0286 4844 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
03:04:09.0288 4844 hcw85cir - ok
03:04:09.0331 4844 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:04:09.0333 4844 HdAudAddService - ok
03:04:09.0369 4844 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
03:04:09.0370 4844 HDAudBus - ok
03:04:09.0415 4844 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
03:04:09.0416 4844 HidBatt - ok
03:04:09.0451 4844 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
03:04:09.0453 4844 HidBth - ok
03:04:09.0485 4844 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
03:04:09.0486 4844 HidIr - ok
03:04:09.0535 4844 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
03:04:09.0536 4844 hidserv - ok
03:04:09.0560 4844 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
03:04:09.0560 4844 HidUsb - ok
03:04:09.0576 4844 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
03:04:09.0578 4844 hkmsvc - ok
03:04:09.0614 4844 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
03:04:09.0615 4844 HomeGroupListener - ok
03:04:09.0629 4844 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll
03:04:09.0630 4844 HomeGroupProvider - ok
03:04:09.0656 4844 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
03:04:09.0658 4844 HpSAMD - ok
03:04:09.0689 4844 [ f47cec45fb85791d4ab237563ad0fa8f ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
03:04:09.0689 4844 HTCAND64 - ok
03:04:09.0703 4844 [ b8b1b284362e1d8135112573395d5da5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
03:04:09.0703 4844 htcnprot - ok
03:04:09.0725 4844 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
03:04:09.0728 4844 HTTP - ok
03:04:09.0740 4844 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
03:04:09.0741 4844 hwpolicy - ok
03:04:09.0769 4844 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
03:04:09.0770 4844 i8042prt - ok
03:04:09.0819 4844 [ b75e45c564e944a2657167d197ab29da ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
03:04:09.0821 4844 iaStorV - ok
03:04:09.0906 4844 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
03:04:09.0906 4844 IDriverT - ok
03:04:10.0179 4844 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:04:10.0181 4844 idsvc - ok
03:04:10.0216 4844 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
03:04:10.0216 4844 iirsp - ok
03:04:10.0255 4844 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll
03:04:10.0259 4844 IKEEXT - ok
03:04:10.0310 4844 [ 491dadcc74327fabc85e0ab80af8f204 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
03:04:10.0319 4844 IntcAzAudAddService - ok
03:04:10.0346 4844 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
03:04:10.0346 4844 intelide - ok
03:04:10.0378 4844 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
03:04:10.0378 4844 intelppm - ok
03:04:10.0409 4844 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
03:04:10.0410 4844 IPBusEnum - ok
03:04:10.0470 4844 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:04:10.0470 4844 IpFilterDriver - ok
03:04:10.0531 4844 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
03:04:10.0534 4844 iphlpsvc - ok
03:04:10.0565 4844 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
03:04:10.0566 4844 IPMIDRV - ok
03:04:10.0600 4844 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
03:04:10.0600 4844 IPNAT - ok
03:04:10.0679 4844 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
03:04:10.0683 4844 iPod Service - ok
03:04:10.0739 4844 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
03:04:10.0739 4844 IRENUM - ok
03:04:10.0756 4844 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
03:04:10.0756 4844 isapnp - ok
03:04:10.0779 4844 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
03:04:10.0779 4844 iScsiPrt - ok
03:04:10.0806 4844 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
03:04:10.0808 4844 kbdclass - ok
03:04:10.0833 4844 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
03:04:10.0833 4844 kbdhid - ok
03:04:10.0851 4844 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\Windows\system32\lsass.exe
03:04:10.0853 4844 KeyIso - ok
03:04:10.0898 4844 [ 4f4b5fde429416877de7143044582eb5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
03:04:10.0898 4844 KSecDD - ok
03:04:10.0913 4844 [ 6f40465a44ecdc1731befafec5bdd03c ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
03:04:10.0913 4844 KSecPkg - ok
03:04:10.0925 4844 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
03:04:10.0926 4844 ksthunk - ok
03:04:10.0973 4844 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
03:04:10.0975 4844 KtmRm - ok
03:04:11.0113 4844 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\Windows\System32\srvsvc.dll
03:04:11.0114 4844 LanmanServer - ok
03:04:11.0183 4844 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:04:11.0184 4844 LanmanWorkstation - ok
03:04:11.0238 4844 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
03:04:11.0239 4844 lltdio - ok
03:04:11.0285 4844 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
03:04:11.0288 4844 lltdsvc - ok
03:04:11.0311 4844 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
03:04:11.0313 4844 lmhosts - ok
03:04:11.0358 4844 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
03:04:11.0359 4844 LSI_FC - ok
03:04:11.0404 4844 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
03:04:11.0405 4844 LSI_SAS - ok
03:04:11.0439 4844 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:04:11.0440 4844 LSI_SAS2 - ok
03:04:11.0471 4844 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:04:11.0473 4844 LSI_SCSI - ok
03:04:11.0480 4844 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
03:04:11.0480 4844 luafv - ok
03:04:11.0511 4844 [ e5ecf40e5fd459141e5f6685ffd51804 ] Lycosa C:\Windows\system32\drivers\Lycosa.sys
03:04:11.0513 4844 Lycosa - ok
03:04:11.0553 4844 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
03:04:11.0554 4844 Mcx2Svc - ok
03:04:11.0583 4844 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
03:04:11.0584 4844 megasas - ok
03:04:11.0629 4844 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
03:04:11.0630 4844 MegaSR - ok
03:04:11.0638 4844 [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
03:04:11.0638 4844 MEIx64 - ok
03:04:11.0681 4844 Microsoft SharePoint Workspace Audit Service - ok
03:04:11.0694 4844 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
03:04:11.0695 4844 MMCSS - ok
03:04:11.0705 4844 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
03:04:11.0705 4844 Modem - ok
03:04:11.0727 4844 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
03:04:11.0727 4844 monitor - ok
03:04:11.0746 4844 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
03:04:11.0747 4844 mouclass - ok
03:04:11.0755 4844 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
03:04:11.0756 4844 mouhid - ok
03:04:11.0796 4844 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
03:04:11.0797 4844 mountmgr - ok
03:04:11.0835 4844 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys
03:04:11.0835 4844 mpio - ok
03:04:11.0850 4844 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
03:04:11.0850 4844 mpsdrv - ok
03:04:11.0894 4844 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
03:04:11.0894 4844 MRxDAV - ok
03:04:11.0931 4844 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
03:04:11.0931 4844 mrxsmb - ok
03:04:11.0940 4844 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:04:11.0941 4844 mrxsmb10 - ok
03:04:11.0954 4844 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:04:11.0955 4844 mrxsmb20 - ok
03:04:11.0974 4844 [ 5c37497276e3b3a5488b23a326a754b7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
03:04:11.0974 4844 msahci - ok
03:04:11.0986 4844 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
03:04:11.0986 4844 msdsm - ok
03:04:12.0002 4844 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
03:04:12.0004 4844 MSDTC - ok
03:04:12.0066 4844 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
03:04:12.0067 4844 Msfs - ok
03:04:12.0135 4844 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
03:04:12.0135 4844 mshidkmdf - ok
03:04:12.0175 4844 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
03:04:12.0175 4844 msisadrv - ok
03:04:12.0199 4844 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
03:04:12.0200 4844 MSiSCSI - ok
03:04:12.0203 4844 msiserver - ok
03:04:12.0219 4844 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
03:04:12.0219 4844 MSKSSRV - ok
03:04:12.0278 4844 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
03:04:12.0278 4844 MSPCLOCK - ok
03:04:12.0289 4844 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
03:04:12.0289 4844 MSPQM - ok
03:04:12.0326 4844 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
03:04:12.0329 4844 MsRPC - ok
03:04:12.0341 4844 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
03:04:12.0343 4844 mssmbios - ok
03:04:12.0378 4844 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
03:04:12.0378 4844 MSTEE - ok
03:04:12.0380 4844 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
03:04:12.0380 4844 MTConfig - ok
03:04:12.0434 4844 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
03:04:12.0434 4844 Mup - ok
03:04:12.0504 4844 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll
03:04:12.0506 4844 napagent - ok
03:04:12.0539 4844 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
03:04:12.0540 4844 NativeWifiP - ok
03:04:12.0596 4844 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys
03:04:12.0599 4844 NDIS - ok
03:04:12.0639 4844 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
03:04:12.0639 4844 NdisCap - ok
03:04:12.0663 4844 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
03:04:12.0663 4844 NdisTapi - ok
03:04:12.0673 4844 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
03:04:12.0673 4844 Ndisuio - ok
03:04:12.0686 4844 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
03:04:12.0688 4844 NdisWan - ok
03:04:12.0700 4844 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
03:04:12.0700 4844 NDProxy - ok
03:04:12.0706 4844 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
03:04:12.0708 4844 NetBIOS - ok
03:04:12.0754 4844 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
03:04:12.0755 4844 NetBT - ok
03:04:12.0781 4844 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\Windows\system32\lsass.exe
03:04:12.0781 4844 Netlogon - ok
03:04:12.0831 4844 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
03:04:12.0833 4844 Netman - ok
03:04:12.0885 4844 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
03:04:12.0888 4844 netprofm - ok
03:04:12.0936 4844 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:04:12.0938 4844 NetTcpPortSharing - ok
03:04:12.0956 4844 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
03:04:12.0956 4844 nfrd960 - ok
03:04:12.0970 4844 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll
03:04:12.0971 4844 NlaSvc - ok
03:04:12.0994 4844 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
03:04:12.0995 4844 Npfs - ok
03:04:13.0026 4844 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
03:04:13.0028 4844 nsi - ok
03:04:13.0058 4844 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
03:04:13.0058 4844 nsiproxy - ok
03:04:13.0135 4844 [ 378e0e0dfea67d98ae6ea53adbbd76bc ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
03:04:13.0140 4844 Ntfs - ok
03:04:13.0161 4844 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
03:04:13.0163 4844 Null - ok
03:04:13.0226 4844 [ c25cc69829e976c67b34152334eeddd1 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
03:04:13.0226 4844 nusb3hub - ok
03:04:13.0259 4844 [ 20bc4b57a6dba0447adb3b623c200f8e ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
03:04:13.0260 4844 nusb3xhc - ok
03:04:13.0273 4844 NVHDA - ok
03:04:13.0289 4844 nvlddmkm - ok
03:04:13.0336 4844 [ a4d9c9a608a97f59307c2f2600edc6a4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
03:04:13.0338 4844 nvraid - ok
03:04:13.0358 4844 [ 6c1d5f70e7a6a3fd1c90d840edc048b9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
03:04:13.0359 4844 nvstor - ok
03:04:13.0388 4844 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
03:04:13.0388 4844 nv_agp - ok
03:04:13.0436 4844 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
03:04:13.0438 4844 ohci1394 - ok
03:04:13.0506 4844 [ 4965b005492cba7719e82b71e3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:04:13.0508 4844 ose64 - ok
03:04:13.0751 4844 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
03:04:13.0769 4844 osppsvc - ok
03:04:13.0795 4844 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
03:04:13.0796 4844 p2pimsvc - ok
03:04:13.0821 4844 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
03:04:13.0824 4844 p2psvc - ok
03:04:13.0839 4844 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
03:04:13.0839 4844 Parport - ok
03:04:13.0880 4844 [ 90061b1acfe8ccaa5345750ffe08d8b8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
03:04:13.0881 4844 partmgr - ok
03:04:13.0941 4844 [ 68139940b5ac84affb7eb1b713be66e7 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
03:04:13.0941 4844 PassThru Service - ok
03:04:13.0955 4844 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
03:04:13.0958 4844 PcaSvc - ok
03:04:14.0004 4844 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys
03:04:14.0005 4844 pci - ok
03:04:14.0016 4844 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
03:04:14.0018 4844 pciide - ok
03:04:14.0031 4844 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
03:04:14.0033 4844 pcmcia - ok
03:04:14.0044 4844 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
03:04:14.0044 4844 pcw - ok
03:04:14.0093 4844 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
03:04:14.0095 4844 PEAUTH - ok
03:04:14.0341 4844 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
03:04:14.0346 4844 PeerDistSvc - ok
03:04:14.0430 4844 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
03:04:14.0430 4844 PerfHost - ok
03:04:14.0504 4844 [ f042ee4c8d66248d9b86dcf52abae416 ] PEVSystemStart C:\32788R22FWJFW\pev.3XE
03:04:14.0505 4844 PEVSystemStart - ok
03:04:14.0585 4844 [ 25367aff274d7df637b7d5336246773e ] PhoneMyPC_Helper C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe
03:04:14.0585 4844 PhoneMyPC_Helper - ok
03:04:14.0770 4844 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll
03:04:14.0776 4844 pla - ok
03:04:14.0820 4844 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
03:04:14.0823 4844 PlugPlay - ok
03:04:14.0825 4844 PnkBstrA - ok
03:04:14.0849 4844 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
03:04:14.0849 4844 PNRPAutoReg - ok
03:04:14.0854 4844 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
03:04:14.0856 4844 PNRPsvc - ok
03:04:14.0889 4844 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
03:04:14.0891 4844 PolicyAgent - ok
03:04:14.0914 4844 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
03:04:14.0916 4844 Power - ok
03:04:14.0959 4844 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
03:04:14.0960 4844 PptpMiniport - ok
03:04:14.0975 4844 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
03:04:14.0975 4844 Processor - ok
03:04:15.0011 4844 [ 97293447431311c06703368ad0f6c4be ] ProfSvc C:\Windows\system32\profsvc.dll
03:04:15.0013 4844 ProfSvc - ok
03:04:15.0025 4844 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\Windows\system32\lsass.exe
03:04:15.0025 4844 ProtectedStorage - ok
03:04:15.0048 4844 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
03:04:15.0049 4844 Psched - ok
03:04:15.0084 4844 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
03:04:15.0089 4844 ql2300 - ok
03:04:15.0126 4844 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
03:04:15.0128 4844 ql40xx - ok
03:04:15.0183 4844 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
03:04:15.0184 4844 QWAVE - ok
03:04:15.0228 4844 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
03:04:15.0228 4844 QWAVEdrv - ok
03:04:15.0246 4844 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
03:04:15.0248 4844 RasAcd - ok
03:04:15.0304 4844 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
03:04:15.0305 4844 RasAgileVpn - ok
03:04:15.0356 4844 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
03:04:15.0358 4844 RasAuto - ok
03:04:15.0366 4844 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
03:04:15.0368 4844 Rasl2tp - ok
03:04:15.0399 4844 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll
03:04:15.0401 4844 RasMan - ok
03:04:15.0430 4844 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
03:04:15.0430 4844 RasPppoe - ok
03:04:15.0469 4844 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
03:04:15.0470 4844 RasSstp - ok
03:04:15.0486 4844 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
03:04:15.0488 4844 rdbss - ok
03:04:15.0499 4844 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
03:04:15.0499 4844 rdpbus - ok
03:04:15.0504 4844 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
03:04:15.0504 4844 RDPCDD - ok
03:04:15.0545 4844 [ 9706b84dbabfc4b4ca46c5a82b14dfa3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
03:04:15.0546 4844 RDPDR - ok
03:04:15.0561 4844 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
03:04:15.0561 4844 RDPENCDD - ok
03:04:15.0598 4844 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
03:04:15.0598 4844 RDPREFMP - ok
03:04:15.0628 4844 [ 447de7e3dea39d422c1504f245b668b1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
03:04:15.0629 4844 RDPWD - ok
03:04:15.0698 4844 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
03:04:15.0699 4844 rdyboost - ok
03:04:15.0740 4844 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
03:04:15.0741 4844 RemoteAccess - ok
03:04:15.0779 4844 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
03:04:15.0780 4844 RemoteRegistry - ok
03:04:15.0821 4844 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
03:04:15.0823 4844 RpcEptMapper - ok
03:04:15.0866 4844 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
03:04:15.0866 4844 RpcLocator - ok
03:04:15.0881 4844 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\system32\rpcss.dll
03:04:15.0884 4844 RpcSs - ok
03:04:15.0905 4844 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
03:04:15.0905 4844 rspndr - ok
03:04:15.0948 4844 [ b15c021c2c9bb217a799d9532e8f04d4 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
03:04:15.0949 4844 RTL8167 - ok
03:04:15.0965 4844 [ 88af6e02ab19df7fd07ecdf9c91e9af6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
03:04:15.0966 4844 s3cap - ok
03:04:15.0968 4844 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\Windows\system32\lsass.exe
03:04:15.0969 4844 SamSs - ok
03:04:16.0020 4844 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
03:04:16.0021 4844 sbp2port - ok
03:04:16.0039 4844 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
03:04:16.0040 4844 SCardSvr - ok
03:04:16.0045 4844 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
03:04:16.0045 4844 scfilter - ok
03:04:16.0075 4844 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\Windows\system32\schedsvc.dll
03:04:16.0080 4844 Schedule - ok
03:04:16.0134 4844 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll
03:04:16.0134 4844 SCPolicySvc - ok
03:04:16.0210 4844 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
03:04:16.0211 4844 SDRSVC - ok
03:04:16.0245 4844 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
03:04:16.0245 4844 secdrv - ok
03:04:16.0263 4844 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll
03:04:16.0264 4844 seclogon - ok
03:04:16.0305 4844 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
03:04:16.0306 4844 SENS - ok
03:04:16.0341 4844 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
03:04:16.0343 4844 SensrSvc - ok
03:04:16.0394 4844 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
03:04:16.0394 4844 Serenum - ok
03:04:16.0439 4844 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
03:04:16.0440 4844 Serial - ok
03:04:16.0464 4844 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
03:04:16.0464 4844 sermouse - ok
03:04:16.0493 4844 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll
03:04:16.0494 4844 SessionEnv - ok
03:04:16.0531 4844 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
03:04:16.0531 4844 sffdisk - ok
03:04:16.0585 4844 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
03:04:16.0585 4844 sffp_mmc - ok
03:04:16.0605 4844 [ 178298f767fe638c9fedcbdef58bb5e4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
03:04:16.0605 4844 sffp_sd - ok
03:04:16.0624 4844 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
03:04:16.0624 4844 sfloppy - ok
03:04:16.0679 4844 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:04:16.0681 4844 ShellHWDetection - ok
03:04:16.0708 4844 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:04:16.0719 4844 SiSRaid2 - ok
03:04:16.0756 4844 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
03:04:16.0756 4844 SiSRaid4 - ok
03:04:16.0881 4844 [ c70aebd3608ed9fcea2a1bae83567ffc ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
03:04:16.0883 4844 SkypeUpdate - ok
03:04:17.0001 4844 [ 101556f6216e97f1258d87c38203695f ] Smart TimeLock C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
03:04:17.0001 4844 Smart TimeLock - ok
03:04:17.0003 4844 SmartViewService - ok
03:04:17.0049 4844 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
03:04:17.0049 4844 Smb - ok
03:04:17.0096 4844 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
03:04:17.0098 4844 SNMPTRAP - ok
03:04:17.0106 4844 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
03:04:17.0106 4844 spldr - ok
03:04:17.0136 4844 [ f8e1fa03cb70d54a9892ac88b91d1e7b ] Spooler C:\Windows\System32\spoolsv.exe
03:04:17.0140 4844 Spooler - ok
03:04:17.0221 4844 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe
03:04:17.0235 4844 sppsvc - ok
03:04:17.0250 4844 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
03:04:17.0251 4844 sppuinotify - ok
03:04:17.0279 4844 [ 34f974f8b3c86de03a30dcbe79091c97 ] sptd C:\Windows\System32\Drivers\sptd.sys
03:04:17.0281 4844 sptd - ok
03:04:17.0329 4844 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\Windows\system32\DRIVERS\srv.sys
03:04:17.0330 4844 srv - ok
03:04:17.0343 4844 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
03:04:17.0345 4844 srv2 - ok
03:04:17.0358 4844 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
03:04:17.0359 4844 srvnet - ok
03:04:17.0370 4844 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
03:04:17.0373 4844 SSDPSRV - ok
03:04:17.0408 4844 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
03:04:17.0409 4844 SstpSvc - ok
03:04:17.0429 4844 [ ad42ca614e086bcadbd53fffc404ac24 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
03:04:17.0430 4844 ssudmdm - ok
03:04:17.0504 4844 [ b1691af4a072cb674d600db16dd7308e ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
03:04:17.0505 4844 StarWindServiceAE - ok
03:04:17.0539 4844 Steam Client Service - ok
03:04:17.0548 4844 Stereo Service - ok
03:04:17.0563 4844 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
03:04:17.0563 4844 stexstor - ok
03:04:17.0599 4844 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll
03:04:17.0603 4844 stisvc - ok
03:04:17.0611 4844 [ ffd7a6f15b14234b5b0e5d49e7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
03:04:17.0611 4844 storflt - ok
03:04:17.0629 4844 [ 8fccbefc5c440b3c23454656e551b09a ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
03:04:17.0629 4844 storvsc - ok
03:04:17.0656 4844 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
03:04:17.0658 4844 swenum - ok
03:04:17.0723 4844 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
03:04:17.0726 4844 swprv - ok
03:04:18.0045 4844 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll
03:04:18.0053 4844 SysMain - ok
03:04:18.0075 4844 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:04:18.0076 4844 TabletInputService - ok
03:04:18.0110 4844 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll
03:04:18.0113 4844 TapiSrv - ok
03:04:18.0151 4844 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
03:04:18.0153 4844 TBS - ok
03:04:18.0204 4844 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
03:04:18.0210 4844 Tcpip - ok
03:04:18.0276 4844 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
03:04:18.0283 4844 TCPIP6 - ok
03:04:18.0314 4844 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
03:04:18.0315 4844 tcpipreg - ok
03:04:18.0378 4844 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
03:04:18.0378 4844 TDPIPE - ok
03:04:18.0405 4844 [ 7518f7bcfd4b308abc9192bacaf6c970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
03:04:18.0405 4844 TDTCP - ok
03:04:18.0431 4844 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys
03:04:18.0433 4844 tdx - ok
03:04:18.0444 4844 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
03:04:18.0445 4844 TermDD - ok
03:04:18.0493 4844 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll
03:04:18.0496 4844 TermService - ok
03:04:18.0550 4844 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
03:04:18.0551 4844 Themes - ok
03:04:18.0574 4844 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
03:04:18.0575 4844 THREADORDER - ok
03:04:18.0588 4844 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
03:04:18.0589 4844 TrkWks - ok
03:04:18.0663 4844 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:04:18.0663 4844 TrustedInstaller - ok
03:04:18.0700 4844 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
03:04:18.0701 4844 tssecsrv - ok
03:04:18.0781 4844 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
03:04:18.0783 4844 tunnel - ok
03:04:18.0811 4844 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
03:04:18.0811 4844 uagp35 - ok
03:04:18.0838 4844 [ d47baead86c65d4f4069d7ce0a4edceb ] udfs C:\Windows\system32\DRIVERS\udfs.sys
03:04:18.0839 4844 udfs - ok
03:04:18.0860 4844 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
03:04:18.0861 4844 UI0Detect - ok
03:04:18.0885 4844 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
03:04:18.0885 4844 uliagpkx - ok
03:04:18.0923 4844 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
03:04:18.0923 4844 umbus - ok
03:04:18.0939 4844 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
03:04:18.0939 4844 UmPass - ok
03:04:18.0949 4844 [ af0ac98ee5077eb844413eb54287fde3 ] UmRdpService C:\Windows\System32\umrdp.dll
03:04:18.0951 4844 UmRdpService - ok
03:04:18.0963 4844 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
03:04:18.0965 4844 upnphost - ok
03:04:19.0013 4844 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
03:04:19.0014 4844 USBAAPL64 - ok
03:04:19.0039 4844 [ 7b6a127c93ee590e4d79a5f2a76fe46f ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
03:04:19.0039 4844 usbccgp - ok
03:04:19.0081 4844 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
03:04:19.0081 4844 usbcir - ok
03:04:19.0115 4844 [ 92969ba5ac44e229c55a332864f79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
03:04:19.0115 4844 usbehci - ok
03:04:19.0206 4844 [ e7df1cfd28ca86b35ef5add0735ceef3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
03:04:19.0209 4844 usbhub - ok
03:04:19.0246 4844 [ f1bb1e55f1e7a65c5839ccc7b36d773e ] usbohci C:\Windows\system32\drivers\usbohci.sys
03:04:19.0246 4844 usbohci - ok
03:04:19.0293 4844 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
03:04:19.0293 4844 usbprint - ok
03:04:19.0304 4844 [ f39983647bc1f3e6100778ddfe9dce29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:04:19.0304 4844 USBSTOR - ok
03:04:19.0315 4844 [ bc3070350a491d84b518d7cca9abd36f ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
03:04:19.0316 4844 usbuhci - ok
03:04:19.0335 4844 [ 70d05ee263568a742d14e1876df80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
03:04:19.0336 4844 usb_rndisx - ok
03:04:19.0356 4844 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
03:04:19.0358 4844 UxSms - ok
03:04:19.0363 4844 [ 156f6159457d0aa7e59b62681b56eb90 ] VaultSvc C:\Windows\system32\lsass.exe
03:04:19.0364 4844 VaultSvc - ok
03:04:19.0406 4844 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
03:04:19.0406 4844 vdrvroot - ok
03:04:19.0434 4844 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe
03:04:19.0436 4844 vds - ok
03:04:19.0451 4844 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
03:04:19.0453 4844 vga - ok
03:04:19.0461 4844 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
03:04:19.0463 4844 VgaSave - ok
03:04:19.0475 4844 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
03:04:19.0475 4844 vhdmp - ok
03:04:19.0486 4844 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
03:04:19.0486 4844 viaide - ok
03:04:19.0515 4844 [ 3b59bb6d10cf969dbe4db93d9ead7fb4 ] VKbms C:\Windows\system32\DRIVERS\VKbms.sys
03:04:19.0515 4844 VKbms - ok
03:04:19.0524 4844 [ 1501699d7eda984abc4155a7da5738d1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
03:04:19.0525 4844 vmbus - ok
03:04:19.0590 4844 [ ae10c35761889e65a6f7176937c5592c ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
03:04:19.0591 4844 VMBusHID - ok
03:04:19.0633 4844 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
03:04:19.0633 4844 volmgr - ok
03:04:19.0696 4844 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
03:04:19.0698 4844 volmgrx - ok
03:04:19.0739 4844 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
03:04:19.0740 4844 volsnap - ok
03:04:19.0764 4844 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
03:04:19.0765 4844 vsmraid - ok
03:04:19.0809 4844 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe
03:04:19.0815 4844 VSS - ok
03:04:19.0888 4844 [ ef51747440486c23bd466311048bd924 ] vToolbarUpdater12.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
03:04:19.0891 4844 vToolbarUpdater12.2.0 - ok
03:04:19.0918 4844 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
03:04:19.0918 4844 vwifibus - ok
03:04:19.0940 4844 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
03:04:19.0943 4844 W32Time - ok
03:04:19.0973 4844 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
03:04:19.0973 4844 WacomPen - ok
03:04:19.0995 4844 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
03:04:19.0995 4844 WANARP - ok
03:04:20.0003 4844 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
03:04:20.0004 4844 Wanarpv6 - ok
03:04:20.0090 4844 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
03:04:20.0095 4844 WatAdminSvc - ok
03:04:20.0289 4844 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe
03:04:20.0295 4844 wbengine - ok
03:04:20.0335 4844 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
03:04:20.0336 4844 WbioSrvc - ok
03:04:20.0359 4844 [ dd1bae8ebfc653824d29ccf8c9054d68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
03:04:20.0361 4844 wcncsvc - ok
03:04:20.0400 4844 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:04:20.0401 4844 WcsPlugInService - ok
03:04:20.0444 4844 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
03:04:20.0445 4844 Wd - ok
03:04:20.0465 4844 [ a3d04ebf5227886029b4532f20d026f7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
03:04:20.0466 4844 WDC_SAM - ok
03:04:20.0511 4844 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
03:04:20.0514 4844 Wdf01000 - ok
03:04:20.0558 4844 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
03:04:20.0559 4844 WdiServiceHost - ok
03:04:20.0574 4844 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
03:04:20.0575 4844 WdiSystemHost - ok
03:04:20.0664 4844 [ 733006127f235be7c35354ebee7b9a7b ] WebClient C:\Windows\System32\webclnt.dll
03:04:20.0665 4844 WebClient - ok
03:04:20.0735 4844 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
03:04:20.0738 4844 Wecsvc - ok
03:04:20.0746 4844 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
03:04:20.0748 4844 wercplsupport - ok
03:04:20.0764 4844 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
03:04:20.0765 4844 WerSvc - ok
03:04:20.0793 4844 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
03:04:20.0794 4844 WfpLwf - ok
03:04:20.0796 4844 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
03:04:20.0796 4844 WIMMount - ok
03:04:20.0838 4844 WinDefend - ok
03:04:20.0839 4844 WinHttpAutoProxySvc - ok
03:04:20.0894 4844 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
03:04:20.0895 4844 Winmgmt - ok
03:04:20.0935 4844 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll
03:04:20.0944 4844 WinRM - ok
03:04:21.0014 4844 [ 817eaff5d38674edd7713b9dfb8e9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
03:04:21.0015 4844 WinUsb - ok
03:04:21.0030 4844 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
03:04:21.0034 4844 Wlansvc - ok
03:04:21.0066 4844 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
03:04:21.0068 4844 WmiAcpi - ok
03:04:21.0101 4844 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
03:04:21.0103 4844 wmiApSrv - ok
03:04:21.0121 4844 WMPNetworkSvc - ok
03:04:21.0130 4844 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
03:04:21.0131 4844 WPCSvc - ok
03:04:21.0140 4844 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
03:04:21.0141 4844 WPDBusEnum - ok
03:04:21.0176 4844 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
03:04:21.0176 4844 ws2ifsl - ok
03:04:21.0211 4844 [ 8f9f3969933c02da96eb0f84576db43e ] wscsvc C:\Windows\system32\wscsvc.dll
03:04:21.0213 4844 wscsvc - ok
03:04:21.0215 4844 WSearch - ok
03:04:21.0253 4844 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
03:04:21.0253 4844 WudfPf - ok
03:04:21.0335 4844 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
03:04:21.0336 4844 WUDFRd - ok
03:04:21.0394 4844 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\Windows\System32\WUDFSvc.dll
03:04:21.0396 4844 wudfsvc - ok
03:04:21.0446 4844 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
03:04:21.0448 4844 WwanSvc - ok
03:04:21.0526 4844 X6va005 - ok
03:04:21.0546 4844 ================ Scan global ===============================
03:04:21.0578 4844 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
03:04:21.0661 4844 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
03:04:21.0680 4844 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
03:04:21.0738 4844 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
03:04:21.0829 4844 (50bea589f7d7958bdd2528a8f69d05cc) C:\Windows\system32\services.exe
03:04:21.0835 4844 [Global] - ok
03:04:21.0835 4844 ================ Scan MBR ==================================
03:04:21.0844 4844 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:04:22.0206 4844 \Device\Harddisk0\DR0 - ok
03:04:22.0208 4844 ================ Scan VBR ==================================
03:04:22.0215 4844 Boot (0x1200) (5444e7ed513748d8e856a70c4092276c) \Device\Harddisk0\DR0\Partition1
03:04:22.0216 4844 \Device\Harddisk0\DR0\Partition1 - ok
03:04:22.0228 4844 Boot (0x1200) (b567afa5417b56d685d3a1a38b4eb413) \Device\Harddisk0\DR0\Partition2
03:04:22.0250 4844 \Device\Harddisk0\DR0\Partition2 - ok
03:04:22.0250 4844 ============================================================
03:04:22.0250 4844 Scan finished
03:04:22.0250 4844 ============================================================
03:04:22.0254 6032 Detected object count: 0
03:04:22.0254 6032 Actual detected object count: 0
fp581
Active Member
 
Posts: 10
Joined: August 15th, 2012, 4:32 am

Re: services.exe trojan

Unread postby fp581 » August 15th, 2012, 8:12 pm

otl:



OTL logfile created on: 8/16/2012 3:07:46 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\kaki&pipi\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.54% Memory free
15.97 Gb Paging File | 13.66 Gb Available in Paging File | 85.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 322.33 Gb Free Space | 34.61% Space Free | Partition Type: NTFS

Computer Name: KAKIPIPI-PC | User Name: kaki&pipi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\kaki&pipi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe ()
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\libglesv2.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\libegl.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\avutil-51.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\avformat-54.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\work.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\platform.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\device.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\SF.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\HM.dll ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (PhoneMyPC_Helper) -- C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe (SoftwareForMe Inc)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (vToolbarUpdater12.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (PEVSystemStart) -- C:\32788R22FWJFW\pev.3XE ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (VKbms) -- C:\Windows\SysNative\drivers\VKbms.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (atillk64) -- C:\ati_winflash_2.0.1.14\atillk64.sys (ATI Technologies Inc.)
DRV - (atidgllk) -- C:\ati_winflash_2.0.1.14\atidgllk.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?rd=1&ucc=IL&dcc=IL&opt=0
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 83 70 91 0F 3E CD 01 [binary data]
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\SearchScopes\{18C7F80A-426C-4afa-92C9-2E54FD1BAD87}: "URL" = http://www.google.com/cse?cx=partner-pu ... 1509802&q={searchTerms}
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\SearchScopes\{6A13F20E-D52B-424b-8EF9-174957B8A7FF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={019EA58F-3360-43F2-A045-2558588A6ABF}&mid=dd48c489107c47d1a441cd262337d082-9a2f9c48769933f6fe3ba9ac2b44146f957d547b&lang=en&ds=AVG&pr=pr&d=2012-08-14 11:10:51&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@3dvia.com/3DVIAVirtualMachine: C:\Program Files (x86)\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release_licensed\np3DVIAplayer.dll (© 2011 Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kaki&pipi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kaki&pipi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\kaki&pipi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/26 00:38:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/14 11:08:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.0.5\ [2012/08/14 11:10:58 | 000,000,000 | ---D | M]

[2012/05/19 15:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kaki&pipi\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/19 15:49:13 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\kaki&pipi\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/12/04 13:34:53 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\kaki&pipi\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/06/07 06:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.nana.co.il/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.nana.co.il/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin7.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\plugins\npdjvu.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: 3DVIAStudioPlayer (Enabled) = C:\Program Files (x86)\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release_licensed\np3DVIAplayer.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Pure Codec\Real Player\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Pure Codec\Real Player\browser\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\kaki&pipi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Google Translate = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: AVG Secure Search = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5_0\
CHR - Extension: YouTube = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Replace New Tab Page = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja\1.2_0\
CHR - Extension: Google Search = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: SweetIM for Facebook = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.9_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: uTorrentControl2 = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Surplus = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfphgaimeghgekhncbkfblhdhfaiaipf\4.0.6_0\
CHR - Extension: Gmail = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\
CHR - Extension: Google Translate = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: AVG Secure Search = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5_0\
CHR - Extension: YouTube = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Replace New Tab Page = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja\1.2_0\
CHR - Extension: Google Search = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: SweetIM for Facebook = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.9_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: uTorrentControl2 = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Surplus = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfphgaimeghgekhncbkfblhdhfaiaipf\4.0.6_0\
CHR - Extension: Gmail = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50771659-6B4D-4876-9D7F-12D273859363}: NameServer = 192.117.235.236 62.219.186.7
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62c3e4be-2df7-11e1-af48-1c6f65d33971}\Shell - "" = AutoRun
O33 - MountPoints2\{62c3e4be-2df7-11e1-af48-1c6f65d33971}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ca064fcc-1e7c-11e1-b35f-1c6f65d33971}\Shell - "" = AutoRun
O33 - MountPoints2\{ca064fcc-1e7c-11e1-b35f-1c6f65d33971}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 02:58:02 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\kaki&pipi\Desktop\OTL.exe
[2012/08/16 02:57:56 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\kaki&pipi\Desktop\tdsskiller.exe
[2012/08/15 21:30:06 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\AppData\Roaming\Malwarebytes
[2012/08/15 21:29:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/15 21:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/15 21:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/15 21:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/15 17:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/08/15 17:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/08/15 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/08/15 17:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/08/15 17:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/08/15 17:33:30 | 000,000,000 | ---D | C] -- C:\AMD
[2012/08/14 13:29:24 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\AppData\Local\Darksiders2
[2012/08/14 13:23:03 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\Desktop\Darksiders 2
[2012/08/14 11:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/08/14 11:11:17 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\AppData\Local\AVG Secure Search
[2012/08/14 11:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/14 11:10:49 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/14 11:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/08/14 11:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/08/14 11:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/08/14 11:08:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/08/14 11:07:59 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/14 11:07:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/08/14 09:30:47 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\Documents\Ubisoft
[2012/08/14 09:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babel Rising
[2012/08/11 00:27:48 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\Desktop\EPRJKRN_ENDEAVORU3.4_CM10_v0.32
[2012/08/10 17:13:47 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\Documents\Activision
[2012/08/10 17:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2012/08/10 15:07:10 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\AppData\Local\Diagnostics
[2012/08/09 13:08:22 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\AppData\Local\Daedalic Entertainment
[2012/08/09 12:16:05 | 000,000,000 | ---D | C] -- C:\Games
[2012/08/08 14:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 03:06:54 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 03:06:54 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 03:05:54 | 001,171,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/16 03:05:54 | 000,633,076 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/16 03:05:54 | 000,369,192 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012/08/16 03:05:54 | 000,110,710 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/16 03:05:54 | 000,073,416 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012/08/16 03:05:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 03:00:23 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012/08/16 03:00:23 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2012/08/16 03:00:15 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/08/16 02:59:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 02:59:34 | 2134,302,719 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/16 02:58:05 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\kaki&pipi\Desktop\OTL.exe
[2012/08/16 02:57:59 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\kaki&pipi\Desktop\tdsskiller.exe
[2012/08/16 02:57:36 | 000,000,020 | ---- | M] () -- C:\Users\kaki&pipi\defogger_reenable
[2012/08/16 02:36:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3089271471-2543983271-2346281850-1000UA.job
[2012/08/16 00:46:38 | 103,922,008 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/15 23:00:47 | 000,000,034 | ---- | M] () -- C:\Users\kaki&pipi\AppData\Roaming\mbam.context.scan
[2012/08/15 21:29:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/15 20:26:25 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/08/15 20:26:25 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/08/15 20:26:25 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/08/15 20:26:24 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/08/15 17:42:42 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3089271471-2543983271-2346281850-1000Core.job
[2012/08/14 17:01:37 | 000,032,919 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/14 11:40:12 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[2012/08/14 11:10:49 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/14 11:08:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/14 11:08:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/14 11:08:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/08 14:36:31 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/16 03:00:52 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\U\00000008.@
[2012/08/16 03:00:51 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\U\80000032.@
[2012/08/16 03:00:51 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\U\000000cb.@
[2012/08/16 02:57:36 | 000,000,020 | ---- | C] () -- C:\Users\kaki&pipi\defogger_reenable
[2012/08/16 00:46:38 | 103,922,008 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/15 23:00:47 | 000,000,034 | ---- | C] () -- C:\Users\kaki&pipi\AppData\Roaming\mbam.context.scan
[2012/08/15 21:29:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/15 11:09:13 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2012/08/14 17:01:37 | 000,032,919 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/14 11:08:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/14 11:08:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/14 11:08:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/08 14:36:31 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012/06/12 12:39:05 | 000,000,097 | ---- | C] () -- C:\Users\kaki&pipi\AppData\Local\fusioncache.dat
[2012/06/12 12:36:42 | 001,203,818 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/11 19:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/06/11 19:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/06/07 09:55:32 | 000,213,591 | ---- | C] () -- C:\ProgramData\1339051911.bdinstall.bin
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/05/08 16:33:41 | 000,003,072 | ---- | C] () -- C:\Users\kaki&pipi\AppData\Local\file__0.localstorage
[2012/03/17 21:06:54 | 000,000,647 | ---- | C] () -- C:\Windows\SysWow64\y.dll
[2012/02/17 17:11:31 | 000,000,020 | -HS- | C] () -- C:\Windows\SysWow64\Userdata.ini
[2012/02/13 13:18:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/11 07:26:00 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\@
[2012/01/06 01:13:31 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011/12/27 16:52:09 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/12/17 13:43:40 | 000,406,336 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/07 12:06:00 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/07 12:05:57 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/04 22:48:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/12/04 22:45:24 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/12/04 21:43:36 | 000,007,605 | ---- | C] () -- C:\Users\kaki&pipi\AppData\Local\resmon.resmoncfg
[2011/12/04 15:31:38 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2011/12/04 15:31:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2011/12/04 15:31:38 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2011/12/04 15:31:25 | 000,047,383 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2011/12/04 15:30:21 | 000,001,026 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2011/12/04 15:30:19 | 000,005,026 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2011/12/04 14:44:54 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/12/04 13:59:14 | 000,000,491 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2011/09/13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/01 01:25:09 | 000,106,503 | ---- | C] () -- C:\ProgramData\1293834054.bdinstall.bin
[2011/01/01 00:10:17 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\U\00000004.@
[2011/01/01 00:10:17 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\L\00000004.@
[2010/12/31 23:57:57 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\U\80000064.@
[2010/12/31 23:57:57 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\U\80000000.@

========== Files - Unicode (All) ==========
[2012/03/28 15:34:25 | 000,001,892 | ---- | M] ()(C:\Windows\SysNative\????????????????????+???+???¦?????????????????+???+???????-????????????????????+???+???????????-?????????????????????????????????????-????v Second Raid - ova - The Battlegroup Commander's Sort of .lnk) -- C:\Windows\SysNative\楦敬⼺⼯㩃唯敳獲欯歡♩楰楰䐯睯汮慯獤䘯汵╬〲敍慴╬〲慐楮╣〲潃灭敬整┨〲ㅓ匬┲〲楳㈥匰⤳䘯汵╬〲敭慴╬〲敳潣摮㈥爰楡╤〲畤污㈥愰摵潩㈥攰杮匨⤳┯䈵䉃╍䐵㈥䘰汵╬〲䕍慴╬〲慐楮Ⅳ㈥吰敨㈥匰捥湯╤〲慒摩㈥ⴰ㈥漰慶㈥ⴰ㈥吰敨㈥䈰瑡汴来潲灵㈥䌰浯慭摮牥猧㈥匰牯╴〲景㈥䈰牯湩╧〲慄⹹歭v Second Raid - ova - The Battlegroup Commander's Sort of .lnk
[2012/03/28 15:34:25 | 000,001,892 | ---- | C] ()(C:\Windows\SysNative\????????????????????+???+???¦?????????????????+???+???????-????????????????????+???+???????????-?????????????????????????????????????-????v Second Raid - ova - The Battlegroup Commander's Sort of .lnk) -- C:\Windows\SysNative\楦敬⼺⼯㩃唯敳獲欯歡♩楰楰䐯睯汮慯獤䘯汵╬〲敍慴╬〲慐楮╣〲潃灭敬整┨〲ㅓ匬┲〲楳㈥匰⤳䘯汵╬〲敭慴╬〲敳潣摮㈥爰楡╤〲畤污㈥愰摵潩㈥攰杮匨⤳┯䈵䉃╍䐵㈥䘰汵╬〲䕍慴╬〲慐楮Ⅳ㈥吰敨㈥匰捥湯╤〲慒摩㈥ⴰ㈥漰慶㈥ⴰ㈥吰敨㈥䈰瑡汴来潲灵㈥䌰浯慭摮牥猧㈥匰牯╴〲景㈥䈰牯湩╧〲慄⹹歭v Second Raid - ova - The Battlegroup Commander's Sort of .lnk

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
fp581
Active Member
 
Posts: 10
Joined: August 15th, 2012, 4:32 am

Re: services.exe trojan

Unread postby fp581 » August 15th, 2012, 8:13 pm

extra:



OTL Extras logfile created on: 8/16/2012 3:07:46 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\kaki&pipi\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.54% Memory free
15.97 Gb Paging File | 13.66 Gb Available in Paging File | 85.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 322.33 Gb Free Space | 34.61% Space Free | Partition Type: NTFS

Computer Name: KAKIPIPI-PC | User Name: kaki&pipi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0210B563-198E-5A4B-E757-7BC4AC7677F8}" = AMD AVIVO64 Codecs
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{49384799-E541-8F8D-B376-4F8AD3AACC24}" = AMD Drag and Drop Transcoding
"{4B6CAE5A-1863-49CF-9F0E-CF8CFDFDADEE}" = PhoneMyPC
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"C-Media Oxygen HD Audio Driver" = ASUS Xonar Essence STX Audio Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ABC33C-10B1-400E-B1FA-E817FE98D11C}" = YUME MIRU KUSURI
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.2
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.1023.1
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1024.1
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FE672A5-355A-4AB2-977F-EA2CCEF11EC5}" = 3DVIA Player
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1" = Panda Cloud Cleaner
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D5AA5F08-E330-4FAE-A3B0-79304E19D169}" = OpenOffice.org 3.1
"{D6D62F1D-E3D6-E982-48B4-A20663B1FB7D}" = HydraVision
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3DVIAStudioPlayer 2.13.194" = 3DVIA player 2.13.194
"Adobe AIR" = Adobe AIR
"Afterburner" = MSI Afterburner 2.1.0
"Android SDK Tools" = Android SDK Tools
"Babel Rising_is1" = Babel Rising
"Braid_is1" = Braid (Version 1.015)
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Diablo III" = Diablo III
"DivX Setup" = DivX Setup
"foobar2000" = foobar2000 v1.1.10
"Hydrophobia: Prophecy_is1" = Hydrophobia: Prophecy
"Insanely Twisted Shadow Planet_is1" = skidrow
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1024.1
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"OCCT" = OCCT 4.0.0
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 13e
"Steam App 105800" = PixelJunk Eden
"Steam App 107100" = Bastion
"Steam App 113200" = The Binding Of Isaac
"Steam App 1510" = Uplink
"Steam App 200210" = Realm of the Mad God
"Steam App 200900" = Cave Story+
"Steam App 205870" = Auditorium
"Steam App 207530" = Noitu Love 2 Devolution
"Steam App 207610" = The Walking Dead
"Steam App 208030" = Moon Breakers
"Steam App 209690" = Fieldrunners
"Steam App 209830" = Lone Survivor
"Steam App 210170" = Spirits
"Steam App 38740" = EDGE
"Steam App 40700" = Machinarium
"Steam App 40800" = Super Meat Boy
"Steam App 41800" = Gratuitous Space Battles
"Steam App 48000" = LIMBO
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 6120" = Shank
"Steam App 63700" = BIT.TRIP BEAT
"Steam App 65800" = Dungeon Defenders
"Steam App 80310" = Gemini Rue
"Steam App 92800" = SpaceChem
"Steam App 99700" = NightSky
"SystemRequirementsLab" = System Requirements Lab
"The Walking Dead - Episode 1_is1" = The Walking Dead - Episode 1
"The_Journey_Down_Chapter_1_Installer" = The_Journey_Down_Chapter_1_Installer
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"uTorrent" = µTorrent
"Video Card Stability Test" = Video Card Stability Test
"VLC media player" = VLC media player 2.0.0
"VLC Setup Helper_is1" = VLC Setup Helper

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3089271471-2543983271-2346281850-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2012 4:09:06 AM | Computer Name = kakipipi-PC | Source = RasClient | ID = 20227
Description = CoId={AB7EDA12-863E-4845-98DD-42D2BA91BE96}: The user kakipipi-PC\kaki&pipi
dialed a connection named Broadband Connection which has failed. The error code
returned on failure is 0.

Error - 8/14/2012 4:09:42 AM | Computer Name = kakipipi-PC | Source = RasClient | ID = 20227
Description = CoId={DED93866-EC5F-44BD-AF7E-08E7E7A9D8A0}: The user kakipipi-PC\kaki&pipi
dialed a connection named Broadband Connection which has failed. The error code
returned on failure is 651.

Error - 8/14/2012 6:27:06 AM | Computer Name = kakipipi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Darksiders2.exe, version: 0.0.0.0, time
stamp: 0x50241afa Faulting module name: MSVCR100.dll, version: 10.0.40219.1, time
stamp: 0x4d5f0c22 Exception code: 0xc0000417 Fault offset: 0x0008af3e Faulting process
id: 0x17fc Faulting application start time: 0x01cd7a0751362977 Faulting application
path: C:\Users\kaki&pipi\AppData\Roaming\uTorrent\Games\Darksiders 2 - Copy\Darksiders2.exe
Faulting
module path: C:\Windows\system32\MSVCR100.dll Report Id: 982ab1ea-e5fa-11e1-ab24-1c6f65d33971

Error - 8/15/2012 9:50:26 AM | Computer Name = kakipipi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WalkingDead101.exe, version: 2012.4.23.11289,
time stamp: 0x4f95e3ff Faulting module name: ntdll.dll, version: 6.1.7600.16915,
time stamp: 0x4ec49d10 Exception code: 0xc0000374 Fault offset: 0x000ce903 Faulting
process id: 0x8cc Faulting application start time: 0x01cd7aece76b2d0f Faulting application
path: c:\program files (x86)\steam\steamapps\common\the walking dead\WalkingDead101.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 2a29c43a-e6e0-11e1-a7f8-1c6f65d33971

Error - 8/15/2012 9:51:27 AM | Computer Name = kakipipi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WalkingDead101.exe, version: 2012.4.23.11289,
time stamp: 0x4f95e3ff Faulting module name: ntdll.dll, version: 6.1.7600.16915,
time stamp: 0x4ec49d10 Exception code: 0xc0000374 Fault offset: 0x000ce903 Faulting
process id: 0x1690 Faulting application start time: 0x01cd7aed0f74c923 Faulting application
path: c:\program files (x86)\steam\steamapps\common\the walking dead\WalkingDead101.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 4ead1288-e6e0-11e1-a7f8-1c6f65d33971

Error - 8/15/2012 9:52:40 AM | Computer Name = kakipipi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WalkingDead101.exe, version: 2012.4.23.11289,
time stamp: 0x4f95e3ff Faulting module name: ntdll.dll, version: 6.1.7600.16915,
time stamp: 0x4ec49d10 Exception code: 0xc0000374 Fault offset: 0x000ce903 Faulting
process id: 0x704 Faulting application start time: 0x01cd7aed3a76c8ca Faulting application
path: c:\program files (x86)\steam\steamapps\common\the walking dead\WalkingDead101.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 7a3e34e7-e6e0-11e1-a7f8-1c6f65d33971

Error - 8/15/2012 9:53:49 AM | Computer Name = kakipipi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WalkingDead101.exe, version: 2012.4.23.11289,
time stamp: 0x4f95e3ff Faulting module name: ntdll.dll, version: 6.1.7600.16915,
time stamp: 0x4ec49d10 Exception code: 0xc0000374 Fault offset: 0x000ce903 Faulting
process id: 0x62c Faulting application start time: 0x01cd7aed6434f912 Faulting application
path: c:\program files (x86)\steam\steamapps\common\the walking dead\WalkingDead101.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: a3323469-e6e0-11e1-a7f8-1c6f65d33971

Error - 8/15/2012 9:54:25 AM | Computer Name = kakipipi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WalkingDead101.exe, version: 2012.4.23.11289,
time stamp: 0x4f95e3ff Faulting module name: ntdll.dll, version: 6.1.7600.16915,
time stamp: 0x4ec49d10 Exception code: 0xc0000374 Fault offset: 0x000ce903 Faulting
process id: 0x1444 Faulting application start time: 0x01cd7aed7987338e Faulting application
path: c:\program files (x86)\steam\steamapps\common\the walking dead\WalkingDead101.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: b8dacd89-e6e0-11e1-a7f8-1c6f65d33971

Error - 8/15/2012 10:35:00 AM | Computer Name = kakipipi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.7600.16385, time
stamp: 0x4a5bc3e6 Faulting module name: MSI2A77.tmp, version: 2.0.0.9, time stamp:
0x4d4b089c Exception code: 0xc000000d Fault offset: 0x00019d88 Faulting process id:
0xda4 Faulting application start time: 0x01cd7af322a26e93 Faulting application path:
C:\Windows\syswow64\MsiExec.exe Faulting module path: C:\Windows\Installer\MSI2A77.tmp
Report
Id: 64551012-e6e6-11e1-a7f8-1c6f65d33971

Error - 8/15/2012 10:35:17 AM | Computer Name = kakipipi-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.7600.16385, time
stamp: 0x4a5bc3e6 Faulting module name: MSI8151.tmp, version: 2.0.0.9, time stamp:
0x4d4b089c Exception code: 0xc000000d Fault offset: 0x00019d88 Faulting process id:
0x1378 Faulting application start time: 0x01cd7af32fd31705 Faulting application path:
C:\Windows\syswow64\MsiExec.exe Faulting module path: C:\Windows\Installer\MSI8151.tmp
Report
Id: 6dffdfee-e6e6-11e1-a7f8-1c6f65d33971

Error - 8/15/2012 3:49:37 PM | Computer Name = kakipipi-PC | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Fix it 50641 -- This Microsoft Fix it does not
apply to your operating system or application version.

[ System Events ]
Error - 8/15/2012 7:59:59 PM | Computer Name = kakipipi-PC | Source = Service Control Manager | ID = 7031
Description = The Shell Hardware Detection service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 8/15/2012 7:59:59 PM | Computer Name = kakipipi-PC | Source = Service Control Manager | ID = 7031
Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 8/15/2012 7:59:59 PM | Computer Name = kakipipi-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 8/15/2012 8:00:49 PM | Computer Name = kakipipi-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 8/15/2012 8:00:59 PM | Computer Name = kakipipi-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Shell Hardware Detection service,
but this action failed with the following error: %%1056

Error - 8/15/2012 8:00:59 PM | Computer Name = kakipipi-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Server service, but this action
failed with the following error: %%1056

Error - 8/15/2012 8:00:59 PM | Computer Name = kakipipi-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Application Experience service,
but this action failed with the following error: %%1056

Error - 8/15/2012 8:01:59 PM | Computer Name = kakipipi-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 8/15/2012 8:01:59 PM | Computer Name = kakipipi-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the User Profile Service service,
but this action failed with the following error: %%1056

Error - 8/15/2012 8:01:59 PM | Computer Name = kakipipi-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Multimedia Class Scheduler
service, but this action failed with the following error: %%1056


< End of report >
fp581
Active Member
 
Posts: 10
Joined: August 15th, 2012, 4:32 am

Re: services.exe trojan

Unread postby fp581 » August 15th, 2012, 8:18 pm

btw new viruses are found during the scan (by my avg) desktop.ini (2 files):

GAC_64\Desktop.ini
GAC_32\Desktop.ini

i think they are related (or am i wrong)

and thx for the help
fp581
Active Member
 
Posts: 10
Joined: August 15th, 2012, 4:32 am

Re: services.exe trojan

Unread postby torreattack » August 15th, 2012, 10:03 pm

Hi fp581 :


1. Malware Removal - Policy Notification

P2P Warning!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
uTorrent
Please note whenever you use any form of P2P networking to download files you can anticipate infestations of malware to occur.
P2P file sharing used to be fairly safe. This is no longer true...continue to use P2P sharing ...at your own risk! Keep in mind that this practice may be the source of your current malware infestation.

As long as you have the P2P program(s) installed, per Malware Removal Forum Policy, I can offer you no further assitance.

I strongly recommend that you uninstall:
uTorrent

However, that choice is up to you.
If you choose NOT to remove these programs...indicate that in your next reply.
If you choose to remove these programs, when finished...run another OTL scan and copy/paste the OTL.txt only in your next reply.


2. MGADiag
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.


3. CKScanner
  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


4. Any others symptom beside AVG warning? Does Malwarebytes Antimalware detect anything? Any re-direction, pop-up or strange sound?


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: services.exe trojan

Unread postby fp581 » August 15th, 2012, 10:15 pm

ok scanning again with no utorrent
fp581
Active Member
 
Posts: 10
Joined: August 15th, 2012, 4:32 am

Re: services.exe trojan

Unread postby fp581 » August 15th, 2012, 10:25 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {09130D4B-F500-4C63-9872-C3A2D63A4ADF}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7600.win7_gdr.120503-2030
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{09130D4B-F500-4C63-9872-C3A2D63A4ADF}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-3089271471-2543983271-2346281850</SID><SYSTEM><Manufacturer>Gigabyte Technology Co., Ltd.</Manufacturer><Model>P67A-UD3-B3</Model></SYSTEM><BIOS><Manufacturer>Award Software International, Inc.</Manufacturer><Version>F5</Version><SMBIOSVersion major="2" minor="4"/><Date>20110722000000.000000+000</Date></BIOS><HWID>0BB93607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Jerusalem Standard Time(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>GBT </OEMID><OEMTableID>GBTUACPI</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-3382011
Installation ID: 014721677251569695538443817831522876641931661855072954
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 8/16/2012 5:25:02 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 6:1:2012 23:06
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEABAABAAEAAAADAAAAAgABAAEAln3OVRzFYjRK3T5CcjiwqbKPYj1yQVgp4uEY9C5z

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GBT GBTUACPI
FACP GBT GBTUACPI
HPET GBT GBTUACPI
MCFG GBT GBTUACPI
MSDM GBT GBTUACPI
SLIC GBT GBTUACPI
ASPT GBT PerfTune
SSPT GBT SsptHead
EUDS GBT
MATS GBT
TAMG GBT GBT B0
SSDT INTEL PPM RCM
MATS GBT
fp581
Active Member
 
Posts: 10
Joined: August 15th, 2012, 4:32 am

Re: services.exe trojan

Unread postby fp581 » August 15th, 2012, 10:27 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\android\android-sdk\docs\reference\java\security\spec\rsakeygenparameterspec.html
c:\program files (x86)\android\android-sdk\docs\reference\javax\crypto\keygenerator.html
c:\program files (x86)\android\android-sdk\docs\reference\javax\crypto\keygeneratorspi.html
c:\program files (x86)\android\android-sdk\sources\android-14\java\security\spec\rsakeygenparameterspec.java
c:\program files (x86)\android\android-sdk\sources\android-14\javax\crypto\keygenerator.java
c:\program files (x86)\android\android-sdk\sources\android-14\javax\crypto\keygeneratorspi.java
c:\program files (x86)\android\android-sdk\sources\android-14\org\apache\harmony\crypto\tests\javax\crypto\keygeneratorspitest.java
c:\program files (x86)\android\android-sdk\sources\android-14\org\apache\harmony\crypto\tests\javax\crypto\keygeneratortest.java
c:\program files (x86)\android\android-sdk\sources\android-14\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorfunctionaltest.java
c:\program files (x86)\android\android-sdk\sources\android-14\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorthread.java
c:\program files (x86)\android\android-sdk\sources\android-14\org\apache\harmony\crypto\tests\support\mykeygeneratorspi.java
c:\program files (x86)\ssh communications security\ssh secure shell\ssh-keygen2.exe
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\sounds\11\11_glass_crack.snt
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\sounds\11\11_glass_crack01.ogg
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\sounds\11\11_glass_crack02.ogg
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\sounds\11\11_glass_crack03.ogg
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\castlebase\ceiling\corridor_crack.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\castlebase\ceiling\corridor_crack.msh
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\cellarbase\special\cracked_ceiling.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\cellarbase\special\cracked_ceiling.msh
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_blue.dds
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_blue.mat
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_blue01.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_blue01.msh
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_blue02.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_blue02.msh
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_blue03.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_blue03.msh
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_blue04.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_blue04.msh
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_blue_back.dds
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_blue_back.mat
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_brown.dds
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_brown.mat
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_brown01.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_brown01.msh
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_brown02.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_brown02.msh
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_brown03.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_brown03.msh
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_brown04.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_brown04.msh
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_brown_back.dds
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_brown_back.mat
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_nrm.dds
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\decals\cracks_spec.dds
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\dungeonbase\ceiling\default_cracked.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\dungeonbase\ceiling\default_cracked.msh
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\dungeonbase\wall\corridor_graves_cracked.dae
c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\static_objects\dungeonbase\wall\corridor_graves_cracked.msh
c:\program files (x86)\the_journey_down_chapter_1_installer\crack\journeydown1.exe
c:\users\kaki&pipi\desktop\darksiders 2\crack.rar
c:\users\kaki&pipi\desktop\utorrent\alice.madness.returns-skidrow- crackonly.torrent
c:\users\kaki&pipi\desktop\utorrent\binary domain multi5 steam unlocked.cracked - p2p.torrent
c:\users\kaki&pipi\desktop\utorrent\crack.rar.torrent
c:\users\kaki&pipi\desktop\utorrent\game of thrones genesis crack-flt.torrent
c:\users\kaki&pipi\desktop\utorrent\guitar pro 6 with crack.torrent
c:\users\kaki&pipi\desktop\utorrent\limbo.v1.0r4.multi9.cracked-theta.torrent
c:\users\kaki&pipi\desktop\utorrent\mass effect 3 crack skidrow.zip.torrent
c:\users\kaki&pipi\desktop\utorrent\mass effect 3 crack.rar.torrent
c:\users\kaki&pipi\desktop\utorrent\mass effect 3 n7 no crack-p2p.torrent
c:\users\kaki&pipi\desktop\utorrent\mass.effect.3.crack.only-reloaded.torrent
c:\users\kaki&pipi\desktop\utorrent\portal.2.crack.fix-skidrow.torrent
c:\users\kaki&pipi\desktop\utorrent\portal.2.update.1.to.15.incl.dlc.cracked-nogrp.torrent
c:\users\kaki&pipi\desktop\utorrent\saints row the third.crackonly-skidrow-[btarena.org].rar.torrent
c:\users\kaki&pipi\desktop\utorrent\serious.sam.3.bfe.steam.cracked-p2p.torrent
c:\users\kaki&pipi\desktop\utorrent\shogun 2 total war flt + crack.torrent
c:\users\kaki&pipi\desktop\utorrent\superbrothers.sword.and.sworcery.ep.v1.54.cracked-theta.torrent
c:\users\kaki&pipi\desktop\utorrent\the walking dead - episode 1 - crack only - reloaded.torrent
c:\users\kaki&pipi\desktop\utorrent\titan quest + immortal throne + patch + crack.torrent
c:\users\kaki&pipi\desktop\utorrent\vmware workstation v6.0.4 b93507+keygen-heartbug!.torrent
c:\users\kaki&pipi\desktop\utorrent\games\darksiders 2\crack.rar
c:\users\kaki&pipi\desktop\utorrent\prototype.2.proper-skidrow\dvd2\sr-p2crack.rar
c:\users\kaki&pipi\downloads\binary_domain_crack.rar
c:\users\kaki&pipi\downloads\games\portal.2.update.1.to.15.incl.dlc.cracked-nogrp\crack\coop.cmd
c:\users\kaki&pipi\downloads\games\portal.2.update.1.to.15.incl.dlc.cracked-nogrp\crack\launcher.exe
c:\users\kaki&pipi\downloads\games\portal.2.update.1.to.15.incl.dlc.cracked-nogrp\crack\portal2.exe
c:\users\kaki&pipi\downloads\games\portal.2.update.1.to.15.incl.dlc.cracked-nogrp\crack\skidrow.ini
c:\users\kaki&pipi\downloads\games\portal.2.update.1.to.15.incl.dlc.cracked-nogrp\crack\steamclient.dll
c:\users\kaki&pipi\downloads\games\portal.2.update.1.to.15.incl.dlc.cracked-nogrp\crack\portal2\bin\client.dll
c:\users\kaki&pipi\downloads\games\portal.2.update.1.to.15.incl.dlc.cracked-nogrp\crack\portal2\bin\server.dll
c:\users\kaki&pipi\downloads\games\portal.2.update.1.to.15.incl.dlc.cracked-nogrp\update\portal.2.update.1.to.15.incl.dlc.exe
c:\users\kaki&pipi\downloads\games\superbrothers.sword.and.sworcery.ep.v1.54.cracked-theta\!!mreader.exe
c:\users\kaki&pipi\downloads\games\superbrothers.sword.and.sworcery.ep.v1.54.cracked-theta\superbrothers - sword & sworcery ep.exe
c:\users\kaki&pipi\downloads\games\superbrothers.sword.and.sworcery.ep.v1.54.cracked-theta\theta.nfo
scanner sequence 3.ZZ.11.JGNAFU
----- EOF -----
fp581
Active Member
 
Posts: 10
Joined: August 15th, 2012, 4:32 am

Re: services.exe trojan

Unread postby fp581 » August 15th, 2012, 10:30 pm

OTL logfile created on: 8/16/2012 5:27:54 AM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\kaki&pipi\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.29% Memory free
15.97 Gb Paging File | 13.25 Gb Available in Paging File | 83.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 322.04 Gb Free Space | 34.58% Space Free | Partition Type: NTFS

Computer Name: KAKIPIPI-PC | User Name: kaki&pipi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\kaki&pipi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe ()
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\libglesv2.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\libegl.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\avutil-51.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\avformat-54.dll ()
MOD - C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\work.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\platform.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\device.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\SF.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\HM.dll ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe ()
MOD - C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (PhoneMyPC_Helper) -- C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe (SoftwareForMe Inc)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (vToolbarUpdater12.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (PEVSystemStart) -- C:\32788R22FWJFW\pev.3XE ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (VKbms) -- C:\Windows\SysNative\drivers\VKbms.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (atillk64) -- C:\ati_winflash_2.0.1.14\atillk64.sys (ATI Technologies Inc.)
DRV - (atidgllk) -- C:\ati_winflash_2.0.1.14\atidgllk.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?rd=1&ucc=IL&dcc=IL&opt=0
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 83 70 91 0F 3E CD 01 [binary data]
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\SearchScopes\{18C7F80A-426C-4afa-92C9-2E54FD1BAD87}: "URL" = http://www.google.com/cse?cx=partner-pu ... 1509802&q={searchTerms}
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\SearchScopes\{6A13F20E-D52B-424b-8EF9-174957B8A7FF}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={019EA58F-3360-43F2-A045-2558588A6ABF}&mid=dd48c489107c47d1a441cd262337d082-9a2f9c48769933f6fe3ba9ac2b44146f957d547b&lang=en&ds=AVG&pr=pr&d=2012-08-14 11:10:51&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@3dvia.com/3DVIAVirtualMachine: C:\Program Files (x86)\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release_licensed\np3DVIAplayer.dll (© 2011 Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\kaki&pipi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\kaki&pipi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\kaki&pipi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/26 00:38:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/14 11:08:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.0.5\ [2012/08/14 11:10:58 | 000,000,000 | ---D | M]

[2012/05/19 15:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kaki&pipi\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/19 15:49:13 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\kaki&pipi\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/12/04 13:34:53 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\kaki&pipi\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/06/07 06:25:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.nana.co.il/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.nana.co.il/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Pure Codec\plugins\npqtplugin7.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\Application\plugins\npdjvu.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: 3DVIAStudioPlayer (Enabled) = C:\Program Files (x86)\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release_licensed\np3DVIAplayer.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Pure Codec\Real Player\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Pure Codec\Real Player\browser\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\kaki&pipi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Google Translate = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: AVG Secure Search = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5_0\
CHR - Extension: YouTube = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Replace New Tab Page = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja\1.2_0\
CHR - Extension: Google Search = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: SweetIM for Facebook = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.9_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: uTorrentControl2 = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Surplus = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfphgaimeghgekhncbkfblhdhfaiaipf\4.0.6_0\
CHR - Extension: Gmail = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\
CHR - Extension: Google Translate = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: AVG Secure Search = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5_0\
CHR - Extension: YouTube = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Replace New Tab Page = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkhddihkmmiiclaipbaaelfojkmlkja\1.2_0\
CHR - Extension: Google Search = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: SweetIM for Facebook = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.9_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: uTorrentControl2 = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Surplus = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfphgaimeghgekhncbkfblhdhfaiaipf\4.0.6_0\
CHR - Extension: Gmail = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Users\kaki&pipi\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\S-1-5-21-3089271471-2543983271-2346281850-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50771659-6B4D-4876-9D7F-12D273859363}: NameServer = 192.117.235.236 62.219.186.7
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62c3e4be-2df7-11e1-af48-1c6f65d33971}\Shell - "" = AutoRun
O33 - MountPoints2\{62c3e4be-2df7-11e1-af48-1c6f65d33971}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ca064fcc-1e7c-11e1-b35f-1c6f65d33971}\Shell - "" = AutoRun
O33 - MountPoints2\{ca064fcc-1e7c-11e1-b35f-1c6f65d33971}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 05:25:33 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2012/08/16 05:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/08/16 05:24:21 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\kaki&pipi\Desktop\MGADiag.exe
[2012/08/16 05:22:05 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\AppData\Roaming\uTorrent
[2012/08/16 05:21:29 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\Desktop\uTorrent
[2012/08/16 02:58:02 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\kaki&pipi\Desktop\OTL.exe
[2012/08/16 02:57:56 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\kaki&pipi\Desktop\tdsskiller.exe
[2012/08/15 21:30:06 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\AppData\Roaming\Malwarebytes
[2012/08/15 21:29:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/15 21:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/15 21:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/15 21:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/15 17:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/08/15 17:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/08/15 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/08/15 17:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/08/15 17:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/08/15 17:33:30 | 000,000,000 | ---D | C] -- C:\AMD
[2012/08/14 13:29:24 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\AppData\Local\Darksiders2
[2012/08/14 13:23:03 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\Desktop\Darksiders 2
[2012/08/14 11:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/08/14 11:11:17 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\AppData\Local\AVG Secure Search
[2012/08/14 11:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/14 11:10:49 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/14 11:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/08/14 11:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/08/14 11:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/08/14 11:08:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/08/14 11:07:59 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/14 11:07:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/08/14 09:30:47 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\Documents\Ubisoft
[2012/08/14 09:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Babel Rising
[2012/08/11 00:27:48 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\Desktop\EPRJKRN_ENDEAVORU3.4_CM10_v0.32
[2012/08/10 17:13:47 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\Documents\Activision
[2012/08/10 17:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2012/08/10 15:07:10 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\AppData\Local\Diagnostics
[2012/08/09 13:08:22 | 000,000,000 | ---D | C] -- C:\Users\kaki&pipi\AppData\Local\Daedalic Entertainment
[2012/08/09 12:16:05 | 000,000,000 | ---D | C] -- C:\Games
[2012/08/08 14:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/16 05:25:05 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 05:25:05 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/16 05:24:23 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\kaki&pipi\Desktop\MGADiag.exe
[2012/08/16 05:24:23 | 000,458,240 | ---- | M] () -- C:\Users\kaki&pipi\Desktop\CKScanner.exe
[2012/08/16 05:05:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/16 04:36:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3089271471-2543983271-2346281850-1000UA.job
[2012/08/16 03:05:54 | 001,171,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/16 03:05:54 | 000,633,076 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/16 03:05:54 | 000,369,192 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2012/08/16 03:05:54 | 000,110,710 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/16 03:05:54 | 000,073,416 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2012/08/16 03:00:23 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2012/08/16 03:00:23 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2012/08/16 03:00:15 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012/08/16 02:59:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/16 02:59:34 | 2134,302,719 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/16 02:58:05 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\kaki&pipi\Desktop\OTL.exe
[2012/08/16 02:57:59 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\kaki&pipi\Desktop\tdsskiller.exe
[2012/08/16 02:57:36 | 000,000,020 | ---- | M] () -- C:\Users\kaki&pipi\defogger_reenable
[2012/08/16 00:46:38 | 103,922,008 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/15 23:00:47 | 000,000,034 | ---- | M] () -- C:\Users\kaki&pipi\AppData\Roaming\mbam.context.scan
[2012/08/15 21:29:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/15 20:26:25 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/08/15 20:26:25 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/08/15 20:26:25 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012/08/15 20:26:24 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012/08/15 17:42:42 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3089271471-2543983271-2346281850-1000Core.job
[2012/08/14 17:01:37 | 000,032,919 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/14 11:40:12 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\etdrv.sys
[2012/08/14 11:10:49 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/08/14 11:08:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/14 11:08:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/14 11:08:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/08 14:36:31 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/16 05:24:22 | 000,458,240 | ---- | C] () -- C:\Users\kaki&pipi\Desktop\CKScanner.exe
[2012/08/16 03:00:52 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\U\00000008.@
[2012/08/16 03:00:51 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\U\80000032.@
[2012/08/16 03:00:51 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\U\000000cb.@
[2012/08/16 02:57:36 | 000,000,020 | ---- | C] () -- C:\Users\kaki&pipi\defogger_reenable
[2012/08/16 00:46:38 | 103,922,008 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/15 23:00:47 | 000,000,034 | ---- | C] () -- C:\Users\kaki&pipi\AppData\Roaming\mbam.context.scan
[2012/08/15 21:29:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/15 11:09:13 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2012/08/14 17:01:37 | 000,032,919 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/14 11:08:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/08/14 11:08:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/08/14 11:08:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/08/08 14:36:31 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
[2012/06/12 12:39:05 | 000,000,097 | ---- | C] () -- C:\Users\kaki&pipi\AppData\Local\fusioncache.dat
[2012/06/12 12:36:42 | 001,203,818 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/11 19:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/06/11 19:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/06/07 09:55:32 | 000,213,591 | ---- | C] () -- C:\ProgramData\1339051911.bdinstall.bin
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/05/08 16:33:41 | 000,003,072 | ---- | C] () -- C:\Users\kaki&pipi\AppData\Local\file__0.localstorage
[2012/03/17 21:06:54 | 000,000,647 | ---- | C] () -- C:\Windows\SysWow64\y.dll
[2012/02/17 17:11:31 | 000,000,020 | -HS- | C] () -- C:\Windows\SysWow64\Userdata.ini
[2012/02/13 13:18:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/11 07:26:00 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\@
[2012/01/06 01:13:31 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011/12/27 16:52:09 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/12/17 13:43:40 | 000,406,336 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/07 12:06:00 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/07 12:05:57 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/12/04 22:48:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/12/04 22:45:24 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/12/04 21:43:36 | 000,007,605 | ---- | C] () -- C:\Users\kaki&pipi\AppData\Local\resmon.resmoncfg
[2011/12/04 15:31:38 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2011/12/04 15:31:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2011/12/04 15:31:38 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2011/12/04 15:31:25 | 000,047,383 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2011/12/04 15:30:21 | 000,001,026 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2011/12/04 15:30:19 | 000,005,026 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2011/12/04 14:44:54 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/12/04 13:59:14 | 000,000,491 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2011/09/13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/01 01:25:09 | 000,106,503 | ---- | C] () -- C:\ProgramData\1293834054.bdinstall.bin
[2011/01/01 00:10:17 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\U\00000004.@
[2011/01/01 00:10:17 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\L\00000004.@
[2010/12/31 23:57:57 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\U\80000064.@
[2010/12/31 23:57:57 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{2ef6a191-12a0-3f92-30b7-e460c8b78d05}\U\80000000.@

========== Files - Unicode (All) ==========
[2012/03/28 15:34:25 | 000,001,892 | ---- | M] ()(C:\Windows\SysNative\????????????????????+???+???¦?????????????????+???+???????-????????????????????+???+???????????-?????????????????????????????????????-????v Second Raid - ova - The Battlegroup Commander's Sort of .lnk) -- C:\Windows\SysNative\楦敬⼺⼯㩃唯敳獲欯歡♩楰楰䐯睯汮慯獤䘯汵╬〲敍慴╬〲慐楮╣〲潃灭敬整┨〲ㅓ匬┲〲楳㈥匰⤳䘯汵╬〲敭慴╬〲敳潣摮㈥爰楡╤〲畤污㈥愰摵潩㈥攰杮匨⤳┯䈵䉃╍䐵㈥䘰汵╬〲䕍慴╬〲慐楮Ⅳ㈥吰敨㈥匰捥湯╤〲慒摩㈥ⴰ㈥漰慶㈥ⴰ㈥吰敨㈥䈰瑡汴来潲灵㈥䌰浯慭摮牥猧㈥匰牯╴〲景㈥䈰牯湩╧〲慄⹹歭v Second Raid - ova - The Battlegroup Commander's Sort of .lnk
[2012/03/28 15:34:25 | 000,001,892 | ---- | C] ()(C:\Windows\SysNative\????????????????????+???+???¦?????????????????+???+???????-????????????????????+???+???????????-?????????????????????????????????????-????v Second Raid - ova - The Battlegroup Commander's Sort of .lnk) -- C:\Windows\SysNative\楦敬⼺⼯㩃唯敳獲欯歡♩楰楰䐯睯汮慯獤䘯汵╬〲敍慴╬〲慐楮╣〲潃灭敬整┨〲ㅓ匬┲〲楳㈥匰⤳䘯汵╬〲敭慴╬〲敳潣摮㈥爰楡╤〲畤污㈥愰摵潩㈥攰杮匨⤳┯䈵䉃╍䐵㈥䘰汵╬〲䕍慴╬〲慐楮Ⅳ㈥吰敨㈥匰捥湯╤〲慒摩㈥ⴰ㈥漰慶㈥ⴰ㈥吰敨㈥䈰瑡汴来潲灵㈥䌰浯慭摮牥猧㈥匰牯╴〲景㈥䈰牯湩╧〲慄⹹歭v Second Raid - ova - The Battlegroup Commander's Sort of .lnk

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
fp581
Active Member
 
Posts: 10
Joined: August 15th, 2012, 4:32 am

Re: services.exe trojan

Unread postby fp581 » August 15th, 2012, 10:31 pm

there are still some utorrent files in my system how do i remove them?
fp581
Active Member
 
Posts: 10
Joined: August 15th, 2012, 4:32 am

Re: services.exe trojan

Unread postby NonSuch » August 16th, 2012, 10:48 pm

It is the policy of this site that our volunteers do not assist with computers on which pirated, counterfeit, and/or cracked software is installed. Therefore, this topic will be closed.

You are hereby strongly cautioned against attempting to circumvent this site's policies by starting a new topic for this computer in our Malware Removal forum.


This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 302 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware